Introduction
In this article, I walk through you how to do pen tests on network systems without in-depth knowledge about network penetration testing and prior installation or configuration difficulties of different network modules like NMAP, SMBenum, SSlyzer, whataweb.
Let's see how Legion will overcome, and how it is helpful.
What is Legion?
Legion is one of the most famous open-source network penetration testing frameworks, which can execute vulnerabilities assessment tasks, to identify online devices in a network, collect nifty information of targeted devices, and expose the attacks against targeted devices.
How does it work? With the help of integrated modules that are most widely using in-network penetration tools such as Nikto, whataweb, sslyzer, vulners, SMBenum, NMAP, THC Hydra, and Shodan. Also, Legion framework comes with 80 plus integrated modules and scripts to perform the network pen-testing. We can also integrate additional external tools and scripts.
How it helps beginner and reduces installation and configuration
- Automatic installer and scanner with NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer, Shodan and 80 plus auto-scheduled scripts
- For Beginners, it is easy to use a graphical interface with rich context menus and panels that allow new pen testers to quickly find and exploit scans
- No need configure manually, modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
- Legion is a highly customizable stage scanning for ninja-like IPS evasion
- Automatic detection of Common Platform Enumeration (CPEs) and Common Vulnerabilities and Exposures (CVEs)
- Real-time AutoSaving of project results and tasks
Legion Installation
Most of the pen testers or cyber professionals use Kali Linux or Parrot Linux for pen testing tasks. By default, Legion comes with Kali Linux built-in. In Parrot Linux, we can install manually or also with parrot Linux have another tool like Legion called Sparta. If you want to install this tool in other OS, you can download the source code directly and you have another option as per trending technology you can install a legion tool as a container in Docker.
Docker Installation
Prerequisite
Docker
Step 1
Locate the git folder and run the below command, to get the Legion container pulling script.
git clone https://github.com/GoVanguard/legion.git
Go to the directory to run the script cd legion/docker
Modify file permissions for the runIt.sh file and run the .sh file. It will pull the container image and install all necessary files.
Other OS or Normal Installation Step.
Pre-requisites
Root user or sudo user privilege.
- git clone https:
- schmod +x startLegion.sh
- ./startLegion.sh
In this tutorial, you are going to use Kali Linux to work on Legion Tool.
How to use Legion in Kali Linux
As you know, Legion is the default build-in tool, which comes with Kali Linux
Step 1
To open the legion,
- Click the kali start icon
- Click Information Gathering
- Click Legion
After clicking Legion - it will start to execute the Legion UI app in the shell. You can see the below screen:
The input section is on the left side with Scan and Brute as core functionalities of Legion, the output is on the right-hand side of the dashboard.
Step 2
Click the Add Button to scan the target device
Step 3
Add Host / IP / IP Range to scan the host’s ports, Host details and Click Submit.
After adding the host, Legion will start the process to scan the host, you can see the tools like nmap, nikto, smbenum, screeshooter are scanning the host.
After completing the process, you can view the output of the Legion scanner.
You can see the snbenum scanned details
You can also see the ports opened based on the service running the target machine.
You can see the tools are processed automatically by Legion
I hope that this Legion tool overview article was useful to you.
Thanks for reading this article!