An Overview Of Network Penetration Testing Using Legion Framework

Introduction 

 
In this article, I walk through you how to do pen tests on network systems without in-depth knowledge about network penetration testing and prior installation or configuration difficulties of different network modules like NMAP, SMBenum, SSlyzer, whataweb.
 
Let's see how Legion will overcome, and how it is helpful.
 

What is Legion?

 
Legion is one of the most famous open-source network penetration testing frameworks, which can execute vulnerabilities assessment tasks, to identify online devices in a network, collect nifty information of targeted devices, and expose the attacks against targeted devices.
 
How does it work? With the help of integrated modules that are most widely using in-network penetration tools such as Nikto, whataweb, sslyzer, vulners, SMBenum, NMAP, THC Hydra, and Shodan. Also, Legion framework comes with 80 plus integrated modules and scripts to perform the network pen-testing. We can also integrate additional external tools and scripts.
 

How it helps beginner and reduces installation and configuration

  • Automatic installer and scanner with NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer, Shodan and 80 plus auto-scheduled scripts
  • For Beginners, it is easy to use a graphical interface with rich context menus and panels that allow new pen testers to quickly find and exploit scans
  • No need configure manually, modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
  • Legion is a highly customizable stage scanning for ninja-like IPS evasion
  • Automatic detection of Common Platform Enumeration (CPEs) and Common Vulnerabilities and Exposures (CVEs)
  • Real-time AutoSaving of project results and tasks

Legion Installation

 
Most of the pen testers or cyber professionals use Kali Linux or Parrot Linux for pen testing tasks. By default, Legion comes with Kali Linux built-in. In Parrot Linux, we can install manually or also with parrot Linux have another tool like Legion called Sparta. If you want to install this tool in other OS, you can download the source code directly and you have another option as per trending technology you can install a legion tool as a container in Docker.
 

Docker Installation

 
Prerequisite
 
Docker
 
Step 1
 
Locate the git folder and run the below command, to get the Legion container pulling script.
 
git clone https://github.com/GoVanguard/legion.git
 
Go to the directory to run the script cd legion/docker
 
Modify file permissions for the runIt.sh file and run the .sh file. It will pull the container image and install all necessary files.
 
Other OS or Normal Installation Step.
 
Pre-requisites
 
Root user or sudo user privilege.
  1. git clone https://github.com/GoVanguard/legion.git  
  2. schmod +x startLegion.sh  
  3. ./startLegion.sh   
In this tutorial, you are going to use Kali Linux to work on Legion Tool.
 

How to use Legion in Kali Linux

 
As you know, Legion is the default build-in tool, which comes with Kali Linux
 
Step 1
 
To open the legion,
  • Click the kali start icon 
  • Click Information Gathering 
  • Click Legion
An Overview Of Network Penetration Testing Using Legion Framework
 
After clicking Legion - it will start to execute the Legion UI app in the shell. You can see the below screen:
 
An Overview Of Network Penetration Testing Using Legion Framework
 
The input section is on the left side with Scan and Brute as core functionalities of Legion, the output is on the right-hand side of the dashboard.
 
Step 2
 
Click the Add Button to scan the target device
 
An Overview Of Network Penetration Testing Using Legion Framework
 
Step 3
 
Add Host / IP / IP Range to scan the host’s ports, Host details and Click Submit.
 
An Overview Of Network Penetration Testing Using Legion Framework
 
After adding the host, Legion will start the process to scan the host, you can see the tools like nmap, nikto, smbenum, screeshooter are scanning the host.
 
An Overview Of Network Penetration Testing Using Legion Framework
 
After completing the process, you can view the output of the Legion scanner.
 
An Overview Of Network Penetration Testing Using Legion Framework
 
You can see the snbenum scanned details
 
An Overview Of Network Penetration Testing Using Legion Framework
 
You can also see the ports opened based on the service running the target machine.
 
An Overview Of Network Penetration Testing Using Legion Framework
 
You can see the tools are processed automatically by Legion
 
An Overview Of Network Penetration Testing Using Legion Framework
 
I hope that this Legion tool overview article was useful to you.
 
Thanks for reading this article!


Similar Articles