What is Legion
Legion is a semi-automated easy to use network penetration testing framework that aids in the discovery, reconnaissance and exploitation of network systems. It was developed and maintained by GoVanguard and can be run on Linux or most preferably via a docker container. Legion is a fork of SECFORCEs Sparta tool.
Legion contains several tools in it including automated recon with NMAP, whatweb, nikto, Vulners, Hydra and more with almost 100 auto-scheduled scripts. It comes with an easy to use graphical interface that allow penetration testers to find attack vectors on hosts. Legion comes equipped with IPS evasion tools as well as automatic detection of CPEs and CVEs using Exploit-DB.
Once installed on the machine the GUI will open and you can then select hosts to add to the scope. You can add multiple hosts and select which nmap scans to run. You can also set nikto port scanning through a command line interface and set the scan to aggressive or sneaky or anything in-between. The paranoid and sneaky options allow for IPS evasion but take a while longer to probe. you can also select a “hard mode” option to send additional nmap arguments and specify port scan options.
After scanning the scan results allow interacting with scanned hosts. You can also target services that are running and view tools that can be used for enumeration. It has an extensive list of scripts you can run against the target and provides CVE information with links to Exploit-DB/
How to Install Legion
Legion can be installed on any Linux distribution by cloning the GitHub repo and making it executable. However, by using this process i was only able to run the command line scanner. The docker install was a little more intuitive and definitely requires prior experience with containers. The full install instructions can be found here
Windows under WSL using Xming and Docker Desktop:
- Assumes Xming is installed in Windows.
- Assumes Docker Desktop is installed in Windows, Docker Desktop is running in Linux containers mode and Docker Desktop is connected to WSL.
- See detailed instructions here
- Replace X.X.X.X with the IP with which Xming has registered itself.
- Right click Xming in system tray -> View log and see IP next to “XdmcpRegisterConnection: newAddress”
- Within Terminal:
git clone https://github.com/GoVanguard/legion.git cd legion/docker sudo chmod +x runIt.sh sudo ./runIt.sh X.X.X.X
Using this tool is very helpful for penetration testing especially in the discovery phase, i like that it utilizes NMAP script scanning and has an autosave feature but installing it on my local machine was kind of a hassle and almost not worth the effort. Enterprise users may get a better result than that of an individual user that can just run the scripts from a terminal. I like this tool but the setup and configuration make it less easy to use which loses it some points, I will be awarding this tool 3 out of 5 bunnies.
Want to learn more about ethical hacking?
We have a networking hacking course that is of a similar level to OSCP, get an exclusive discount here
Help support LHN by buying a T-shirt or a mug?
Check out our selection here
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.