Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.
License: GNU General Public License v3.0
Tabs are not restoring from saves
Add probing options to the add host dialog to allow the user to choose to probe using more stealthy mechanisms.
Some screenshots throw this alert box and cannot be loaded
Add an external scan that runs after NMAP service discovery which calls the OWASP ZAP API Scan (https://github.com/zaproxy/zaproxy/wiki/ZAP-API-Scan).
Currently there are no indicators of which column in the processes tab is sorting or if it is in ascending/descending sort mode.
Add visual ^ carets or (asc/desc) text indicators to columns that are sorting the table
Build the latest container and publish it to the Docker public registry. Be sure the entry points back to govanguard.io and the git repo.
Currently, the console logs after the startLegion script runs several processess, which can take a few seconds.
Add a log message indicating that the script has started.
Right now there is no known workaround - scrunching of the display elements occurs with display scaling on. This occurs in Gnome3/Unity.
Current fix is to alert user if they start the program with the symptoms in effect, and then to throw the user a n alert message.
./scripts/etc/smbenum.sh not found error
This script was intentionally removed as its code quality was negatively impacting the overall project, and there may be license concerns
Deps do not install correctly under Ubuntu 18 LTS.
Add a build section to the CI to build the docker image if previous CI steps are successful.
Deps do not install correctly under Kali 2018
Develop the command line console to allow for CLI based usage in lieu of the PyQT UI or Web front.
Add a public section to the CI for pushing successfully built images to the Docker public repo.
Currently, the output from the Vulners script is being kept in the script's output block.
It should be populated to the CVEs tab when completed.
Currently, hosts can only be selected individually for the purposes of using the context-menu. If multiple hosts are selected, the context menu should display menu items all selected hosts share, if any.
Auto-save during scans when the database is not busy, every ~5mins
Saves to long-running nmap scans or other tools that report their data all at once - how would this work, how long might it take?
Nmap will crash citing inability to write to the ./tmp path if legion is located outside of the /mnt/c/Users/[your user]/ tree. This is because the Nmap executable is the linked in Windows NMAP and is therefore subject to the security policies of the Windows environment.
Add external call to theHarvester (https://github.com/laramies/theHarvester) prior to NMAP for gathering names, emails, subdomains, and virtual hosts using multiple public data sources. May be an method to collect from Shodan.io.
Add scan using Shodan.io API prior to NMAP for External Passive Host Detection, Port Scanning, CPE Analysis.
https://github.com/milo2012/portia as command executed manually or by associated service discoveries
Unfreeze all column widths.
clicking repeatedly on a service will result in Legion crashing. This isn't all services but is generally reproducible very quickly (click on a few a few times and it will crash).
update copyright
remove email for feedback
link to github issues
website link govanguard.io/legion
Python log tab not currently in use pending full support for python outputs from upcoming features (esp. the harvester)
Remove the tab pending implementation
Deprecate the PyQT UI entirely in favor if the Web UI, API and command line calls.
Add a mechanism to save the users column sizing values. Maybe to a new section in the config.
Not starting for some unknown reason.
Help dialog was disabled for cleanup following SPARTA fork - re-enable
Traceback when importing NMAP data manually
Always use hostname as SNI instead of IP in all situations possible.
Round process time elapsed / remaining values to ensure they don't take up more than the allocated column space. Maybe two significant digits.
'Estimated Remaining' column can have negative values. When the elapsed time exceeds the estimated remaining time, set to 0 or 'Unknown' or some other more-helpful value
Build dockerfile, tests and scripts to package docker container. Publish to docker public registry.
Consider simplifying this complex logical expression.
https://codeclimate.com/github/GoVanguard/legion/app/logic.py#issue_5c1968fd71e1a600010000c2
I believe this issue is inherited from Sparta (SECFORCE/sparta#59)
Seems like this relies on an older version of PyQt4. Ubuntu 18.04 LTS and Parrot Security 4.2.2 for reference have pyqt4-dev-tools and pyqt4.qsci-dev in their repos.
'Estimated Remaining' column's name is too long, often causes the column label to overflow its size - rename to 'Est. Remaining'
Combine Log/Python console with Processes panels to reduce vertical UI real-estate usage.
Consider simplifying this complex logical expression.
https://codeclimate.com/github/GoVanguard/legion/legion.py#issue_5c1968fe71e1a600010000df
Adjust the default width of the top left panel to prevent the user having to resize it horizontally.
Revise the file filters on the open dialog to show both Legion and SPARTA save files.
Add mechanisms to export results to Dradis. Preferably using CLI based file upload given the Dradis limitations.
Add support for gathering data from Maltego (Data Mapping and Analysis). Initially legion <- Maltego. Later on bidirectional may be an option.
Make revisions necessary to allow for the input of multiple networks, hosts and IPs separated by semicolons in the add host dialog.
Create a multi-user web front to replace PyQT interface. Use Flask or Django. Try to make API driven if possible.
This occurred on 1/22/19 when scanning around 20 hosts which were added by host name:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 2158, in _wrap_pool_connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 355, in connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 743, in _checkout
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 484, in checkout
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/impl.py", line 219, in _do_get
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 302, in _create_connection
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 429, in init
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 626, in __connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/strategies.py", line 106, in connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/default.py", line 412, in connect
sqlite3.OperationalError: unable to open database file
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/root/legion/ui/view.py", line 1168, in updateInterface
File "/root/legion/ui/view.py", line 889, in updateHostsTableView
File "/root/legion/controller/controller.py", line 456, in getHostsFromDB
File "/root/legion/app/logic.py", line 204, in getHostsFromDB
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 2074, in execute
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 2123, in contextual_connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 2162, in _wrap_pool_connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 1476, in _handle_dbapi_exception_noconnection
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/util/compat.py", line 265, in raise_from_cause
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/util/compat.py", line 248, in reraise
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 2158, in _wrap_pool_connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 355, in connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 743, in _checkout
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 484, in checkout
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/impl.py", line 219, in _do_get
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 302, in _create_connection
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 429, in init
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/pool/base.py", line 626, in __connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/strategies.py", line 106, in connect
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/default.py", line 412, in connect
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) unable to open database file (Background on this error at: http://sqlalche.me/e/e3q8)
./startLegion.sh: line 23: 3776 Aborted ${PYTHON3BIN} legion.py
Resolve the build error under Travis-CI
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
