Legion: an AWS Credential Harvester and SMTP Hijacker Cado Labs researchers recently encountered an emerging Python-based credential harvester and hacktool, named Legion, aimed at exploiting various services for the purpose of email abuse. The tool is sold via the Telegram messenger, and includes modules dedicated to: — enumerating vulnerable SMTP servers, — conducting Remote Code Execution (RCE), — exploiting vulnerable versions of Apache, — brute-forcing cPanel and WebHost Manager (WHM) accounts, — interacting with Shodan’s API to retrieve a target list (providing you supply an API key) and — additional utilities, many of which involve abusing AWS services — www.cadosecurity.com/legion-…hijacker