Convert Figma logo to code with AI

BC-SECURITY logoEmpire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

4,168
570
4,168
60
View on GitHub

Top Related Projects

EmpireProject's avatar

Empire

7,394

Empire is a PowerShell and Python post-exploitation agent.

byt3bl33d3r's avatar

CrackMapExec

8,349

A swiss army knife for pentesting networks

cobbr's avatar

Covenant

4,137

Covenant is a collaborative .NET C2 framework for red teamers.

Ne0nd0g's avatar

merlin

5,026

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

rapid7's avatar

metasploit-framework

33,737

Metasploit Framework

Quick Overview

Empire is an open-source post-exploitation framework designed for red team operations and penetration testing. It provides a powerful set of tools for maintaining persistence, elevating privileges, and exfiltrating data on compromised systems, with a focus on Windows environments.

Pros

  • Extensive collection of modules for various post-exploitation tasks
  • Active development and community support
  • Supports both PowerShell and Python-based agents
  • Integrates well with other popular security tools

Cons

  • Steep learning curve for beginners
  • Can be detected by some antivirus solutions if not properly obfuscated
  • Requires careful handling to avoid unintended damage to target systems
  • Some modules may become outdated as operating systems and security measures evolve

Getting Started

To get started with Empire:

  1. Clone the repository:

    git clone https://github.com/BC-SECURITY/Empire.git

  2. Install dependencies:

    cd Empire
sudo ./setup/install.sh

  3. Start the Empire server:

    sudo ./empire

  4. In the Empire console, generate a listener:

    listeners
uselistener http
set Name http_listener
execute

  5. Generate a stager:

    usestager windows/launcher_bat
set Listener http_listener
execute

  6. Use the generated stager on a target system to establish a connection.

Remember to use Empire responsibly and only on systems you have permission to test.

Competitor Comparisons

EmpireProject logo

Empire

7,394

Empire is a PowerShell and Python post-exploitation agent.

Pros of Empire

  • Original, well-established project with a longer history
  • Larger community and more contributors
  • More comprehensive documentation and resources

Cons of Empire

  • Less frequent updates and maintenance
  • Potentially outdated features and compatibility issues
  • Limited support for newer operating systems and environments

Code Comparison

Empire:

def get_launcher(self, launcher):
    if launcher.lower() == 'powershell':
        return self.mainMenu.stagers.generate_launcher(self.mainMenu.listeners.activeListeners[self.options['Listener']][1], language='powershell', encode=False)
    else:
        print helpers.color("[!] Unknown launcher")
        return None

BC-SECURITY/Empire:

def get_launcher(self, launcher):
    if launcher.lower() == 'powershell':
        return self.mainMenu.stagers.generate_launcher(self.mainMenu.listeners.activeListeners[self.options['Listener']][1], language='powershell', encode=False)
    elif launcher.lower() == 'python':
        return self.mainMenu.stagers.generate_launcher(self.mainMenu.listeners.activeListeners[self.options['Listener']][1], language='python', encode=False)
    else:
        print(helpers.color("[!] Unknown launcher"))
        return None

The BC-SECURITY/Empire version includes support for Python launchers, demonstrating its expanded functionality and ongoing development compared to the original Empire project.

byt3bl33d3r logo

CrackMapExec

8,349

A swiss army knife for pentesting networks

Pros of CrackMapExec

  • More focused on network enumeration and lateral movement
  • Lightweight and faster execution for specific tasks
  • Better suited for quick reconnaissance and credential harvesting

Cons of CrackMapExec

  • Less extensive post-exploitation capabilities
  • Limited scripting and module development options
  • Narrower range of supported protocols and attack vectors

Code Comparison

Empire:

def generate_launcher_powershell():
    launcher = "$ErrorActionPreference = 'SilentlyContinue';"
    launcher += "$e=([string]$s).ToCharArray();"
    launcher += "$s=([Convert]::FromBase64String($e));"
    launcher += "IEX ([System.Text.Encoding]::UTF8.GetString($s));"

CrackMapExec:

def gen_relay_list(self):
    relay_list = []
    for host in self.hosts:
        for protocol in self.args.protocol:
            if protocol in host.protocols:
                relay_list.append('{}://{}'.format(protocol, host.address))

The code snippets demonstrate the different focus areas of the two tools. Empire's code is geared towards payload generation and execution, while CrackMapExec's code is more focused on network enumeration and protocol-specific operations.

cobbr logo

Covenant

4,137

Covenant is a collaborative .NET C2 framework for red teamers.

Pros of Covenant

  • Built on .NET Core, offering cross-platform compatibility
  • Modern, user-friendly web interface for easier management
  • Supports multi-user collaboration out of the box

Cons of Covenant

  • Smaller community and less extensive documentation compared to Empire
  • Fewer available modules and less flexibility in customization
  • Still in active development, potentially less stable than Empire

Code Comparison

Empire (PowerShell):

$proc = Start-Process -FilePath "cmd.exe" -ArgumentList "/c whoami" -WindowStyle Hidden -PassThru
$output = $proc.StandardOutput.ReadToEnd()

Covenant (C#):

var process = new Process();
process.StartInfo.FileName = "cmd.exe";
process.StartInfo.Arguments = "/c whoami";
process.StartInfo.UseShellExecute = false;
process.StartInfo.RedirectStandardOutput = true;
var output = process.StandardOutput.ReadToEnd();

Both Empire and Covenant are powerful post-exploitation frameworks, but they cater to different needs. Empire has a larger community and more extensive features, while Covenant offers a modern interface and cross-platform compatibility. The choice between them depends on specific requirements and preferences in red team operations.

