MCP.so
登录
L

Legba

@evilsocket

关于 Legba

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools.

基本信息

分类

其他

传输方式

stdio

发布者

evilsocket

提交者

Simone Margaritelli

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "Legba": {
      "command": "npx",
      "args": [
        "-y",
        "supergateway",
        "--sse",
        "http://127.0.01:3001/sse"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Legba?

Legba is a multiprotocol credentials bruteforcer, password sprayer, and enumerator built with Rust and the Tokio asynchronous runtime. It is designed for penetration testers and security researchers who need a high-performance, low-resource tool that supports a wide range of protocols and services.

How to use Legba?

Legba can be installed via Homebrew, Docker, or from source with Cargo. Detailed building instructions, usage options, and configuration for MCP server mode are provided in the project Wiki. The tool is invoked as a command-line executable, with specific flags for target, protocol, wordlist, and concurrency.

Key features of Legba

  • Supports AMQP, Cassandra, DNS, FTP, HTTP, IMAP, IRC, Kerberos, LDAP, MongoDB, MQTT, MSSQL, MySQL, Oracle, PostgreSQL, POP3, RDP, Redis, Samba, SSH, SMTP, Socks5, STOMP, TCP/UDP scanning, Telnet, VNC.
  • HTTP features: basic auth, NTLMv1/v2, multipart forms, custom requests with CSRF support, file/folder enumeration, virtual host enumeration.
  • MCP server integration since version 0.11.0.
  • Asynchronous runtime delivers up to 55x faster performance than hydra on SSH.

Use cases of Legba

  • Penetration testing: Credential bruteforcing and password spraying across multiple protocols in a single tool.
  • Network enumeration: Subdomain enumeration via DNS, port scanning with banner grabbing, and virtual host discovery.
  • Security auditing: Validate weak passwords and authentication mechanisms in services like SSH, RDP, HTTP, and databases.
  • Automated AI agent integration: Use Legba as an MCP server so AI agents can perform credential testing and enumeration tasks.

FAQ from Legba

What protocols does Legba support?

Legba supports AMQP, Cassandra/ScyllaDB, DNS, FTP, HTTP (basic, NTLM, POST with CSRF), IMAP, IRC, Kerberos, LDAP, MongoDB, MQTT, MSSQL, MySQL, Oracle, PostgreSQL, POP3, RDP, Redis, Samba, SSH/SFTP, SMTP, Socks5, STOMP, TCP/UDP scanning, Telnet, and VNC.

How does Legba compare to thc-hydra?

Based on a benchmark on an M1 Max Mac with a 1000-password wordlist, Legba was 4.5x faster on HTTP basic auth, 2.9x faster on WordPress POST login, 55.1x faster on SSH, 3.8x faster on MySQL, and 1.5x faster on MSSQL.

How do I install Legba?

Legba is available via Homebrew (brew install legba), Docker (docker pull evilsocket/legba), and as a crate from crates.io. Detailed build instructions are in the project Wiki.

Can Legba be used as an MCP server for AI?

Yes, as of version 0.11.0, Legba supports being used by an AI as an MCP server. Configuration steps are documented in the project Wiki under the MCP section.

What are the runtime requirements?

Legba is built with Rust and the Tokio asynchronous runtime. It requires a modern operating system and minimal resources compared to similar tools. No specific dependencies are listed beyond the compiled binary.

评论

其他 分类下的更多 MCP 服务器