// the find
evilsocket/legba
The fastest and more comprehensive multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷
Legba is a credential bruteforcer and password sprayer written in Rust, covering an unusually wide range of protocols — SSH, RDP, HTTP, SMTP, Kerberos, LDAP, a dozen databases, and more. It's aimed at pentesters and red teamers who want one tool instead of five. The async Tokio runtime gives it a genuine performance edge over Python-based equivalents like Hydra.
The protocol breadth is real — 25+ plugins each with their own options, not thin wrappers. The session save/restore system means you can interrupt a long scan without losing progress, which Hydra never bothered with. The YAML recipe system for complex multi-step auth flows is a practical addition that other tools skip entirely. The test-servers directory with Docker setups for each protocol means you can actually validate your flags before pointing it at a target.
GPL3 license is a dealbreaker for anyone embedding this in a commercial product or proprietary engagement toolchain — that's a real constraint worth knowing upfront. The REST API and MCP server surface area feels like scope creep; a bruteforcer with an always-on HTTP API is an interesting attack surface on your own pentest box. The plugin architecture means quality varies — the port scanner sitting alongside credential plugins is an odd fit that suggests the scope isn't fully settled. No built-in proxy rotation or per-target throttling means you will trip account lockout policies on any hardened target without careful manual tuning.