Legion: Automated Network Penetration Testing Framework

Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard.

Features

• Automatic recon and scanning with NMAP, whataweb, nikto, Vulners, Hydra, SMBenum, dirbuster, sslyzer, webslayer and more (with almost 100 auto-scheduled scripts)
• Easy to use graphical interface with rich context menus and panels that allow pentesters to quickly find and exploit attack vectors on hosts
• Modular functionality allows users to easily customize Legion and automatically call their own scripts/tools
• Highly customizable stage scanning for ninja-like IPS evasion
• Automatic detection of CPEs (Common Platform Enumeration) and CVEs (Common Vulnerabilities and Exposures)
• Realtime autosaving of project results and tasks

Notable changes from Sparta

• Refactored from Python 2.7 to Python 3.6 and the elimination of depreciated and unmaintained libraries
• Upgraded to PyQT5, increased responsiveness, less buggy, more intuitive GUI that includes features like:
  • Task completion estimates
  • 1-Click scan lists of ips, hostnames and CIDR subnets
  • Ability to purge results, rescan hosts and delete hosts
  • Granual NMAP scanning options
• Support for hostname resolution and scanning of vhosts/sni hosts
• Revise process queuing and execution routines for increased app reliability and performance
• Simplification of installation with dependency resolution and installation routines
• Realtime project autosaving so in the event some goes wrong, you will not loose any progress!
• Docker container deployment option
• Supported by a highly active development team