Legions is a handy toolkit for (security) researchers poking around EVM (Ethereum Virtual Machine) nodes and smart contracts, now with a slick command-line interface, with auto complete commands and history.
- Node detection (
getnodeinfo)- Detect the type of the Node, Chain, and Network
- Peer Count, Listening, Synching, and Mining status
- Gas Price
- etc
- Web3 API enumeration (
investigate)- Accounts
- Read coinbase, and exposed accounts of the node
- (
intrusive = True) will try to create accounts on the node
- Admin
- Enumerates web3.admin endpoints
- Sign (WIP)
- Enumerates signing functionalities (web3.sign)
- Accounts
- ENS Queries (
ens)- List Names owned by an address
- List Subdomains of an address
- Query individual names
- Query at latest/specific block number (
query)- Balance of an address
- Block details
- Bytecode of the smart contract
- Read storage of the smart contract (default
count=10reads the first 10 slots) - command, which you can pass any RPC method with args
- ECRecover of a signature
- Conversions (toWei, fromWei, keccak, toChecksumAddress, etc)
This tool is in beta and a work in progress
Require Python 3.6.
pip install legionsOr directly from source code:
git clone https://github.com/shayanb/Legions
cd Legions
pip install .If installed locally:
python legions.pyor if installed globally:
legions| Command | [Subcommand] | Description |
|---|---|---|
| sethost | Setup the Web3 connection (RPC, IPC, HTTP) (default to infura mainnet) | |
| getnodeinfo | Information about the connected node (run setnode before this) |
|
| conversions | Conversions possible to do with Web3 | |
| fromWei | Converts the input to ether (to currency default to ether) |
|
| toWei | Converts the input to Wei (from currency default to ether) |
|
| keccak | keccak hash of the input | |
| toBytes | Converts the input to hex representation of its Bytes | |
| toChecksumAddress | Converts the input to Checksum Address | |
| toHex | Converts the input text to Hex | |
| fromWei | Converts the input to ether (or specified currency) | |
| query | Query Blockchain (Storage, balance, etc) | |
| balance | Get Balance of an account | |
| block | Get block details by block number | |
| code | Get code of the smart contract at address | |
| ecrecover | Get address associated with the signature (ecrecover) BUGGY |
|
| storage | Read the storage of a contract (count default = 10) |
|
| command | Manual RPC method with args | |
| investigate | Investigate further in the node (e.g. check if accounts are unlocked, etc) | |
| accounts | Investigate accounts (e.g. check if accounts are unlocked, etc) | |
| admin | Investigate accounts (e.g. functionalities under the admin_ namespace) | |
| sign | Investigate signature functionalities | |
| ens | Do Ethereum Name Service queries (supported on the mainnet only) | |
| toName | Transform an address to the ENS name | |
| toAddress | Transform an ENS name to the Ethereum public address | |
| info | Get details about an ENS name | |
| version | Print Versions (If connected to a node it will print the host version too) | |
| scan | RPC scans for blockchain nodes powered by teatime | |
| execute | Execute the RPC scanner | |
| add | Add plugin to RPC scanner | |
| add-list | Add plugin(s) to RPC scanner | |
| rm | Remove plugin from RPC scanner | |
| list-selected | List selected plugins | |
| list-all | List all plugins | |
| list-parity | List plugins supported by Parity | |
| list-geth | List plugins supported by Geth |
- Interactive shell: python-nubia
- Web3.py
- Node data provided by chainid.network
- ENS data provided by ENS GraphQL dataset
- eth 2.0 API implementation
- Fix
VerboseStatus bar (It does not change fromOFF) - inline TODOs (tons)
- resolve mappings from storage (using ABI?)
- Get tokens Balance (etherscan or other explorer API)