legba v0.8 releases: multiprotocol credentials bruteforcer / password sprayer and enumerator

password sprayer

legba

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming fewer resources than similar tools.

Usage

The tool requires a plugin name, a –target argument specifying the ip, hostname, and (optionally) the port of the target (optional whenever it matches the default port for the given protocol), and, depending on the selected plugin, a pair of –username and –password arguments or a single –data argument (like in the case of the dns.enum plugin which requires a single enumeration element).

The –username/–data and –password/–key arguments all support the same logic depending on the value passed to them:

  • If the value provided is an existing file name, it’ll be loaded as a wordlist.
  • If the value provided is in the form of @/some/path/*.txt it’ll be used as a glob expression to iterate matching files.
  • If the value provided is in the form of #<NUMBER>-<NUMBER>:<OPTIONAL CHARSET>, it’ll be used to generate all possible permutations of the given charset (or the default one if not provided) and of the given length. For instance: #1-3 will generate all permutations from 1 to 3 characters using the default ASCII printable charset, while #4-5:0123456789 will generate all permutations of digits of 4 and 5 characters.
  • Anything else will be considered as a constant string.

For instance:

  • legba <plugin name> –username admin –password data/passwords.txt will always use admin as username while loading the passwords from a wordlist.
  • legba <plugin name> –username data/users.txt –password data/passwords.txt will load both from wordlists and use all combinations.
  • legba <plugin name> –username admin will always use admin as username and attempt all permutations of the default printable ASCII charset between 4 and 8 characters (this is the default behaviour when a value is not passed).
  • legba <plugin name> –username data/users.txt –password ‘@/some/path/*.key’ will load users from a wordlist while testing all key files inside /some/path.
  • legba <plugin name> –username data/users.txt –password ‘#4-5:abcdef’ will load users from a wordlist while testing all permutations of the charaters abcdef 4 and 5 characters long.

Changelog v0.8

New

c51ac13 new: added basic cookbook (#35)
1ec76e0 new: implemented recipes engine (closes #35)
efc8925 new: the user-agent for the http plugins is now randomized by default, new –http-ua argument replaced –http-random-ua
74267c9 new: added flag to generate shell completions
674e1b2 new: cross compilation file
c7d21c0 new: new –tcp-ports-banner-timeout argument
70d18bc new: added basic banner grabbing capabilities to the tcp.ports plugin
ab15307 new: added new cmd plugin

Fixes

0a3c067 fix: –http-payload is not mandatory anymore
a1fcfbe fix: url dependency override to allow relative paths in URLs (fixes #36)
0ed709a fix: using default db name in mysql and pgsql plugins (fixes #37)
0978500 fix: refactored http placeholders parsing
5fe6c32 fix: fixed interpolation of credentials in http target
ed9a56a cross compilation fixes
39e8c51 fix: restored banner after shell completion generation block
2844290 Merge pull request #33 from kpcyrd/shell-completions
fef45ab fix: clippy driven minor fixes
ec69c1e fix: cmd plugin now uses –target/-T instead of –cmd-binary
e25d6e9 fix: check –cmd-binary only if cmd plugin is used
50f2854 fix: removed unused import
61cb085 fix: fixed stats reporting getting stuck while the tokio runtime is blocking

and more minor fixes

Install

Copyright (C) 2023 evilsocket