Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Stars: ✭ 1,824 (+551.43%)

Mutual labels: scanner, enumeration, nmap

Sudomy

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Stars: ✭ 1,572 (+461.43%)

Mutual labels: scanner, enumeration

Pentest Tools Framework

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

Stars: ✭ 211 (-24.64%)

Mutual labels: scanner, bruteforce

Pycurity

Python Security Scripts

Stars: ✭ 218 (-22.14%)

Mutual labels: scanner, nmap

Unimap

Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

Stars: ✭ 141 (-49.64%)

Mutual labels: scanner, nmap

porteye

Detect alive host and open port .

Stars: ✭ 17 (-93.93%)

Mutual labels: scanner, nmap

findcdn

findCDN is a tool created to help accurately identify what CDN a domain is using.

Stars: ✭ 64 (-77.14%)

Mutual labels: scanner, enumeration

nmap-formatter

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.

Stars: ✭ 129 (-53.93%)

Mutual labels: scanner, nmap

MassVulScan

Bash script which quickly identifies open network ports and any associated vulnerabilities / Script Bash qui permet d'identifier rapidement les ports réseaux ouverts et les éventuelles vulnérabilités associées.

Stars: ✭ 56 (-80%)

Mutual labels: scanner, nmap

sgCheckup

sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.

Stars: ✭ 77 (-72.5%)

Mutual labels: scanner, nmap

HostEnumerator

A tool that automates the process of enumeration

Stars: ✭ 29 (-89.64%)

Mutual labels: enumeration, nmap

Biu

网络资产发现、漏洞扫描

Stars: ✭ 199 (-28.93%)

Mutual labels: scanner, nmap

Recon-X

Advanced Reconnaissance tool to enumerate attacking surface of the target.

Stars: ✭ 27 (-90.36%)

Mutual labels: scanner, nmap

Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Stars: ✭ 2,312 (+725.71%)

Mutual labels: scanner, enumeration

N-WEB

WEB PENETRATION TESTING TOOL 💥

Stars: ✭ 56 (-80%)

Mutual labels: scanner, nmap

Nosqlmap

Automated NoSQL database enumeration and web application exploitation tool.

Stars: ✭ 1,928 (+588.57%)

Mutual labels: scanner, enumeration

MX1014

MX1014 is a flexible, lightweight and fast port scanner.

Stars: ✭ 79 (-71.79%)

Mutual labels: scanner, nmap

AzureAD Autologon Brute

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

Stars: ✭ 90 (-67.86%)

Mutual labels: bruteforce, enumeration

View All Similar Projects ➔

LEGION - Automatic Enumeration Tool

Legion is based in the Pentesting Methodology that you can find in book.hacktricks.xyz.

Legion is a tool that uses several well-known opensource tools to automatically, semi-automatically or manually enumerate the most frequent found services running in machines that you could need to pentest.

Basically, the goal of Legion is to extract all the information that you can from each opened network service, so you don't have to write and execute the same commands in a terminal every time you find that service. Some actions are repeated by more than one tool, this is done to be sure that all the possible information is correctly extracted.

Installation

Installation of Legion

git clone https://github.com/carlospolop/legion.git /opt/legion
cd /opt/legion/git
./install.sh
ln -s /opt/legion/legion.py /usr/bin/legion

For pentesting oracle services you should install manually some dependencies: https://book.hacktricks.xyz/pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-pentesting-requirements-installation

Docker

To have a nice experience with legion you can also build a container image using docker or podman, just typing the following commands:

docker build -t legion .

And start the container:

docker run -it legion bash

You will have a ready-to-use legion container image (To execute legion inside the container run ./legion.py).

Protocols Supported

You can get a list using the command protos

Brute force

All the protocols included in Legion that could be brute force, can be brute force using Legion. To see if a service can be brute forced and which command line will be used to do so (by default "hydra" is implemented, if hydra was not available metasploit or nmap will be used) set the protocol and the set the intensity to "3".

Example of brute forcing ssh:

Internal Commands

Use the help internal command to get info about what each command does.

Automatic Scan

Just lauch the internal command startGeneral and the 'General' will start scanning ports and services automatically.

Semi-Automatic Scan

You can set all the options properly and launch several commands to scan one service. You can do this using the command run.

Manual Scan

You can execute just one command using exec <name>. For example: exec http_slqmap

Some services have on demand commands, this commands can only be executed using this internal command (exec).

Options

domain

Set the domain of the DNS or of the user that you want to use

extensions

Comma separeted list of possible extensions (to brute force files in a web server)

host

It is the host that you want to attack (valid IP and domains)

Example:

set host 127.0.0.1
set host some.domain.com

intensity

There are 3 intensities:

1: Basic checks executed
2: All checks executed (Default)
3: Brute force (check for availability)

ipv6

Ipv6 address of the victim, could be usefull for some commands

notuse

You can set a list (separated by commands) of commands that you don't want to use. For example, if you don't want modules from metasploit to be executed:set notuse msf.

password

Set here the password of the username you want to use.

path

Web server file path

plist

Set here the path to a list of passwords (by default LEGION has its own list)

port

The port where the service is running. If "0", then the default port of the service will be used (you can see this information using info)

proto

It is the protocol that you want to attack

Example:

set proto http

reexec

Set True if you want already executed commands to be executed again (by default is set to False).

ulist

Set a value here if you want to brute force a list of usernames (by default LEGION has its own list of usernames)

username

Set the username of the user that you want to use/brute-force(by default to brute-force a list of users is used).

verbose

If True the output of the command will be displayed as soon as it ends. If False it won't.

If True the output of info will show where each parameter is used, for example:

If False the output of info will show the values of the parameters, for example:

workdir

Is the directory where the info of the victim is storaged. By default it is $HOME/.legion

By Polop^(TM)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 280

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (3) 🔗