As of Empire 4.0, the RESTful API is the only method for interacting with server and allows for scripting and controlling Empire through HTTP JSON requests. This new method allows for multiple users to interact with the server without a new streamlined client. This API and documentation are based on the BeEF Project. All credit to @antisnatchor and the entire BeEF community for the great examples to draw on.
The server can be launched by running ./ps-empire server and can be connected to with the built-in client or Starkiller. By default, the RESTful API is started on port 1337, over HTTPS using the certificate located at .empire/server/data/empire.pem, which can be generated with ./setup/ or the default install script. The port can be changed by supplying --restport <PORT_NUM> on launch.
The default username for the API is 'empireadmin' and the default password is 'password123'. You can also manually specify the username and password for the server with --username admin --password 'Password123!'.

API Authentication

The Empire API uses a simple token-based auth system similar to BeEF's. In order to make any requests to the API, a ?token=X parameter must be supplied, otherwise a 403 error is returned.
The token is randomly generated on rest API start up and displayed on the command line:
# ./ps-empire server
[*] Loading default config
[*] Loading stagers from: /home/kali/Empire-Sponsors/empire/server/stagers/
[*] Loading modules from: /home/kali/Empire-Sponsors/empire/server/modules/
[*] Loading listeners from: /home/kali/Empire-Sponsors/empire/server/listeners/
[*] Starting listener 'http'
[+] Listener successfully started!
[*] Loading malleable profiles from: /home/kali/Empire-Sponsors/empire/server/data/profiles
[*] Loading listeners from: /home/kali/Empire-Sponsors/empire/server/plugins
[*] Plugin csharpserver found.
[*] Initializing plugin...
[*] Doing custom initialization...
[*] Loading Empire CSharp server plugin
[*] Registering plugin with menu...
[*] Empire starting up...
[*] Starting Empire RESTful API on
[*] Starting Empire SocketIO on
[*] Testing APIs
[+] empireadmin connected to socketio
[+] Empire RESTful API successfully started
[+] test-aese connected to socketio
[+] Empire SocketIO successfully started
[*] Cleaning up test user
[+] Client disconnected from socketio
To retrieve the session token through the login interface, you can POST a request to /api/admin/login. Here's an example with curl:
# curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/admin/login -X POST -d '{"username":"empireadmin", "password":"Password123!"}'
HTTP/1.0 200 OK
Content-Type: application/json
Content-Length: 57
Server: Werkzeug/0.11.4
Date: Thu, 31 Mar 2016 23:38:59 GMT
"token": "ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5"

Version Information


  • Handler : GET /api/version
  • Description : Returns the current Empire version.
  • No parameters


curl --insecure -i https://localhost:1337/api/version?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
"version": "1.5.0"

Map Information


  • Handler : GET /api/map
  • Description : Returns list of all API routes.
  • No parameters


curl --insecure -i https://localhost:1337/api/map?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5

Configuration Information


  • Handler : GET /api/config
  • Description : Returns the current Empire configuration.
  • No parameters


curl --insecure -i https://localhost:1337/api/config?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
"config": [
"api_password": "C3>Jl...",
"api_username": "empireadmin",
"autorun_command": "",
"autorun_data": "",
"current_api_token": "ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5",
"default_cert_path": "",
"default_delay": 5,
"default_jitter": 0.0,
"default_lost_limit": 60,
"default_port": "8080",
"default_profile": "/admin/get.php,/news.asp,/login/process.jsp|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"install_path": "/home/user/Empire/",
"ip_blacklist": "",
"ip_whitelist": "",
"permanent_api_token": "gi5afo3umac6...",
"server_version": "Microsoft-IIS/7.5",
"stage0_uri": "index.asp",
"stage1_uri": "index.jsp",
"stage2_uri": "index.php",
"staging_key": "[email protected]%L?VH...",
"version": "1.5.0"