Legion

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.

Check it out on Github

About Legion Installation Getting Started Advanced Functions Issues

Current Features

Automatic recon and scanning with NMAP, Shodan, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer and more (with almost 100 auto-scheduled scripts)
Easy to use graphical interface with rich context menus and panels that allow pentesters to quickly find and exploit attack vectors on hosts
Modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
Highly customizable stage scanning for ninja-like IPS evasion
Automatic detection of CPEs (Common Platform Enumeration) and CVEs (Common Vulnerabilities and Exposures)
Realtime autosaving of project results and tasks

Future Roadmap

Intergrations with tools like:
- Maltego, MetaSploit and Dradis
Replace PyQT with web frontend to make Legion a multiuser pentesting environment
Create command line interface

Legion’s easy to use interface means less time manually running tools and more time analyzing data

Setup of Legion can be done a few different ways..

Docker Install
- Assumes Docker and Xauthority are installed. Within Terminal:
  
  git clone https://github.com/GoVanguard/legion.git
  
  cd legion/docker
  
  sudo chmod +x runIt.sh
  
  sudo ./runIt.sh
- If you're running from WSL, be sure Xming is running
- If you're running on OSX, be sure Glas is running
- Note: This is the preferred way to run Legion
Beta Install
- Assumes Ubuntu, Kali or Parrot Linux is being used with at least Python 3.6 installed. Other dependencies should automatically be installed in most cases. Within Terminal:
  
  git clone https://github.com/GoVanguard/legion.git
  
  cd legion
  
  sudo chmod +x startLegion.sh
  
  sudo ./startLegion.sh
- Note: This is will install the latest beta/unstable of Legion.
- Note: This method cannot account for the complexities in broken python environments at this time.

Getting Started with Using Legion

Using Legion’s Advanced Functions

Increasing Concurrent Processes
- By default Legion is configured to concurrently run 10 fast processes (like standard port scripts) and 10 slow processes (like NMAP staged scans) at a time. Under [GeneralSettings] in legion.conf are the variables max-fast-processes and max-slow-processes; increasing the max number of processes from 10 should increase scan speed times but at the cost of higher CPU and memory utilization.
- Additionally, please note increasing the number of concurrent running processes will make it more likely for intrusion prevention systems to detect Legion's scanning and start blocking scanning traffic.
Creating Additional Actions
- Additional actions can be configured in Legion that allow Legion to interact with outside tools. This actions are defined in the legion.conf file under the respective sections of [HostActions], [PortActions] and [PortTerminalActions].
- Host Actions: are invoked by right-clicking on a host and their tool output will be stored and displayed in Legion.
- Port Actions: are invoked by right-clicking on a port or service and their tool output will be stored and displayed in Legion.
- Port Terminal Actions: are invoked by right-clicking on a port and will spawn an external terminal window (Eg: Connect with netcat). Port Terminal Actions are ideal for launching any scripts or tools from Legion that require user interaction.
- Tool: A unique identifier, typically the name of the tool.
- Label: The text that will appear in the context menu.
- Command: The command you would type in the terminal to run the tool. Note that it must be a non-interactive command. The placeholders [IP], [PORT] and [OUTPUT] when used will be replaced at run time by the right values.
- Services: The list of nmap service names that a tool applies to. When you right-click on a port/service the tool will only appear in the context menu if the service was defined here.
- To configure a new action the following format must be used: Tool=Label, Command, Services
- Example:
  To configure the tool Nikto as a port action we would need to add the following line to the [PortActions] in legion.conf:
  nikto=Run nikto, nikto -o [OUTPUT].txt -p [PORT] -h [IP], “http,https”

Setting up Additional Automated Port Action Schedulers
- Port Actions can be set to automatically run based on TCP/UPD services found by Legion. This is accomplished under [SchedulerSettings] in legion.conf.
- To configure a new Scheduled Port Action the following format must be used: Tool=Services, Traffic Type (TCP/UPD)
- Example:
  To configure the tool snmpcheck as a scheduled port action we would need to add the following line to the [SchedulerSettings] in legion.conf:
  snmpcheck=snmp, udp

Troubleshooting and Issues

While Legion is regularly utilized by our own network penetration testing team, it is still beta and being actively developed. If you encounter any issues while using Legion be sure to let our development team known on Github Issues. Our team is regularly working on bug fixes and releasing new features. Lastly, below are some common issues and troubleshooting tips to help out.

Issue #1 – A Process (or bunch of processes) crash automatically or when manually invoking a command
- This is probably the most common issue that is seen in Legion and it's not necessarily Legion itself in most cases. In a situation where Legion goes to execute an outside script or tool (like snmpcheck) it assumes that script or tool is installed on your system. If the script or tool isn't installed then Legion will just label the process as “crashed”. The easiest way to troubleshoot and fix this issue is to look for the tool or script being called under the [PortActions] section of legion.conf, find the specific terminal command that Legion is using and manually run it in terminal yourself. In most cases you may find that simply the tool isn't installed, doing a “sudo apt-cache search [tool name]” will find the package associated to the tool.

Disclaimer

Legion comes without warranty and is meant to be responsibly used to analyze and exploit information systems and networks you own or explicitly have permission to pentest.

GoVanguard declines all responsibility in the case the tool is used for malicious purposes or in any illegal context; and in the case the tool creates any CIA incidents for any information systems.

Content Notice

– All product names, logos, and brands are property of their respective owners.
– The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
– Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
– If you are an owner of some content and want it to be removed, please email hello@govanguard.com

Cookie and Privacy Settings

How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Legion

Current Features

Future Roadmap

Legion’s easy to use interface means less time manually running tools and more time analyzing data

Setup of Legion can be done a few different ways..

Docker Install

Beta Install

Getting Started with Using Legion

Using Legion’s Advanced Functions

Increasing Concurrent Processes

Creating Additional Actions

Setting up Additional Automated Port Action Schedulers

Troubleshooting and Issues

Issue #1 – A Process (or bunch of processes) crash automatically or when manually invoking a command

Disclaimer

Our Standard Office Hours

Where to Find Us

Data Privacy Notice

Content Notice