{"id":13585648,"url":"https://github.com/carlospolop/legion","last_synced_at":"2025-05-16T14:04:39.089Z","repository":{"id":38272776,"uuid":"190890658","full_name":"carlospolop/legion","owner":"carlospolop","description":"Automatic Enumeration Tool based in Open Source tools","archived":false,"fork":false,"pushed_at":"2023-11-17T08:04:55.000Z","size":1410,"stargazers_count":919,"open_issues_count":6,"forks_count":152,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-12T10:59:07.554Z","etag":null,"topics":["bruteforce","enumeration","hydra","legion","msf","nmap","nmap-scripts","scanner","vulnerabilty-scanner"],"latest_commit_sha":null,"homepage":"https://book.hacktricks.xyz/pentesting-methodology","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/carlospolop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-06-08T13:24:39.000Z","updated_at":"2025-04-12T06:40:13.000Z","dependencies_parsed_at":"2024-01-07T09:39:52.580Z","dependency_job_id":"f9ddb8c8-f8f8-441b-80d3-ac7c5479d911","html_url":"https://github.com/carlospolop/legion","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Flegion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Flegion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Flegion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Flegion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/carlospolop","download_url":"https://codeload.github.com/carlospolop/legion/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254544146,"owners_count":22088807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bruteforce","enumeration","hydra","legion","msf","nmap","nmap-scripts","scanner","vulnerabilty-scanner"],"created_at":"2024-08-01T15:05:03.672Z","updated_at":"2025-05-16T14:04:39.067Z","avatar_url":"https://github.com/carlospolop.png","language":"Python","funding_links":[],"categories":["Python","Pentesting"],"sub_categories":["Enumeration"],"readme":"# LEGION - Automatic Enumeration Tool\n\n**Legion is based in the Pentesting Methodology that you can find in [book.hacktricks.xyz](https://book.hacktricks.xyz/pentesting-methodology).**\n\nLegion is a tool that uses several well-known opensource tools to automatically, semi-automatically or *manually* enumerate the most frequent found services running in machines that you could need to pentest.\n\nBasically, the goal of Legion is to extract all the information that you can from each opened network service, so you don't have to write and execute the same commands in a terminal every time you find that service. \nSome actions are repeated by more than one tool, this is done to be sure that all the possible information is correctly extracted.\n\n[![asciicast](https://asciinema.org/a/250539.png)](https://asciinema.org/a/250539)\n\n## Installation\n\n### Installation of Legion\n\n```sh\ngit clone https://github.com/carlospolop/legion.git /opt/legion\ncd /opt/legion/git\n./install.sh\nln -s /opt/legion/legion.py /usr/bin/legion\n```\n\nFor pentesting oracle services you should install manually some dependencies:\nhttps://book.hacktricks.xyz/pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-pentesting-requirements-installation\n\n### Docker\n\nTo have a nice experience with `legion` you can also build a container image using `docker` or `podman`, just typing the following commands:\n\n```docker build -t legion . ```\n\nAnd start the container:\n\n```docker run -it legion bash```\n\nYou will have a ready-to-use `legion` container image (To execute legion inside the container run `./legion.py`).\n\nOr you can just download the dockerhub container with:\n\n```docker pull carlospolop/legion:latest```\n\n\n## Protocols Supported\n\nYou can get a list using the command `protos`\n\n![](https://github.com/carlospolop/legion/blob/master/images/legion-protos.png)\n\n## Brute force\nAll the protocols included in Legion that could be brute force, can be brute force using Legion. To see if a service can be brute forced and which command line will be used to do so (by default \"hydra\" is implemented, if hydra was not available metasploit or nmap will be used) set the protocol and the set the intensity to \"3\".\n\nExample of brute forcing ssh:\n\n![](https://github.com/carlospolop/legion/blob/master/images/legion-brute.png)\n\n## Internal Commands\n\n![](https://github.com/carlospolop/legion/blob/master/images/internal-commands.png)\n\nUse the `help` internal command to get info about what each command does.\n\n## Automatic Scan\n\nJust lauch the internal command `startGeneral` and the '**General**' will start scanning ports and services automatically.\n\n## Semi-Automatic Scan\n\nYou can set all the options properly and launch several commands to scan one service. You can do this using the command `run`.\n\n## Manual Scan\n\nYou can execute just one command using `exec \u003cname\u003e`. For example: `exec http_slqmap`\n\nSome services have *on demand commands*, this commands can only be executed using this internal command (`exec`).\n\n## Options\n\n![](https://github.com/carlospolop/legion/blob/master/images/legion-options.png)\n\n### domain\n\nSet the domain of the DNS or of the user that you want to use\n\n### extensions\n\nComma separeted list of possible extensions (to brute force files in a web server)\n\n### host\n\nIt is the host that you want to attack (valid IP and domains)\n\nExample:\n```\nset host 127.0.0.1\nset host some.domain.com\n```\n\n### intensity\n\nThere are 3 intensities:\n- **1**: Basic checks executed\n- **2**: All checks executed (Default)\n- **3**: Brute force (check for availability)\n\n### ipv6\n\nIpv6 address of the victim, could be usefull for some commands\n\n### notuse\n\nYou can set a list (separated by commands) of commands that you don't want to use. For example, if you don't want modules from metasploit to be executed:`set notuse msf`.\n\n### password\n\nSet here the password of the username you want to use.\n\n### path\n\nWeb server file path\n\n### plist\n\nSet here the path to a list of passwords (by default LEGION has its own list)\n\n### port\n\nThe port where the service is running. If \"0\", then the default port of the service will be used (you can see this information using `info`)\n\n### proto\n\nIt is the protocol that you want to attack\n\nExample: \n```\nset proto http\n```\n\n### reexec\n\nSet `True` if you want already executed commands to be executed again (by default is set to False).\n\n### ulist\n\nSet a value here if you want to brute force a list of usernames (by default LEGION has its own list of usernames)\n\n### username\n\nSet the username of the user that you want to use/brute-force(by default to brute-force a list of users is used).\n\n\n### verbose\n\nIf `True` the output of the command will be displayed as soon as it ends. If `False` it won't.\n\nIf `True` the output of `info` will show where each parameter is used, for example:\n\n![](https://github.com/carlospolop/legion/blob/master/images/info-verbose-true.png)\n\nIf `False` the output of `info` will show the values of the parameters, for example:\n\n![](https://github.com/carlospolop/legion/blob/master/images/info-verbose-false.png)\n\n### workdir\n\nIs the directory where the info of the victim is storaged. By default it is `$HOME/.legion`\n\n\n\n\nBy Polop\u003csup\u003e(TM)\u003c/sup\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlospolop%2Flegion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcarlospolop%2Flegion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlospolop%2Flegion/lists"}