HomeToolsDocsPricingGalleryExtensionContact Get the App
// start here

First Engagement

Create a task

Click the new task button in the left sidebar. The task wizard walks you through three pages before creating it.

Page 1: Basics. Give the task a name, enter the target scope (an IP, range, or domain), and optionally add a description. The scope is what you have authorization to test. It shows up on the report cover and keeps the AI Operator in bounds. You also choose between two modes here:

  • Agent mode — The AI Operator drives the tools. You give it an objective and it works through it.
  • Manual mode — You run everything yourself. No agent, just the tools.

You can switch between Agent and Manual mode at any time after the task is created.

Page 2: Headers and credentials. You can add a custom HTTP header that gets sent with every request. This is useful for bug bounty programs like Bugcrowd or HackerOne that ask you to identify your traffic. You can also add credentials here. Saved credentials go straight to Loot, and the AI Operator can use them to log into accounts automatically using Playwright.

Page 3: Authorization confirmation. You have to confirm you have legal authorization to test the target. Check both boxes and confirm. The task is created and you land on the Overview tab.

The tabs

Every task has the same set of tabs across the top:

  • Agent — The AI Operator. Type a plain-English objective and it drives the tools.
  • Chat — Ask follow-up questions about any output or finding without giving the agent a new task.
  • Overview — A live summary of the task: risk posture, host and service counts, credentials, artifacts, and findings.
  • Suggestions — Next-step suggestions based on what's been found so far.
  • Findings — Every finding, confidence-scored and tied to its evidence.
  • Loot — Credentials, hashes, tokens, and other captured artifacts.
  • Activity — A full log of every command run and action taken in the task.
  • Report — The report builder. Generate, preview, and export.

Running tools

Pick a tool from the sidebar. Each tool opens as a form with all its flags exposed as fields. Fill in what you need and hit Run. The output appears below the fields. Anything significant (hosts discovered, credentials found, vulnerabilities confirmed) gets added to the task automatically.

Using the Agent

Open the Agent tab and type what you want done in plain English. Something like enumerate 10.10.10.10 and find open ports and services. The agent picks the right tools, runs them, reads the output, and decides what to do next.

You can set a stealth level using the dropdown in the top right to control how aggressively it scans. You can also require approval before each command runs if you want to stay in the loop on every step.

Findings

Open the Findings tab to see everything that's been confirmed. Each finding has a severity (Critical, High, Medium, Low, Info) and a confidence score. The evidence that backs it up is attached directly to the finding. Legion takes a screenshot automatically using Playwright as proof.

Generating a report

When you're ready, open the Report tab and click Generate. The AI drafts an executive summary, a severity breakdown, and per-finding remediation based on everything in the task. You can edit any section before exporting.

Export to HTML or PDF. The PDF uses WeasyPrint, which you can install from the Downloads section if you haven't already. Screenshots are embedded and credentials are redacted in the output.

Only test systems you own or have explicit written authorization to test. The scope field is there to help keep the agent inside the agreed target. Use it.
Download Legion Back to Docs