legions 0.8.4

No project description provided

^{[ 🌐 📩 ]}

Legions

EVM Node Security Toolkit

Legions is a handy toolkit for (security) researchers poking around EVM (Ethereum Virtual Machine) nodes and smart contracts, now with a slick command-line interface, with auto complete commands and history.

Features:

• Node detection (getnodeinfo)
  • Detect the type of the Node, Chain, and Network
  • Peer Count, Listening, Synching, and Mining status
  • Gas Price
  • etc
• Web3 API enumeration (investigate)
  • Accounts
    • Read coinbase, and exposed accounts of the node
    • (intrusive = True) will try to create accounts on the node
  • Admin
    • Enumerates web3.admin endpoints
  • Sign (WIP)
    • Enumerates signing functionalities (web3.sign)
• ENS Queries (ens)
  • List Names owned by an address
  • List Subdomains of an address
  • Query individual names
• Query at latest/specific block number (query)
  • Balance of an address
  • Block details
  • Bytecode of the smart contract
  • Read storage of the smart contract (default count=10 reads the first 10 slots)
  • command, which you can pass any RPC method with args
  • ECRecover of a signature
• Conversions (toWei, fromWei, keccak, toChecksumAddress, etc)

This tool is in beta and a work in progress

Demo

Main Functionality

ENS (Ethereum Name Service)

Installation

Require Python 3.6.

pip install legions

Or directly from source code:

git clone https://github.com/shayanb/Legions
cd Legions
pip install .

Usage

If installed locally:

python legions.py

or if installed globally:

legions

Functions Breakdown

Command	[Subcommand]	Description
sethost		Setup the Web3 connection (RPC, IPC, HTTP) (default to infura mainnet)
getnodeinfo		Information about the connected node (run setnode before this)
conversions		Conversions possible to do with Web3
	fromWei	Converts the input to ether (to currency default to ether)
	toWei	Converts the input to Wei (from currency default to ether)
	keccak	keccak hash of the input
	toBytes	Converts the input to hex representation of its Bytes
	toChecksumAddress	Converts the input to Checksum Address
	toHex	Converts the input text to Hex
	fromWei	Converts the input to ether (or specified currency)
query		Query Blockchain (Storage, balance, etc)
	balance	Get Balance of an account
	block	Get block details by block number
	code	Get code of the smart contract at address
	ecrecover	Get address associated with the signature (ecrecover) BUGGY
	storage	Read the storage of a contract (count default = 10)
	command	Manual RPC method with args
investigate		Investigate further in the node (e.g. check if accounts are unlocked, etc)
	accounts	Investigate accounts (e.g. check if accounts are unlocked, etc)
	admin	Investigate accounts (e.g. functionalities under the admin_ namespace)
	sign	Investigate signature functionalities
ens		Do Ethereum Name Service queries (supported on the mainnet only)
	toName	Transform an address to the ENS name
	toAddress	Transform an ENS name to the Ethereum public address
	info	Get details about an ENS name
version		Print Versions (If connected to a node it will print the host version too)

Acknowledgements

• Interactive shell: python-nubia
• Web3.py
• Node data provided by chainid.network
• ENS data provided by ENS GraphQL dataset

TODO:

• eth 2.0 API implementation
• Fix Verbose Status bar (It does not change from OFF)
• inline TODOs (tons)
• resolve mappings from storage (using ABI?)
• Get tokens Balance (etherscan or other explorer API)