leviathan

command module
v0.0.0-...-b57d395 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2026 License: GPL-3.0 Imports: 1 Imported by: 0

README

Leviathan

A workflow engine for offensive security testing, inspired by Osmedeus.

Leviathan allows you to define reusable security workflows and modules as YAML files, then execute them against targets with concurrent processing.

Disclaimer: This tool is intended for authorized security testing only. Use it exclusively in environments where you have explicit written permission to perform security assessments (penetration tests, bug bounty programs, CTF challenges, personal labs, etc.). Unauthorized use against systems you do not own or have permission to test is illegal and unethical.

Installation

go install github.com/Ether-Security/leviathan@latest
From source
git clone https://github.com/Ether-Security/leviathan.git
cd leviathan
go build -o leviathan
Docker
docker build -t leviathan .
docker run --rm leviathan scan -f <workflow> -t <target>

Usage

Execute a workflow
leviathan scan -f <workflow> -t <target>
Multiple targets
leviathan scan -f <workflow> -t target1 -t target2

Or via stdin:

cat targets.txt | leviathan scan -f <workflow>
Options
Flag Description
-f, --flow Workflow name to run (default: sample)
-t, --targets Target(s) to use as input
-w, --workspace Force a custom workspace directory
-p, --params Custom parameters (-p 'key=value', repeatable)
-T, --threads Number of concurrent jobs (default: 1)
--no-clean Keep intermediate files after execution
--resume Resume a previous scan (skip modules with existing reports)
-d, --debug Enable debug logging
-q, --quiet Suppress log output
--log Directory for log files (default: /tmp/lvt-log)

Setting up a test environment

To validate your workflows before running them against real targets, you can set up a local test lab:

Local targets with Docker

Use intentionally vulnerable applications as targets:

# DVWA
docker run --rm -d -p 8080:80 vulnerables/web-dvwa

# Juice Shop
docker run --rm -d -p 3000:3000 bkimminich/juice-shop

# Metasploitable (requires a VM, not Docker)

Then run your workflow against them:

leviathan scan -f web-recon -t http://localhost:8080
Isolated network

For network-level workflows (port scanning, service enumeration), create an isolated Docker network:

docker network create --subnet=172.18.0.0/24 labnet
docker run --rm -d --net labnet --ip 172.18.0.10 vulnerables/web-dvwa
leviathan scan -f network-scan -t 172.18.0.0/24
Dry-testing workflows

Use --no-clean and --resume to iterate on workflows without re-running completed modules:

# First run — keep all intermediate files
leviathan scan -f my-workflow -t <target> --no-clean

# Fix a module, then resume without re-running completed steps
leviathan scan -f my-workflow -t <target> --resume

Enable debug logging to trace exactly what commands and scripts are executed:

leviathan scan -f my-workflow -t <target> -d

Configuration

Default config file: ~/.config/leviathan/config.yaml

The config defines paths for:

  • workspaces — per-target output directories
  • workflows — YAML workflow definitions
  • modules — YAML module definitions
  • binaries — additional binaries added to PATH during execution

License

GPL-3.0

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
dsl

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.