Automic VaultAutomic Vault

brew

Install legba with Homebrew, Nix, pacman

Multiprotocol credentials bruteforcer/password sprayer and enumerator. Version 1.3.0 via Homebrew; verified 2026-06-22.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install legba

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#legba

nixpkgs package indexes · pkgs/by-name/le/legba/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S legba

Arch Linux sync databases · legba · source: geo.mirror.pkgbuild.com

overview

Package summary

Multiprotocol credentials bruteforcer/password sprayer and enumerator

Commands and aliases

  • legba

history

Project history and usage

Legba is Simone Margaritelli's Rust credential-testing CLI for authorized security work: a multi-protocol bruteforcer, password sprayer, and enumerator built around Tokio concurrency.

Project history

The author presented Legba on 2023-11-02 as a project that began as Rust and Tokio practice and quickly became a replacement candidate for older credential attack tools such as THC-Hydra, Medusa, Patator, and related utilities. The official README and docs kept that framing: Rust, async execution, many protocol plugins, resumable sessions, rate controls, YAML recipes, a REST API, and an MCP server.

Adoption history

Legba's adoption trail is mostly security-tool packaging rather than mainstream application development. Official materials show precompiled releases, Docker distribution, Homebrew installation through the author's tap, and later broader package-manager exposure through Homebrew, Nix, Arch packaging, and similar channels.

How it is used

The CLI is used for authorized credential auditing across services such as SMB, SSH, HTTP forms, databases, LDAP, Kerberos, MQTT, and other supported plugins. The docs emphasize rate limiting, delays, jitter, session save/restore, recipes, and legal authorization, which are the practical controls that separate testing workflows from reckless brute forcing.

Why package nerds care

Legba is notable to package nerds as an example of security tooling moving from C and Python heritage into single-binary Rust distribution. The interesting packaging angle is not just speed; it is a no-native-dependency binary shipped through releases, Docker, cargo, and OS package managers while carrying a large protocol surface.

Timeline

  • 2023-11-02: The author published the introductory Legba article.
  • 2024-03-20: A Kali packaging request noted Arch package availability for Legba 0.8.0.
  • 2025-08-22: The author noted static linking, precompiled binaries, and .deb assets in the Kali packaging thread.
  • 2026-05-19: GitHub releases showed Legba 1.3.0.

Related projects

  • Related tools include THC-Hydra, Medusa, Ncrack, Patator, and protocol-specific credential auditing tools. Related distribution surfaces include Docker Hub, crates.io/lib.rs metadata, Homebrew taps, Arch packages, and security distributions such as Kali.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for legba. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 2 runtime dependencies.
  • Build metadata lists 3 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
legbacliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.3.0
manager updated2026-06-22
local dataok
upstreamcurrent
latest detected1.3.0

https://github.com/evilsocket/legba

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:legba
Version1.3.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/legba
Homepagehttps://legba.evilsocket.net/
Repositoryhttps://github.com/evilsocket/legba
Upstream docshttps://github.com/evilsocket/legba#readme
LicenseAGPL-3.0-only
Source archivehttps://github.com/evilsocket/legba/archive/refs/tags/1.3.0.tar.gz
Last updated2026-06-22T14:05:10-07:00
Pulseupdated
Dependenciesopenssl@3, samba
Build dependenciescmake, pkgconf, rust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namelegba
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

legba

nix profile install nixpkgs#legba
  • normalized package name match
  • Matched by: Legba
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/le/legba/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

legba 1.3.0-1

A multiprotocol credentials bruteforcer / password sprayer and enumerator

https://github.com/evilsocket/legba

sudo pacman -S legba
  • License: GPL-3.0-only
  • Architecture: x86_64
  • 3 dependencies
  • normalized package name match
  • Matched by: Legba
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: legba from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment