Add legba module for bruteforcing various services

[christianfl]

Hey there!

Saw the discussion on: #1689

We developed a Legba module internally and I did a thorough review. Would you mind include it and/or have some comments?

Best wishes,
Christian

Supported protocols

• SSH
• FTP
• TELNET
• VNC
• MSSQL
• MySQL
• PostgreSQL

Screenshot

ToDo

• Write tests
• Support all distros
• Manual tests

[TheTechromancer]

This looks great, nice work! Legba has been a much requested module.

The trick will be writing tests for the different protocols, and also getting Legba to compile properly on all the different platforms.

@Vinnie64 may be able to help as he's been working on something similar to this

[christianfl]

Nice! I can start working on it and see how it goes. Input from @Vinnie64 is also appreciated

[christianfl]

I think the distro tests are now failing because deps_ansible run before deps_common:

• See test-distros (debian) L8572 following -> Ansible tasks for building Legba fails (L10095 "msg": "[Errno 2] No such file or directory: b'cargo'")
• See test-distros (debian) L10124 following -> Ansible tasks for installing rust seem to work

Is it intended this way? At least I expected it to be the other way around @TheTechromancer

[codecov]

Codecov Report

❌ Patch coverage is 84.32836% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 93%. Comparing base (848266c) to head (a2315a6).
⚠️ Report is 65 commits behind head on dev.

Files with missing lines	Patch %	Lines
bbot/modules/deadly/legba.py	79%	19 Missing ⚠️
...test/test_step_2/module_tests/test_module_legba.py	96%	2 Missing ⚠️

Additional details and impacted files

@@          Coverage Diff           @@
##             dev   #2530    +/-   ##
======================================
- Coverage     93%     93%    -0%     
======================================
  Files        404     406     +2     
  Lines      33387   33521   +134     
======================================
+ Hits       30922   31038   +116     
- Misses      2465    2483    +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[TheTechromancer]

deps_ansible run before deps_common

I think deps_common should run first. I'll see about fixing.

EDIT:

• Modules: Run Ansible Dependencies Last #2549

[TheTechromancer]

@christianfl that fix has been merged; you may need to rebase from dev.

[christianfl]

Thanks @TheTechromancer !
Looking good, Arch and Fedora left

[christianfl]

Hey! Did a bit of work again 😎

Feedback welcome! If you'd consider merging, feel free to squash the commits into one.

[christianfl]

Saw that you are in the process of deprecate vulnerability events in favor of finding events here. Changed code accordingly. Even if severity and confidence are not yet supported attributes of finding, it still runs with the current changes.

[liquidsec]

Saw that you are in the process of deprecate vulnerability events in favor of finding events here. Changed code accordingly. Even if severity and confidence are not yet supported attributes of finding, it still runs with the current changes.

Hi, yes this is happening - but it wont make into stable until 3.0. Could be a while before that happens.

Going to try to test this out next week, from what I had a chance to look at so far, looks great. Really appreciate all the work writing tests and supporting all the distros, etc.

[christianfl]

You're very welcome! Ok good to know, cool to see those event type merged. Feel free to ping me in case anything's needed here.

[TheTechromancer]

Fantastic work on this module. A couple small changes and then it should be good to merge:

1. Let's use the scan's temp directory instead of /tmp
2. We don't need to specify defaults in the option descriptions since they're already shown in bbot -mh legba

diff --git a/bbot/modules/deadly/legba.py b/bbot/modules/deadly/legba.py
index b6d7da6e4..91d7b5488 100644
--- a/bbot/modules/deadly/legba.py
+++ b/bbot/modules/deadly/legba.py
@@ -41,15 +41,15 @@ class legba(BaseModule):
     }
 
     options_desc = {
-        "ssh_wordlist": "Wordlist URL for SSH combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/ssh-betterdefaultpasslist.txt)",
-        "ftp_wordlist": "Wordlist URL for FTP combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt)",
-        "telnet_wordlist": "Wordlist URL for TELNET combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/telnet-betterdefaultpasslist.txt)",
-        "vnc_wordlist": "Wordlist URL for VNC password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/vnc-betterdefaultpasslist.txt)",
-        "mssql_wordlist": "Wordlist URL for MSSQL combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/mssql-betterdefaultpasslist.txt)",
-        "mysql_wordlist": "Wordlist URL for MySQL combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/mysql-betterdefaultpasslist.txt)",
-        "postgresql_wordlist": "Wordlist URL for PostgreSQL combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/postgres-betterdefaultpasslist.txt)",
-        "concurrency": "Number of concurrent workers, gets overridden for SSH (default 3)",
-        "rate_limit": "Limit the number of requests per second, gets overridden for SSH (default 3)",
+        "ssh_wordlist": "Wordlist URL for SSH combined username:password wordlist, newline separated",
+        "ftp_wordlist": "Wordlist URL for FTP combined username:password wordlist, newline separated",
+        "telnet_wordlist": "Wordlist URL for TELNET combined username:password wordlist, newline separated",
+        "vnc_wordlist": "Wordlist URL for VNC password wordlist, newline separated",
+        "mssql_wordlist": "Wordlist URL for MSSQL combined username:password wordlist, newline separated",
+        "mysql_wordlist": "Wordlist URL for MySQL combined username:password wordlist, newline separated",
+        "postgresql_wordlist": "Wordlist URL for PostgreSQL combined username:password wordlist, newline separated",
+        "concurrency": "Number of concurrent workers, gets overridden for SSH",
+        "rate_limit": "Limit the number of requests per second, gets overridden for SSH",
     }
 
     deps_common = ["rust"]
@@ -120,7 +120,7 @@ class legba(BaseModule):
     ]
 
     async def setup(self):
-        self.output_dir = "/tmp/legba-output"
+        self.output_dir = self.scan.temp_dir / "legba-output"
         self.helpers.mkdir(self.output_dir)
 
         return True

[christianfl]

Thanks for reviewing! I applied the suggested changes but the test is failing for me locally. I'll have to look at it later.

[christianfl]

My fault 😁 Works again. I squashed commits so I think it's ready to be merged!