EN
ENNA

Empire

FeaturedBSD-3-Clause

⚖️ Dual Use · Python

Empire is a post-exploitation and adversary emulation framework that uses PowerShell (Windows) and Python (Linux/macOS) agents. It features cryptologically-secure communications, a flexible architecture, and a wide range of post-exploitation modules. Empire was originally developed by BC Security and has been used extensively in both red team operations and real-world attacks. It supports credential harvesting, lateral movement, persistence, privilege escalation, and data exfiltration.

5.1kstars
678forks
43issues
Updated 1mo ago
View on GitHubOfficial WebsiteDocumentation

Use Cases

  • Post-exploitation framework for red team engagements
  • PowerShell-based credential harvesting
  • Lateral movement through Windows environments
  • Persistence mechanism deployment
  • Adversary emulation exercises

Tags

c2post-exploitationpowershellpython-agentred-teamempirehacktoberfestredteam-infrastructure

Details

Category
⚖️ Dual Use
Language
Python
License
BSD-3-Clause
Platforms
🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/BC-SECURITY/Empire

Official Website

bc-security.gitbook.io/empire-wiki

Documentation

bc-security.gitbook.io/empire-wiki

Releases

github.com/BC-SECURITY/Empire/releases

Issues

github.com/BC-SECURITY/Empire/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

Metasploit Framework

Ruby

The world's most used penetration testing framework. Exploit development, payload delivery, post-exploitation.

Compare Empire vs Metasploit Framework

Sliver

Go

Open-source C2 framework by BishopFox. mTLS, HTTP(S), DNS, WireGuard implants with multi-operator support.

Compare Empire vs Sliver

PowerSploit

PowerShell

Collection of PowerShell post-exploitation modules. Credential theft, privilege escalation, persistence, exfiltration.

Compare Empire vs PowerSploit

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

Compare Empire vs Mythic

More in Dual Use

ProxyChains-ng

C

Force any TCP connection through SOCKS4/5 or HTTP proxies. Chain multiple proxies for anonymity.

proxysockspivoting

Socat

C

Multipurpose relay tool. Bidirectional data transfer between two data channels - sockets, files, pipes, devices.

relaysockettunneling

ngrok

Go

Expose local servers to the internet via secure tunnels. Instant public URLs for localhost services.

tunnelingreverse-proxynat-bypass

Rclone

Go

rsync for cloud storage. Sync, copy, and mount 70+ cloud providers. Command-line Swiss army knife for cloud data.

cloud-storagesyncexfiltration

GTFOBins

Shell

Curated list of Unix binaries that can be used to bypass security restrictions. Living off the land, documented.

lolbinsprivescshell-escape

LOLBAS

Shell

Living Off The Land Binaries, Scripts and Libraries for Windows. Documenting every Windows binary with offensive potential.

lolbinswindowsevasion