ENNAENNA

Empire

BSD-3-Clause

๐Ÿ”ฅ Offensive Ops ยท Python

Empire is a post-exploitation and adversary emulation framework maintained by BC-Security. It provides PowerShell, Python, and C# agents (called stagers) with cryptologically-secure communications and a flexible architecture. Empire includes hundreds of post-exploitation modules for privilege escalation, credential harvesting, lateral movement, persistence, and situational awareness across Windows, Linux, and macOS. The framework features a RESTful API, collaborative multi-operator support via Starkiller GUI, and malleable C2 profiles for traffic blending. It maps operations to MITRE ATT&CK for adversary emulation reporting.

5.1kstars
678forks
40issues
Updated 8d ago
+I use this
View on GitHubOfficial Website

Installation

$ git clone https://github.com/BC-SECURITY/Empire.git && cd Empire && ./setup/install.sh

Use Cases

  • Red team post-exploitation and lateral movement
  • Adversary emulation mapped to MITRE ATT&CK
  • Multi-platform agent deployment and management
  • Credential harvesting and privilege escalation

Tags

c2post-exploitationadversary-emulationpowershelllateral-movementmitre-attackempirehacktoberfestredteam-infrastructure

Details

Category
๐Ÿ”ฅ Offensive Ops
Language
Python
License
BSD-3-Clause
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/BC-SECURITY/Empire

Official Website

bc-security.org

Releases

github.com/BC-SECURITY/Empire/releases

Issues

github.com/BC-SECURITY/Empire/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Covenant

C#

.NET C2 framework. Collaborative, web-based interface for red team operations and implant management.

Compare Empire vs Covenant

Sliver

Go

Open-source C2 framework by BishopFox. mTLS, HTTP(S), DNS, WireGuard implants with multi-operator support.

Compare Empire vs Sliver

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

Compare Empire vs Mythic

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

Compare Empire vs Havoc

Starkiller

JavaScript

Frontend GUI for PowerShell Empire - manage listeners, agents, and modules through a modern Electron interface.

Compare Empire vs Starkiller

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound