# Install legba with Homebrew, Nix, pacman

Multiprotocol credentials bruteforcer/password sprayer and enumerator. Version 1.3.0 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:legba
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install legba
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#legba
```

  Evidence: nixpkgs package indexes: pkgs/by-name/le/legba/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S legba
```

  Evidence: Arch Linux sync databases: legba from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:legba
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/legba>
- **Version:** 1.3.0
- **Source summary:** Multiprotocol credentials bruteforcer/password sprayer and enumerator
- **Homepage:** <https://legba.evilsocket.net/>
- **Repository:** <https://github.com/evilsocket/legba>
- **Upstream docs:** <https://github.com/evilsocket/legba#readme>
- **License:** AGPL-3.0-only
- **Source archive:** <https://github.com/evilsocket/legba/archive/refs/tags/1.3.0.tar.gz>
- **Last updated:** 2026-06-22T14:05:10-07:00
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- legba (cli)
- legba (alias)

## Dependencies

- openssl@3
- samba

## Build dependencies

- cmake
- pkgconf
- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.3.0
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://github.com/evilsocket/legba
- Upstream latest detected: 1.3.0 (current)
## Project history and usage

Legba is Simone Margaritelli's Rust credential-testing CLI for authorized security work: a multi-protocol bruteforcer, password sprayer, and enumerator built around Tokio concurrency.

### Project history

The author presented Legba on 2023-11-02 as a project that began as Rust and Tokio practice and quickly became a replacement candidate for older credential attack tools such as THC-Hydra, Medusa, Patator, and related utilities. The official README and docs kept that framing: Rust, async execution, many protocol plugins, resumable sessions, rate controls, YAML recipes, a REST API, and an MCP server.

### Adoption history

Legba's adoption trail is mostly security-tool packaging rather than mainstream application development. Official materials show precompiled releases, Docker distribution, Homebrew installation through the author's tap, and later broader package-manager exposure through Homebrew, Nix, Arch packaging, and similar channels.

### How it is used

The CLI is used for authorized credential auditing across services such as SMB, SSH, HTTP forms, databases, LDAP, Kerberos, MQTT, and other supported plugins. The docs emphasize rate limiting, delays, jitter, session save/restore, recipes, and legal authorization, which are the practical controls that separate testing workflows from reckless brute forcing.

### Why package nerds care

Legba is notable to package nerds as an example of security tooling moving from C and Python heritage into single-binary Rust distribution. The interesting packaging angle is not just speed; it is a no-native-dependency binary shipped through releases, Docker, cargo, and OS package managers while carrying a large protocol surface.

### Timeline

- 2023-11-02: The author published the introductory Legba article.
- 2024-03-20: A Kali packaging request noted Arch package availability for Legba 0.8.0.
- 2025-08-22: The author noted static linking, precompiled binaries, and .deb assets in the Kali packaging thread.
- 2026-05-19: GitHub releases showed Legba 1.3.0.

### Related projects

- Related tools include THC-Hydra, Medusa, Ncrack, Patator, and protocol-specific credential auditing tools. Related distribution surfaces include Docker Hub, crates.io/lib.rs metadata, Homebrew taps, Arch packages, and security distributions such as Kali.

### Sources

- <https://bugs.kali.org/view.php?id=8682>
- <https://github.com/evilsocket/legba>
- <https://github.com/evilsocket/legba/releases>
- <https://legba.evilsocket.net/>
- <https://legba.evilsocket.net/faq/>
- <https://www.evilsocket.net/2023/11/02/Enumerate-Bruteforce-Attack-All-The-Things-Presenting-Legba/>


## Security Notes

No matching local secret-handling manifest was found for legba. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** legba
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - legba: normalized package name match | nixpkgs package indexes: pkgs/by-name/le/legba/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- pacman - legba - 1.3.0-1: normalized package name match | Arch Linux sync databases: legba from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | A multiprotocol credentials bruteforcer / password sprayer and enumerator | https://github.com/evilsocket/legba


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [samba](https://www.automicvault.com/pkg/brew/samba/) - Runtime dependency declared by Homebrew.
- [cmake](https://www.automicvault.com/pkg/brew/cmake/) - Build dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [afl++](https://www.automicvault.com/pkg/brew/afl/) - Shares av.db curated category or tags: cli, security, testing.
- [echidna](https://www.automicvault.com/pkg/brew/echidna/) - Shares av.db curated category or tags: cli, security, testing.
- [jwt-hack](https://www.automicvault.com/pkg/brew/jwt-hack/) - Shares av.db curated category or tags: cli, security, testing.
- [slowhttptest](https://www.automicvault.com/pkg/brew/slowhttptest/) - Shares av.db curated category or tags: cli, security, testing.
- [sqlmap](https://www.automicvault.com/pkg/brew/sqlmap/) - Shares av.db curated category or tags: cli, security, testing.
- [wuppiefuzz](https://www.automicvault.com/pkg/brew/wuppiefuzz/) - Shares av.db curated category or tags: cli, security, testing.
- [ldeep](https://www.automicvault.com/pkg/brew/ldeep/) - Shares av.db curated category or tags: cli, enumeration, security.
- [acme.sh](https://www.automicvault.com/pkg/brew/acme-sh/) - Shares av.db curated category or tags: cli, security.
- [findomain](https://www.automicvault.com/pkg/brew/findomain/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, enumeration, enumerator, openssl, openssl-3.
- [hydra](https://www.automicvault.com/pkg/brew/hydra/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, openssl, openssl-3, password, security.
- [feroxbuster](https://www.automicvault.com/pkg/brew/feroxbuster/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, enumeration, openssl, openssl-3, security.

## Combined YAML source

View the package source record on GitHub. [combined/legba.yml](https://github.com/automic-vault/db/blob/main/combined/legba.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
