Keep up-to-date on our blog at https://www.bc-security.org/blog
Empire
The beta release of Empire 3.0 is available on the dev branch
Empire 3.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016. BC-Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) and JA3/S signatures at DEF CON 27.
Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we've interacted with heavily here and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to improperly cite existing or prior work, please let us know.
Empire is developed by @harmj0y, @sixdub, @enigma0x3, @rvrsh3ll, @killswitch_gui, @xorrior, and @bcsecurity1. While the main fork for Empire is no longer maintained, this fork is maintained by BC-Security and will continue to receive periodic updates.
Release Notes
With the release of the 3.0 beta, there are some major upgrades to Empire. Many of these have lingered on various branches of the Empire project and have finally been consolidated, as well as, there being several new updates. The biggest change to mention is the conversion of the Empire base code from Python 2.7 to Python 2.7/3.x compatible. This will ensure that Empire continues to function as Kali drops Python 2.7 support. The conversion also causes some issues in the way that bytes and strings are handled which will likely cause some unfound errors.
We have tested the core http listeners (http, http_hop, http_mapi, redirector) and confirmed that they work in both Python 2.7 and 3.x. We have also tested the Mimikatz modules and several of the launchers. There are still many modules that need to be tested, hence the beta release.
In addition to the code conversion, there are some minor UI updates, a few new modules, and new functionality. The full list of changes can be reviewed in the changelog.
Install
To install and run:
git clone https://github.com/BC-SECURITY/Empire.git --branch dev
cd Empire
sudo ./setup/install.sh
There's also a quickstart here and full documentation here.
Quickstart
Check out the Empire wiki for instructions on getting started with Empire.
To Do List
- Port code to work with Python 3
- Invoke-SocksProxy
- Function name randomization
- JA3/S signature randomization
- Multi-menu function calls
- Function name aliasing
- Update to Mimikatz 2.2.0
Contribution Rules
Contributions are more than welcome! The more people who contribute to the project the better Empire will be for everyone. Below are a few guidelines for submitting contributions.
- Beginning with version 3.0, we will require that all updates be both Python 2.x/3.x compatible.
- Submit pull requests to the dev branch. After testing, changes will be merged to master.
- Depending on what you're working on, base your module on ./lib/modules/powershell_template.py or ./lib/modules/python_template.py. Note that for some modules you may need to massage the output to get it into a nicely displayable text format with Out-String.
- Cite previous work in the 'Comments' module section.
- If your script.ps1 logic is large, may be reused by multiple modules, or is updated often, consider implementing the logic in the appropriate data/module_source/* directory and pulling the script contents into the module on tasking.
- Use approved PowerShell verbs for any functions.
- PowerShell Version 2 compatibility is STRONGLY preferred.
- TEST YOUR MODULE! Be sure to run it from an Empire agent and test both Python 2.x/3.x functionality before submitting a pull to ensure everything is working correctly.
- For additional guidelines for your PowerShell code itself, check out the PowerSploit style guide.
Commit History @kali/3.0_git20191203-0kali2
- Update debian/changelog Sophie Brun 4 years ago
- Add a patch to use Python 3 everywhere Sophie Brun 4 years ago
- Change database location: in user dir, not in powershell-empire dir Sophie Brun 4 years ago
- Refresh patches Sophie Brun 4 years ago
- Prepare for release Sophie Brun 4 years ago
- Refresh patches Sophie Brun 4 years ago
- Change Upstream homepage Sophie Brun 4 years ago
- Switch to Python 3 Sophie Brun 4 years ago
- Update upstream source from tag 'upstream/3.0_git20191203' Sophie Brun 4 years ago
- New upstream version 3.0~git20191203 Sophie Brun 4 years ago