legba: multiprotocol credentials bruteforcer / password sprayer and enumerator

by ddos ·

legba

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming fewer resources than similar tools.

Usage

 

password sprayer

The tool requires a plugin name, a –target argument specifying the ip, hostname, and (optionally) the port of the target (optional whenever it matches the default port for the given protocol), and, depending on the selected plugin, a pair of –username and –password arguments or a single –data argument (like in the case of the dns.enum plugin which requires a single enumeration element).

The –username/–data and –password/–key arguments all support the same logic depending on the value passed to them:

  • If the value provided is an existing file name, it’ll be loaded as a wordlist.
  • If the value provided is in the form of @/some/path/*.txt it’ll be used as a glob expression to iterate matching files.
  • If the value provided is in the form of #<NUMBER>-<NUMBER>:<OPTIONAL CHARSET>, it’ll be used to generate all possible permutations of the given charset (or the default one if not provided) and of the given length. For instance: #1-3 will generate all permutations from 1 to 3 characters using the default ASCII printable charset, while #4-5:0123456789 will generate all permutations of digits of 4 and 5 characters.
  • Anything else will be considered as a constant string.

For instance:

  • legba <plugin name> –username admin –password data/passwords.txt will always use admin as username while loading the passwords from a wordlist.
  • legba <plugin name> –username data/users.txt –password data/passwords.txt will load both from wordlists and use all combinations.
  • legba <plugin name> –username admin will always use admin as username and attempt all permutations of the default printable ASCII charset between 4 and 8 characters (this is the default behaviour when a value is not passed).
  • legba <plugin name> –username data/users.txt –password ‘@/some/path/*.key’ will load users from a wordlist while testing all key files inside /some/path.
  • legba <plugin name> –username data/users.txt –password ‘#4-5:abcdef’ will load users from a wordlist while testing all permutations of the charaters abcdef 4 and 5 characters long.

Install

Copyright (C) 2023 evilsocket

Tags: password sprayer