Agents

Get Current Agents
Handler
Handler: GET /api/agents
Description: Returns all current Empire agents.
Parameters: None
Example
Request:
curl --insecure -i https://localhost:1337/api/agents?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
  "agents": [
    {
      "ID": 1,
      "checkin_time": "2016-03-31 17:36:34",
      "children": null,
      "delay": 5,
      "external_ip": "192.168.52.200",
      "functions": null,
      "headers": "",
      "high_integrity": 0,
      "hostname": "WINDOWS1",
      "internal_ip": "192.168.52.200",
      "jitter": 0.0,
      "kill_date": "",
      "lastseen_time": "2016-03-31 17:38:55",
      "listener": "http://192.168.52.172:8080/",
      "lost_limit": 60,
      "name": "3GHZPWEGADMT2KPA",
      "old_uris": null,
      "os_details": "Microsoft Windows 7 Professional ",
      "parent": null,
      "process_id": "1636",
      "process_name": "powershell",
      "ps_version": "2",
      "results": "",
      "servers": null,
      "sessionID": "3GHZPWEGADMT2KPA",
      "session_key": "7.+...",
      "taskings": "",
      "uris": "/admin/get.php,/news.asp,/login/process.jsp",
      "user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
      "username": "WINDOWS1\\user",
      "working_hours": ""
    },
    ...
  ]
}
Get Stale Agents
Handler
Handler: GET /api/agents/stale
Description: Returns all 'stale' Empire agents (past checkin window).
Parameters: None
Example
Request:
curl --insecure -i https://localhost:1337/api/agents/stale?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
  "agents": [
    {
      "ID": 1,
      "checkin_time": "2016-03-31 17:36:34",
      "children": null,
      "delay": 5,
      "external_ip": "192.168.52.200",
      "functions": null,
      "headers": "",
      "high_integrity": 0,
      "hostname": "WINDOWS1",
      "internal_ip": "192.168.52.200",
      "jitter": 0.0,
      "kill_date": "",
      "lastseen_time": "2016-03-31 17:38:55",
      "listener": "http://192.168.52.172:8080/",
      "lost_limit": 60,
      "name": "3GHZPWEGADMT2KPA",
      "old_uris": null,
      "os_details": "Microsoft Windows 7 Professional ",
      "parent": null,
      "process_id": "1636",
      "process_name": "powershell",
      "ps_version": "2",
      "results": "",
      "servers": null,
      "sessionID": "3GHZPWEGADMT2KPA",
      "session_key": "7.+...",
      "taskings": "",
      "uris": "/admin/get.php,/news.asp,/login/process.jsp",
      "user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
      "username": "WINDOWS1\\user",
      "working_hours": ""
    },
    ...
  ]
}
Remove Stale Agents
Handler
Handler: DELETE /api/agents/stale
Description: Removes all 'stale' Empire agents (past checkin window).
Parameters: None
Example
Request:
curl --insecure -i https://localhost:1337/api/agents/stale?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
  "success": true
}
Get Agent by Name
Handler
Handler: GET /api/agents/AGENT_NAME
Description: Returns the agent specified by AGENT_NAME.
Parameters: None
Example
Request:
curl --insecure -i https://localhost:1337/api/agents/XMY2H2ZPFWNPGEAP?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
  "agents": [
    {
      "ID": 1,
      "checkin_time": "2016-03-31 20:29:31",
      "children": null,
      "delay": 5,
      "external_ip": "192.168.52.200",
      "functions": null,
      "headers": "",
      "high_integrity": 0,
      "hostname": "WINDOWS1",
      "internal_ip": "192.168.52.200",
      "jitter": 0.0,
      "kill_date": "",
      "lastseen_time": "2016-03-31 20:29:38",
      "listener": "http://192.168.52.173:8080/",
      "lost_limit": 60,
      "name": "XMY2H2ZPFWNPGEAP",
      "old_uris": null,
      "os_details": "Microsoft Windows 7 Professional ",
      "parent": null,
      "process_id": "2600",
      "process_name": "powershell",
      "ps_version": "2",
      "results": null,
      "servers": null,
      "sessionID": "XMY2H2ZPFWNPGEAP",
      "session_key": "+e`x!...",
      "taskings": null,
      "uris": "/admin/get.php,/news.asp,/login/process.jsp",
      "user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
      "username": "WINDOWS1\\user",
      "working_hours": ""
    }
  ]
}
Remove Agent
Handler
Handler: DELETE /api/agents/AGENT_NAME
Description: Removes the agent specified by AGENT_NAME (doesn't kill first).
