Picking a tool
Tools are organized in the sidebar by category. There are 15 categories covering recon, web, network, exploitation, post-exploitation, passwords, wireless, cloud, DFIR, threat hunting, and more. Pick a category to expand it and click any tool to open it.
If a tool is not installed, it will show an install prompt. Go to the Downloads section to install it first, then come back.
Filling in the form
Every tool opens as a form with its real flags exposed as fields. You fill in what you need and leave the rest blank. There are no hidden defaults you can't see. The exact command Legion will run is shown to you before you hit Run so you always know what's about to execute.
Fields that accept a file path have a file picker. Fields that accept a wordlist have a dropdown that includes the six bundled wordlists that ship with Legion. If you have the full Kali wordlist set installed, those appear in the dropdown too.
Credential fields have a vault picker that lets you pull saved credentials directly from the keychain without typing them out.
Running and reading output
Hit Run. The output from the tool appears in the area below the fields as it streams in. You can scroll back through it at any time.
Anything significant that the tool finds, hosts, open ports, services, credentials, vulnerabilities, gets added to the task automatically.