Legions is a handy toolkit for (security) researchers poking around EVM (Ethereum Virtual Machine) nodes and smart contracts, now with a slick command-line interface, with auto complete commands and history.
- Node detection (
getnodeinfo
)- Detect the type of the Node, Chain, and Network
- Peer Count, Listening, Synching, and Mining status
- Gas Price
- etc
- Web3 API enumeration (
investigate
)- Accounts
- Read coinbase, and exposed accounts of the node
- (
intrusive = True
) will try to create accounts on the node
- Admin
- Enumerates web3.admin endpoints
- Sign (WIP)
- Enumerates signing functionalities (web3.sign)
- Accounts
- ENS Queries (
ens
)- List Names owned by an address
- List Subdomains of an address
- Query individual names
- Query at latest/specific block number (
query
)- Balance of an address
- Block details
- Bytecode of the smart contract
- Read storage of the smart contract (default
count=10
reads the first 10 slots) - command, which you can pass any RPC method with args
- ECRecover of a signature
- Conversions (toWei, fromWei, keccak, toChecksumAddress, etc)
This tool is in beta and a work in progress
Require Python 3.6
.
pip install legions
Or directly from source code:
git clone https://github.com/shayanb/Legions
cd Legions
pip install .
If installed locally:
python legions.py
or if installed globally:
legions
Command | [Subcommand] | Description |
---|---|---|
sethost | Setup the Web3 connection (RPC, IPC, HTTP) (default to infura mainnet) | |
getnodeinfo | Information about the connected node (run setnode before this) |
|
conversions | Conversions possible to do with Web3 | |
fromWei | Converts the input to ether (to currency default to ether) |
|
toWei | Converts the input to Wei (from currency default to ether) |
|
keccak | keccak hash of the input | |
toBytes | Converts the input to hex representation of its Bytes | |
toChecksumAddress | Converts the input to Checksum Address | |
toHex | Converts the input text to Hex | |
fromWei | Converts the input to ether (or specified currency) | |
query | Query Blockchain (Storage, balance, etc) | |
balance | Get Balance of an account | |
block | Get block details by block number | |
code | Get code of the smart contract at address | |
ecrecover | Get address associated with the signature (ecrecover) BUGGY |
|
storage | Read the storage of a contract (count default = 10) |
|
command | Manual RPC method with args | |
investigate | Investigate further in the node (e.g. check if accounts are unlocked, etc) | |
accounts | Investigate accounts (e.g. check if accounts are unlocked, etc) | |
admin | Investigate accounts (e.g. functionalities under the admin_ namespace) | |
sign | Investigate signature functionalities | |
ens | Do Ethereum Name Service queries (supported on the mainnet only) | |
toName | Transform an address to the ENS name | |
toAddress | Transform an ENS name to the Ethereum public address | |
info | Get details about an ENS name | |
version | Print Versions (If connected to a node it will print the host version too) | |
scan | RPC scans for blockchain nodes powered by teatime | |
execute | Execute the RPC scanner | |
add | Add plugin to RPC scanner | |
add-list | Add plugin(s) to RPC scanner | |
rm | Remove plugin from RPC scanner | |
list-selected | List selected plugins | |
list-all | List all plugins | |
list-parity | List plugins supported by Parity | |
list-geth | List plugins supported by Geth |
- Interactive shell: python-nubia
- Web3.py
- Node data provided by chainid.network
- ENS data provided by ENS GraphQL dataset
- eth 2.0 API implementation
- Fix
Verbose
Status bar (It does not change fromOFF
) - inline TODOs (tons)
- resolve mappings from storage (using ABI?)
- Get tokens Balance (etherscan or other explorer API)