Ne0nd0g logo

merlin

5,026

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Pros of Merlin

  • Written in Go, offering cross-platform compatibility and easier deployment
  • Supports multiple C2 communication protocols (HTTP/1.1, HTTP/2, HTTP/3)
  • Utilizes protocol buffers for efficient data serialization

Cons of Merlin

  • Smaller community and less extensive documentation compared to Empire
  • Fewer built-in modules and post-exploitation capabilities
  • Less mature project with potentially fewer features and integrations

Code Comparison

Empire (PowerShell):

$Listener = Start-Listener -Name "HTTP" -Port 80
$Stager = Get-StagerCode -Listener $Listener
Invoke-Expression $Stager

Merlin (Go):

server, _ := servers.NewHTTP2(":443")
agent := agents.NewAgent()
server.AddAgent(agent)
go server.Run()

Both projects aim to provide post-exploitation frameworks, but they differ in implementation languages and specific features. Empire focuses on PowerShell-based operations, while Merlin is designed for cross-platform use with Go. Empire has a larger community and more extensive documentation, whereas Merlin offers modern communication protocols and efficient data serialization. The choice between them depends on specific requirements and target environments.

rapid7 logo

metasploit-framework

33,737

Metasploit Framework

Pros of Metasploit Framework

  • Larger community and more extensive module library
  • Better documentation and support resources
  • More frequent updates and active development

Cons of Metasploit Framework

  • Steeper learning curve for beginners
  • Larger footprint and potentially slower execution
  • More likely to be detected by antivirus software

Code Comparison

Empire:

def generate_launcher_powershell(listener_name, encode=True, obfuscate=False):
    # Empire-specific launcher generation code
    launcher = "powershell.exe -NoP -sta -NonI -W Hidden -Enc " + encoded_launcher
    return launcher

Metasploit Framework:

def generate_payload(platform, arch, payload, format, options)
  # Metasploit-specific payload generation code
  Rex::Text.encode_base64(payload.generate_simple(options))
end

Both frameworks offer powerful post-exploitation capabilities, but Empire focuses on PowerShell-based attacks, while Metasploit provides a broader range of exploitation techniques across multiple platforms. Empire's code tends to be more PowerShell-centric, whereas Metasploit uses Ruby and supports various payload types. Metasploit's larger community and extensive module library make it more versatile, but Empire's PowerShell focus can be advantageous in Windows environments.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Empire Donate Docs Discord Blog Twitter URL Twitter URL YouTube URL LinkedIn

Empire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.

Features

  • Server/Client Architecture for Multiplayer Support
  • Supports GUI & CLI Clients
  • Fully encrypted communications
  • HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP Listeners
  • Massive library (400+) of supported tools in PowerShell, C#, & Python
  • Donut Integration for shellcode generation
  • Modular plugin interface for custom server features
  • Flexible module interface for adding new tools
  • Integrated obfuscation using ConfuserEx 2 & Invoke-Obfuscation
  • In-memory .NET assembly execution
  • Customizable Bypasses
  • JA3/S and JARM Evasion
  • MITRE ATT&CK Integration
  • Integrated Roslyn compiler (Thanks to Covenant)
  • Docker, Kali, ParrotOS, Ubuntu 20.04/22.04, and Debian 10/11/12 Install Support

Agents

  • PowerShell
  • Python 3
  • C#
  • IronPython 3

Modules

Sponsors

Release Notes

Please see our Releases or Changelog page for detailed release notes.

Quickstart

When cloning this repository, you will need to recurse submodules.

git clone --recursive https://github.com/BC-SECURITY/Empire.git

Check out the Installation Page for install instructions.

Note: The main branch is a reflection of the latest changes and may not always be stable. After cloning the repo, you can checkout the latest stable release by running the setup/checkout-latest-tag.sh script.

git clone --recursive https://github.com/BC-SECURITY/Empire.git
cd Empire
./setup/checkout-latest-tag.sh
./ps-empire install -y

If you are using the sponsors version of Empire, it will pull the sponsors version of Starkiller. Because these are private repositories, you need to have ssh credentials configured for GitHub. Instructions can be found here.

Server

# Start Server
./ps-empire server

# Help
./ps-empire server -h

Client

# Start Client
./ps-empire client

# Help
./ps-empire client -h

Check out the Empire Docs for more instructions on installing and using with Empire. For a complete list of changes, see the changelog.

Starkiller

Starkiller is a web application GUI for PowerShell Empire that interfaces remotely with Empire via its API. Starkiller can be ran as a replacement for the Empire client or in a mixed environment with Starkiller and Empire clients. As of 5.0, Starkiller is packaged in Empire as a git submodule and doesn't require any additional setup.

Contribution Rules

See Contributing

Contributors

A special thanks to the following contributors for their help with Empire:

@harmj0y @sixdub @enigma0x3 @rvrsh3ll @killswitch_gui @xorrior @Cx01N @Hubbl3 @Vinnybod

Official Discord Channel

Join us in our Discord with any comments, questions, concerns, or problems!