legion v0.4.3 releases: open source network penetration testing tool

by do son · Published May 7, 2019 · Updated November 20, 2023

Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance, and exploitation of information systems. Legion is developed and maintained by GoVanguard.

FEATURES

Automatic recon and scanning with NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer and more (with almost 100 auto-scheduled scripts)
Easy to use graphical interface with rich context menus and panels that allow pentesters to quickly find and exploit attack vectors on hosts
Modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
Highly customizable stage scanning for ninja-like IPS evasion
Automatic detection of CPEs (Common Platform Enumeration) and CVEs (Common Vulnerabilities and Exposures)
Ties CVEs to Exploits as detailed in Exploit-Database
Realtime autosaving of project results and tasks

NOTABLE CHANGES FROM SPARTA

Refactored from Python 2.7 to Python 3.6 and the elimination of depreciated and unmaintained libraries
Upgraded to PyQT5, increased responsiveness, less buggy, more intuitive GUI that includes features like:
- Task completion estimates
- 1-Click scan lists of ips, hostnames, and CIDR subnets
- Ability to purge results, rescan hosts and delete hosts
- Granual NMAP scanning options
Support for hostname resolution and scanning of vhosts/sni hosts
Revise process queuing and execution routines for increased app reliability and performance
Simplification of installation with dependency resolution and installation routines
Real-time project autosaving so in the event something goes wrong, you will not lose any progress!
Docker container deployment option
Supported by a highly-active development team