HomeToolsDocsPricingGalleryExtensionContact Get the App
// core workflows

Running Tools

Picking a tool

Tools are organized in the sidebar by category. There are 15 categories covering recon, web, network, exploitation, post-exploitation, passwords, wireless, cloud, DFIR, threat hunting, and more. Pick a category to expand it and click any tool to open it.

If a tool is not installed, it will show an install prompt. Go to the Downloads section to install it first, then come back.

Filling in the form

Every tool opens as a form with its real flags exposed as fields. You fill in what you need and leave the rest blank. There are no hidden defaults you can't see. The exact command Legion will run is shown to you before you hit Run so you always know what's about to execute.

Fields that accept a file path have a file picker. Fields that accept a wordlist have a dropdown that includes the six bundled wordlists that ship with Legion. If you have the full Kali wordlist set installed, those appear in the dropdown too.

Credential fields have a vault picker that lets you pull saved credentials directly from the keychain without typing them out.

Running and reading output

Hit Run. The output from the tool appears in the area below the fields as it streams in. You can scroll back through it at any time.

Anything significant that the tool finds, hosts, open ports, services, credentials, vulnerabilities, gets added to the task automatically.

You can run tools manually and use the AI Operator in the same task at the same time. They work from the same task data and findings graph.
Next: AI Operator Back to Docs