Skip to content

Consensys/Legions

Repository files navigation


get in touch with ConsenSys Diligence
[ 🌐 📩 ]

Legions

EVM Node Security Toolkit

License: MIT CircleCI Code style: black PyPI

Legions is a handy toolkit for (security) researchers poking around EVM (Ethereum Virtual Machine) nodes and smart contracts, now with a slick command-line interface, with auto complete commands and history.

Features:

  • Node detection (getnodeinfo)
    • Detect the type of the Node, Chain, and Network
    • Peer Count, Listening, Synching, and Mining status
    • Gas Price
    • etc
  • Web3 API enumeration (investigate)
    • Accounts
      • Read coinbase, and exposed accounts of the node
      • (intrusive = True) will try to create accounts on the node
    • Admin
      • Enumerates web3.admin endpoints
    • Sign (WIP)
      • Enumerates signing functionalities (web3.sign)
  • ENS Queries (ens)
    • List Names owned by an address
    • List Subdomains of an address
    • Query individual names
  • Query at latest/specific block number (query)
    • Balance of an address
    • Block details
    • Bytecode of the smart contract
    • Read storage of the smart contract (default count=10 reads the first 10 slots)
    • command, which you can pass any RPC method with args
    • ECRecover of a signature
  • Conversions (toWei, fromWei, keccak, toChecksumAddress, etc)

This tool is in beta and a work in progress

Demo

Main Functionality

demo

ENS (Ethereum Name Service)

demo

Installation

Require Python 3.6.

pip install legions

Or directly from source code:

git clone https://github.com/shayanb/Legions
cd Legions
pip install .

Usage

If installed locally:

python legions.py

or if installed globally:

legions

Functions Breakdown

Command [Subcommand] Description
sethost Setup the Web3 connection (RPC, IPC, HTTP) (default to infura mainnet)
getnodeinfo Information about the connected node (run setnode before this)
conversions Conversions possible to do with Web3
fromWei Converts the input to ether (to currency default to ether)
toWei Converts the input to Wei (from currency default to ether)
keccak keccak hash of the input
toBytes Converts the input to hex representation of its Bytes
toChecksumAddress Converts the input to Checksum Address
toHex Converts the input text to Hex
fromWei Converts the input to ether (or specified currency)
query Query Blockchain (Storage, balance, etc)
balance Get Balance of an account
block Get block details by block number
code Get code of the smart contract at address
ecrecover Get address associated with the signature (ecrecover) BUGGY
storage Read the storage of a contract (count default = 10)
command Manual RPC method with args
investigate Investigate further in the node (e.g. check if accounts are unlocked, etc)
accounts Investigate accounts (e.g. check if accounts are unlocked, etc)
admin Investigate accounts (e.g. functionalities under the admin_ namespace)
sign Investigate signature functionalities
ens Do Ethereum Name Service queries (supported on the mainnet only)
toName Transform an address to the ENS name
toAddress Transform an ENS name to the Ethereum public address
info Get details about an ENS name
version Print Versions (If connected to a node it will print the host version too)
scan RPC scans for blockchain nodes powered by teatime
execute Execute the RPC scanner
add Add plugin to RPC scanner
add-list Add plugin(s) to RPC scanner
rm Remove plugin from RPC scanner
list-selected List selected plugins
list-all List all plugins
list-parity List plugins supported by Parity
list-geth List plugins supported by Geth

Acknowledgements

TODO:

  • eth 2.0 API implementation
  • Fix Verbose Status bar (It does not change from OFF)
  • inline TODOs (tons)
  • resolve mappings from storage (using ABI?)
  • Get tokens Balance (etherscan or other explorer API)