Legba - A Fast and Efficient Credentials Bruteforcer and Enumerator

Legba - A Fast and Efficient Credentials Bruteforcer and Enumerator

Legba is a multiprotocol credentials bruteforcer, password sprayer, and enumerator built with Rust for efficient and memory-safe operations. This guide provides detailed instructions for installing and using Legba via Docker, Crates.io, or building it from source.

Installing Legba

1. Using Docker Hub

The recommended way to use Legba is via Docker, as it includes all features by default.

Steps:

1.Run the Docker Image:
Use the following command to pull and run the Legba image:

docker run -it evilsocket/legba -h

This will display the help menu for Legba.

2.Using Wordlist Files:
When using wordlist files, share them with the container via a volume and use the host network to reach the target:

docker run \
  -v $(pwd):/data \  # Shares the current directory as /data inside the container
  --network host \    # Uses the host network
  -it evilsocket/legba:latest \
  ssh --username root --password /data/your-wordlist.txt --target 192.168.1.1

3.Optional: Use Docker Compose

You can simplify container management by creating a docker-compose.yml file for Legba.

2. Installing from Crates.io

Legba is available as a binary crate on Crates.io. However, this build does not include all features by default.

Steps:

1.Ensure you have Cargo (Rust's package manager) installed.

2.Run the following command:

cargo install legba

3.The binary will be installed in $HOME/.cargo/bin/legba.

3. Building from Source

If you prefer to build Legba manually, follow these steps:

Prerequisites:

  • Install Rust on your system.

  • Install dependencies: libcrypto-dev and libsmbclient-dev.

Steps:

1.Clone the repository:

git clone https://github.com/evilsocket/legba.git

cd legba

2.Build with Cargo:

cargo build --release --features http_relative_paths

3.The compiled binary will be located in ./target/release.

4. Building a Docker Image Locally

If you want to create your own Docker image for Legba:

Steps:

1.Clone the repository:

git clone https://github.com/evilsocket/legba.git

cd legba

2.Build the Docker image:

docker build -t legba .

3.Run the container:

docker run legba --help

Usage Examples

Basic Command Help

To view available commands and options:

docker run -it evilsocket/legba -h

SSH Bruteforce Example

Use a wordlist to bruteforce SSH credentials:

docker run \
  -v $(pwd):/data \
  --network host \
  -it evilsocket/legba:latest \
  ssh --username root --password /data/your-wordlist.txt --target 192.168.1.1

Additional Features

Legba supports numerous protocols and tasks such as HTTP authentication, DNS subdomain enumeration, TCP port scanning, and more. Refer to the project's documentation for detailed usage examples.

Recommendations

  • For full feature support, use the Docker image.

  • Keep your environment updated (e.g., Docker Engine or Rust) to ensure compatibility.

  • Check out the Legba Wiki for advanced usage scenarios and updates.

By following these instructions, you'll be able to install and effectively use Legba for your credential enumeration and bruteforcing tasks! You can learn more and Download Legba in GitHub.

Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here

 

Back to blog