Plugins

Plugins are an extension of Empire that allow for custom scripts to be loaded. This allows anyone to easily build or add community projects to extend Empire functionality. Plugins can be accessed from the Empire CLI or the API as long as the plugin follows the template example. A list of Empire Plugins is located here.
Empire Plugins
Plugin Name
Description
Preview
Authors
Sponsor Plugin
​Socks Proxy Server​
Self-contained server for Invoke-SocksProxy.
​​
​​
@Cx01N, @mjokic
​
​Chisel Server​
Runs chisels from the Empire CLI.
​​
​​
@kevin
​
​AMSI Fail​
The AMSI Fail Plugin calls the AMSI.fail API to generate and add a fresh AMSI Bypass to the Empire database.
​​
​​
@Vinnybod
X
​MITRE ATT&CK​
The ATT&CK plugin assists in better threat emulation in Empire by leveraging the MITRE ATT&CK Framework for report generation and module management.
​​
​​
@Cx01N
X
​Advanced Reports​
Creates customizable PDF reports (Empire Report, Module Report, Master Log, Sessions, Credentials)
​​
​​
@Cx01N
X
​EternalBlue-Plugin​
EternalBlue-Plugin uses the EternalBlue exploit (CVE-17-010) to perform remote code execution on SMB.
​​
​​
@Cx01N
X
​Nmap-Plugin​
Nmap-Plugin gives a way to interface directly from Empire to Nmap and send commands through Python3-Nmap.
​​
​​
@Cx01N
X
​Twilio-Plugin​
The Twilio Plugin is meant to show the possibilities of the Hooks feature implemented in Empire 4.1. It sends a text message every time an agent connects.
​
@Vinnybod
​
​denylist-plugin​
The purpose of this plugin is to block certain IP addresses from connecting to the server. It is to showcase the event-driven nature of the hook system.
​
@Vinnybod
​
​

Plugin Name	Description	Authors	Sponsor Plugin
Socks Proxy Server	Self-contained server for Invoke-SocksProxy.	@Cx01N, @mjokic
Chisel Server	Runs chisels from the Empire CLI.	@kevin
AMSI Fail	The AMSI Fail Plugin calls the AMSI.fail API to generate and add a fresh AMSI Bypass to the Empire database.	@Vinnybod	X
MITRE ATT&CK	The ATT&CK plugin assists in better threat emulation in Empire by leveraging the MITRE ATT&CK Framework for report generation and module management.	@Cx01N	X
Advanced Reports	Creates customizable PDF reports (Empire Report, Module Report, Master Log, Sessions, Credentials)	@Cx01N	X
EternalBlue-Plugin	EternalBlue-Plugin uses the EternalBlue exploit (CVE-17-010) to perform remote code execution on SMB.	@Cx01N	X
Nmap-Plugin	Nmap-Plugin gives a way to interface directly from Empire to Nmap and send commands through Python3-Nmap.	@Cx01N	X
Twilio-Plugin	The Twilio Plugin is meant to show the possibilities of the Hooks feature implemented in Empire 4.1. It sends a text message every time an agent connects.	@Vinnybod
denylist-plugin	The purpose of this plugin is to block certain IP addresses from connecting to the server. It is to showcase the event-driven nature of the hook system.	@Vinnybod

Introduction

Hooks and Filters

Last modified 9mo ago