Gallery

See Legion in action.

One demo video and ten screenshots, captured pre-launch on macOS. Click any image to view full size.

01 — AI Operator

Legion's agentic mode solving a TryHackMe box end-to-end. Recon, exploitation, privesc, root.

AI Operator running a TryHackMe box end-to-end

Demo video

The same workflow as a screen recording. ~7 minutes.

02 — Red Team categories

Every red-side category as a tile, with install status at a glance.

Red Team category grid

03 — Vuln Scanning

Drill into a category and pick a tool. Same pattern for all 13 categories.

Vuln Scanning category drill-down

04 — sqlmap runner

Every flag exposed as a field. Run by hand, watch the live output, ship the result to the engagement tree.

sqlmap tool runner with PortSwigger lab target

05 — Tool Status (Red Team)

One page. One-click install for anything missing. Red side has 47 tools.

Tool Status — Red Team

06 — Tool Status (Blue Team)

Same install flow, defensive side. Volatility, YARA, Sigma, Chainsaw, Suricata, capa, more.

Tool Status — Blue Team

07 — Metasploit Framework setup

One click installs Metasploit, sets up the database, starts the RPC daemon, and connects. No hand-rolled config.

Metasploit Framework guided setup

08 — Metasploit module browser

Search modules by name or capability. Ratings, descriptions, one-click load into the host's workspace.

Metasploit module browser with EternalBlue results

09 — Metasploit host detail

Per-host workspace: overview, services, exploits, loot, sessions. Quick actions for deep scan, shell, post-ex.

Metasploit host detail panel for a Windows 7 target

10 — Blue Team: Suricata IDS replay

Replay a pcap through Suricata with a chosen rule set. Same form pattern as every other tool.

Suricata IDS replay runner on the Blue Team side