Skip to content
Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
Branch: master
Clone or download
root root
Latest commit 6f6fc94 May 6, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
backup Cleaup junk Mar 6, 2019
controller PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
db PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
debian New scripts, CVE processing optimization, Early Shodan May 6, 2019
deps PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
docker update runIt.sh Feb 25, 2019
images Add config dialog Feb 26, 2019
log CVE column updates Feb 26, 2019
parsers PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
plugins Add travis-ci def, CVE modeling Dec 14, 2018
scripts PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
ui PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
utilities Lots of bug fixes, move logs to log, center window, eliminate draw op… Feb 22, 2019
wordlists dnsmap integration Mar 7, 2019
.gitignore New scripts, CVE processing optimization, Early Shodan May 6, 2019
.justcloned CVE column updates Feb 26, 2019
.travis.yml updated docker config for Travis CI Feb 11, 2019
CHANGELOG.txt New scripts, CVE processing optimization, Early Shodan May 6, 2019
CONTRIBUTING.md Update CONTRIBUTING.md Apr 12, 2019
LICENSE Initial commit Sep 19, 2018
README.md New scripts, CVE processing optimization, Early Shodan May 6, 2019
legion.conf PyShodan Script added, PythonScript importer added, Label fixes, Bug … May 6, 2019
legion.conf.orig Added hping3 to deps, removed snmpcheck and smtp-enum from schedulers… Feb 27, 2019
legion.py Add python3.7 support back, Silence some logging, Add some deps Mar 6, 2019
precommit.sh New scripts, CVE processing optimization, Early Shodan May 6, 2019
requirements.txt Fix deps May 6, 2019
startLegion.sh Remove junk Apr 12, 2019
test.py CI changes Jan 11, 2019
utilities.py Cleanup, Add frame of CVE query plugin Oct 14, 2018

README.md

alt tag Build Status Known Vulnerabilities Maintainability Analytics

ABOUT

Legion, a fork of SECFORCE's Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. More information about Legion, including the roadmap, can be found on it's project page at https://GoVanguard.io/legion.

FEATURES

  • Automatic recon and scanning with NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer and more (with almost 100 auto-scheduled scripts)
  • Easy to use graphical interface with rich context menus and panels that allow pentesters to quickly find and exploit attack vectors on hosts
  • Modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
  • Highly customizable stage scanning for ninja-like IPS evasion
  • Automatic detection of CPEs (Common Platform Enumeration) and CVEs (Common Vulnerabilities and Exposures)
  • Ties CVEs to Exploits as detailed in Exploit-Database
  • Realtime autosaving of project results and tasks

NOTABLE CHANGES FROM SPARTA

  • Refactored from Python 2.7 to Python 3.6 and the elimination of depreciated and unmaintained libraries
  • Upgraded to PyQT5, increased responsiveness, less buggy, more intuitive GUI that includes features like:
    • Task completion estimates
    • 1-Click scan lists of ips, hostnames and CIDR subnets
    • Ability to purge results, rescan hosts and delete hosts
    • Granual NMAP scanning options
  • Support for hostname resolution and scanning of vhosts/sni hosts
  • Revise process queuing and execution routines for increased app reliability and performance
  • Simplification of installation with dependency resolution and installation routines
  • Realtime project autosaving so in the event some goes wrong, you will not loose any progress!
  • Docker container deployment option
  • Supported by a highly active development team

GIF DEMO

INSTALLATION

It is preferable to use the docker image over a traditional installation. This is because of all the dependancy requirements and the complications that occur in environments which differ from a clean, non-default installation.

TRADITIONAL METHOD

Assumes Ubuntu, Kali or Parrot Linux is being used with Python 3.6 installed. Other dependencies should automatically be installed. Within Terminal:

git clone https://github.com/GoVanguard/legion.git
cd legion
sudo chmod +x startLegion.sh
sudo ./startLegion.sh

DOCKER METHOD


Assumes Docker and Xauthority are installed. Within Terminal:

git clone https://github.com/GoVanguard/legion.git
cd legion/docker
sudo chmod +x runIt.sh
sudo ./runIt.sh

LICENSE

Legion is licensed under the GNU General Public License v3.0. Take a look at the LICENSE for more information.

ATTRIBUTION

  • Refactored Python 3.6+ codebase, added feature set and ongoing development of Legion is credited to GoVanguard
  • The initial Sparta Python 2.7 codebase and application design is credited SECFORCE.
  • Several additional PortActions, PortTerminalActions and SchedulerSettings are credited to batmancrew.
  • The nmap XML output parsing engine was largely based on code by yunshu, modified by ketchup and modified SECFORCE.
  • ms08-067_check script used by smbenum.sh is credited to Bernardo Damele A.G.
  • Legion relies heavily on nmap, hydra, python, PyQt, SQLAlchemy and many other tools and technologies so we would like to thank all of the people involved in the creation of those.
You can’t perform that action at this time.