Legion

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.

Check it out on Github

About Legion Installation Getting Started Advanced Functions Issues

Current Features

Automatic recon and scanning with NMAP, Shodan, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer and more (with almost 100 auto-scheduled scripts)
Easy to use graphical interface with rich context menus and panels that allow pentesters to quickly find and exploit attack vectors on hosts
Modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
Highly customizable stage scanning for ninja-like IPS evasion
Automatic detection of CPEs (Common Platform Enumeration) and CVEs (Common Vulnerabilities and Exposures)
Realtime autosaving of project results and tasks

Future Roadmap

Intergrations with tools like:
- Maltego, MetaSploit and Dradis
Replace PyQT with web frontend to make Legion a multiuser pentesting environment
Create command line interface

Legion’s easy to use interface means less time manually running tools and more time analyzing data

Setup of Legion can be done a few different ways..

Docker Install
- Assumes Docker and Xauthority are installed. Within Terminal:
  
  git clone https://github.com/GoVanguard/legion.git
  
  cd legion/docker
  
  sudo chmod +x runIt.sh
  
  sudo ./runIt.sh
- If you're running from WSL, be sure Xming is running
- If you're running on OSX, be sure Glas is running
- Note: This is the preferred way to run Legion
Beta Install
- Assumes Ubuntu, Kali or Parrot Linux is being used with at least Python 3.6 installed. Other dependencies should automatically be installed in most cases. Within Terminal:
  
  git clone https://github.com/GoVanguard/legion.git
  
  cd legion
  
  sudo chmod +x startLegion.sh
  
  sudo ./startLegion.sh
- Note: This is will install the latest beta/unstable of Legion.
- Note: This method cannot account for the complexities in broken python environments at this time.

Getting Started with Using Legion

Using Legion’s Advanced Functions

Increasing Concurrent Processes
- By default Legion is configured to concurrently run 10 fast processes (like standard port scripts) and 10 slow processes (like NMAP staged scans) at a time. Under [GeneralSettings] in legion.conf are the variables max-fast-processes and max-slow-processes; increasing the max number of processes from 10 should increase scan speed times but at the cost of higher CPU and memory utilization.
- Additionally, please note increasing the number of concurrent running processes will make it more likely for intrusion prevention systems to detect Legion's scanning and start blocking scanning traffic.
Creating Additional Actions
- Additional actions can be configured in Legion that allow Legion to interact with outside tools. This actions are defined in the legion.conf file under the respective sections of [HostActions], [PortActions] and [PortTerminalActions].
- Host Actions: are invoked by right-clicking on a host and their tool output will be stored and displayed in Legion.
- Port Actions: are invoked by right-clicking on a port or service and their tool output will be stored and displayed in Legion.
- Port Terminal Actions: are invoked by right-clicking on a port and will spawn an external terminal window (Eg: Connect with netcat). Port Terminal Actions are ideal for launching any scripts or tools from Legion that require user interaction.
- Tool: A unique identifier, typically the name of the tool.
- Label: The text that will appear in the context menu.
- Command: The command you would type in the terminal to run the tool. Note that it must be a non-interactive command. The placeholders [IP], [PORT] and [OUTPUT] when used will be replaced at run time by the right values.
- Services: The list of nmap service names that a tool applies to. When you right-click on a port/service the tool will only appear in the context menu if the service was defined here.
- To configure a new action the following format must be used: Tool=Label, Command, Services
- Example:
  To configure the tool Nikto as a port action we would need to add the following line to the [PortActions] in legion.conf:
  nikto=Run nikto, nikto -o [OUTPUT].txt -p [PORT] -h [IP], “http,https”

Setting up Additional Automated Port Action Schedulers
- Port Actions can be set to automatically run based on TCP/UPD services found by Legion. This is accomplished under [SchedulerSettings] in legion.conf.
- To configure a new Scheduled Port Action the following format must be used: Tool=Services, Traffic Type (TCP/UPD)
- Example:
  To configure the tool snmpcheck as a scheduled port action we would need to add the following line to the [SchedulerSettings] in legion.conf:
  snmpcheck=snmp, udp

Troubleshooting and Issues

While Legion is regularly utilized by our own network penetration testing team, it is still beta and being actively developed. If you encounter any issues while using Legion be sure to let our development team known on Github Issues. Our team is regularly working on bug fixes and releasing new features. Lastly, below are some common issues and troubleshooting tips to help out.

Issue #1 – A Process (or bunch of processes) crash automatically or when manually invoking a command
- This is probably the most common issue that is seen in Legion and it's not necessarily Legion itself in most cases. In a situation where Legion goes to execute an outside script or tool (like snmpcheck) it assumes that script or tool is installed on your system. If the script or tool isn't installed then Legion will just label the process as “crashed”. The easiest way to troubleshoot and fix this issue is to look for the tool or script being called under the [PortActions] section of legion.conf, find the specific terminal command that Legion is using and manually run it in terminal yourself. In most cases you may find that simply the tool isn't installed, doing a “sudo apt-cache search [tool name]” will find the package associated to the tool.

Disclaimer

Legion comes without warranty and is meant to be responsibly used to analyze and exploit information systems and networks you own or explicitly have permission to pentest.

GoVanguard declines all responsibility in the case the tool is used for malicious purposes or in any illegal context; and in the case the tool creates any CIA incidents for any information systems.

Legion

Current Features

Future Roadmap

Legion’s easy to use interface means less time manually running tools and more time analyzing data

Setup of Legion can be done a few different ways..

Docker Install

Beta Install

Getting Started with Using Legion

Using Legion’s Advanced Functions

Increasing Concurrent Processes

Creating Additional Actions

Setting up Additional Automated Port Action Schedulers

Troubleshooting and Issues

Issue #1 – A Process (or bunch of processes) crash automatically or when manually invoking a command

Disclaimer

Our Standard Office Hours

Where to Find Us

Data Privacy Notice