An Overview of Network Penetration Testing Using Legion Framework

In this article, I walk through you how to do pen tests on network systems without in-depth knowledge about network penetration testing and prior installation or configuration difficulties of different network modules like NMAP, SMBenum, SSlyzer, whataweb.

 
Let us see how legion will overcome, and how it is helpful

What is Legion?

Legion is one of the most famous open-source network penetration testing frameworks, which can execute vulnerabilities assessment tasks, to identify online devices in a network, collect nifty information of targeted devices, and expose the attacks against targeted devices.


How it‘ll works? With the help of integrated modules that are most widely using in-network penetration tools such as Nikto, whataweb, sslyzer, vulners, SMBenum, NMAP, THC Hydra, Shodan, and also legion framework comes with 80 plus integrated modules and scripts to perform the network pen-testing. We can also integrate additional external tools and scripts

How it helps beginner and how it reduces installation and configuration

  • Automatic installer and scanner with NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer, Shodan and 80 plus auto-scheduled scripts)
  • For Beginners, it is easy to use a graphical interface with rich context menus and panels that allow new pen testers to quickly find and exploit scans.
  • No need configure manually, modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
  • Legion is highly customizable stage scanning for ninja-like IPS evasion
  • Automatic detection of Common Platform Enumeration (CPEs) and Common Vulnerabilities and Exposures (CVEs)
  • Real-time AutoSaving of project results and tasks

Legion Installation

Most of the pen testers or cyber professionals using Kali Linux or Parrot Linux for pen testing tasks, by default Legion will come with Kali Linux in-built, in parrot Linux we can install manually or also with parrot Linux have another tool like legion called Sparta. If you want to install this tool in other OS, you can download the source code directly and you have another option as per trending technology you can install a legion tool as a container in Docker.

Docker Installation

Pre-requisites:

1. Docker.

Step1:- Locate to git folder and run the below command, to get the Legion container pulling script.

git clone https://github.com/GoVanguard/legion.git

go-to directory to run the script cd legion/docker

Modify file permission for the runIt.sh file and run the .sh file. It will pull the container image and install all necessary files.

 

Other OS or Normal Installation Step.

Pre-requisites:

Root user or sudo user privilege.

git clone https://github.com/GoVanguard/legion.git
schmod +x startLegion.sh
./startLegion.sh

In this tutorial, you are going to use Kali Linux to work on Legion Tool.

How to use Legion in Kali Linux

As you know, Legion is the default build-in tool, which comes with Kali Linux

Step 1:- To open the legion 1. Click kali start icon à 2. Click Information Gathering à 3. Click Legion


 
After clicking the Legion à it will start to execute legion UI app in shell you can see the below screen
 
 
The input section is on the left side with Scan and Brute as core functionalities of Legion, output is on the right-hand side of the dashboard.
 

Step 2:- Click Add Button to scan the target device

 
 
Step 3:- Add Host / IP / IP Range to scan the host’s ports, Host details à Click Submit.

 
 
After adding the host Legion will start the process to scan the host, you can see the tools like nmap, nikto, smbenum, screeshooter are scanning the host.
  

After completing the process you can the output of the legion scanner.


 
You can see the snbenum scanned details
 
 
You can also see the ports opened based on the service running the target machine.
 
 
 
You can see the tools are processed automatically by a legion

 
 

I hope, this Legion tool overview article was useful to you.

Thanks for reading this article.

 

Comments

Popular Posts

Docker for Beginners

Azure Active Directory and Its Key Features

Short Note of Azure Virtual Networking (VNET, SUBNET, NSG, VNET PEERING, VPN GATEWAY, EXPRESS ROUTE)

Kubernetes Installation in Redhat / CentOS

Azure Storage services and types storage accounts

Short Note on AWS Networking VPC, SUBNET, NACL, SECURITY GROUPS, VPC PEERING, SITE TO SITE VPN, DIRECT CONNECT

Azure Storage Replication Strategies.

Oracle to MS SQL Migration

Road Map for Successful On-premises Data center Application Servers to Microsoft Office 365 Cloud and Azure