Plugins

Plugins are an extension of Empire that allow for custom scripts to be loaded. This allows anyone to build or add community projects to extend Empire functionality. Plugins can be accessed from the Empire client or the API as long as the plugin follows the template example. A list of Empire Plugins is located here.

Empire Plugins

Plugin Name	Description	Authors	Sponsor Plugin
Socks Proxy Server	Self-contained server for Invoke-SocksProxy.	@Cx01N, @mjokic
Chisel Server	Runs chisels from the Empire CLI.	@kevin
AMSI Fail	The AMSI Fail Plugin calls the AMSI.fail API to generate and add a fresh AMSI Bypass to the Empire database.	@Vinnybod	X
MITRE ATT&CK	The ATT&CK plugin assists in better threat emulation in Empire by leveraging the MITRE ATT&CK Framework for report generation and module management.	@Cx01N	X
Advanced Reports	Creates customizable PDF reports (Empire Report, Module Report, Master Log, Sessions, Credentials)	@Cx01N	X
EternalBlue-Plugin	EternalBlue-Plugin uses the EternalBlue exploit (CVE-17-010) to perform remote code execution on SMB.	@Cx01N	X
Nmap-Plugin	Nmap-Plugin gives a way to interface directly from Empire to Nmap and send commands through Python3-Nmap.	@Cx01N	X
Twilio-Plugin	The Twilio Plugin is meant to show the possibilities of the Hooks feature implemented in Empire 4.1. It sends a text message every time an agent connects.	@Vinnybod
denylist-plugin	The purpose of this plugin is to block certain IP addresses from connecting to the server. It is to showcase the event-driven nature of the hook system.	@Vinnybod

Plugin Name

Description

Preview

Authors

Sponsor Plugin

Socks Proxy Server

Self-contained server for Invoke-SocksProxy.

@Cx01N, @mjokic

Chisel Server

Runs chisels from the Empire CLI.

@kevin

AMSI Fail

The AMSI Fail Plugin calls the AMSI.fail API to generate and add a fresh AMSI Bypass to the Empire database.

@Vinnybod

MITRE ATT&CK

The ATT&CK plugin assists in better threat emulation in Empire by leveraging the MITRE ATT&CK Framework for report generation and module management.

@Cx01N

Advanced Reports

Creates customizable PDF reports (Empire Report, Module Report, Master Log, Sessions, Credentials)

@Cx01N

EternalBlue-Plugin

EternalBlue-Plugin uses the EternalBlue exploit (CVE-17-010) to perform remote code execution on SMB.

@Cx01N

Nmap-Plugin

Nmap-Plugin gives a way to interface directly from Empire to Nmap and send commands through Python3-Nmap.

@Cx01N

Twilio-Plugin

The Twilio Plugin is meant to show the possibilities of the Hooks feature implemented in Empire 4.1. It sends a text message every time an agent connects.

@Vinnybod

denylist-plugin

The purpose of this plugin is to block certain IP addresses from connecting to the server. It is to showcase the event-driven nature of the hook system.

@Vinnybod

PreviousAgent Taskings NextGetting Started

Last updated 9 months ago