Parameters: None
Example
Request:
curl --insecure -i https://localhost:1337/api/agents/XMY2H2ZPFWNPGEAP?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
  "success": true
}
Task an Agent to run a Shell Command
Handler
Handler: POST /api/agents/AGENT_NAME/shell
Description: Tasks the agent specified by AGENT_NAME to run the given shell command.
Parameters:
Command: the shell command to task the agent to run (required)
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/shell?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X POST -d '{"command":"whoami"}'
Response:
{
  "success": true
}
Task all Agents to run a Shell Command
Handler
Handler: POST /api/agents/all/shell
Description: Tasks all agents to run the given shell command.
Parameters:
Command: the shell command to task the agents to run (required)
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/shell?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X POST -d '{"command":"pwd"}'
Response:
{
  "success": true
}
Get Agent Results
Handler
Handler: GET /api/agents/AGENT_NAME/results
Description: Retrieves results for the agent specifed by AGENT_NAME.
Parameters: None
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/results?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
  "results": [
    {
      "agentname": "CXPLDTZCKFNT3SLT",
      "results": "WINDOWS1\\user\nPath                                                                           \r\n----                                                                           \r\nC:\\Users\\user
    }
  ]
}r
Delete Agent Results
Handler
Handler: DELETE /api/agents/AGENT_NAME/results
Description: Deletes the result buffer for the agent specifed by AGENT_NAME.
Parameters: None
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/results?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
  "success": true
}
Delete All Agent Results
Handler
Handler: DELETE /api/agents/all/results
Description: Deletes all agent result buffers
Parameters: None
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/results?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
  "success": true
}
Clear Queued Agent Tasking
Handler
Handler: POST/GET /api/agents/AGENT_NAME/clear
Description: Clears the queued taskings for the agent specified by AGENT_NAME.
Parameters: None
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/clear?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
  "success": true
}
Rename an Agent
Handler
Handler: POST/GET /api/agents/AGENT_NAME/rename
Description: Renames the agent specified by AGENT_NAME.
Parameters:
Newname: the name to rename the specified agent to (required)
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/rename?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X POST -d '{"newname":"initial"}'
Response:
{
  "success": true
}
Kill an Agent
Handler
Handler: POST/GET /api/agents/AGENT_NAME/kill
Description: Tasks the agent specified by AGENT_NAME to exit.
Parameters: None
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/kill?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
  "success": true
}
Kill all Agents
Handler
Handler: POST/GET /api/agents/all/kill
Description: Tasks all agents to exit.
Parameters: None
Example
Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/kill?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
  "success": true
}
Stagers
Modules
Last modified 9mo ago
Copy link
On this page
Get Current Agents
Handler
Example
Get Stale Agents
Handler
Example
Remove Stale Agents
Handler
Example
Get Agent by Name
Handler
Example
Remove Agent
Handler
Example
Task an Agent to run a Shell Command
Handler
Example
Task all Agents to run a Shell Command
Handler
Example
Get Agent Results
Handler
Example
Delete Agent Results
Handler
Example
Delete All Agent Results
Handler
Example
Clear Queued Agent Tasking
Handler
Example
Rename an Agent
Handler
Example
Kill an Agent
Handler
Example
Kill all Agents
Handler
Example