Stager Templates
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
GET /api/v2/stager-templates HTTP/1.1
Accept: */*
{
"records": [
{
"authors": [
"@harmj0y"
],
"comments": [
""
],
"description": "Generates a one-liner stage0 launcher for Empire.",
"id": "multi_launcher",
"name": "Launcher",
"options": {
"Base64": {
"depends_on:": [],
"description": "Switch. Base64 encode the output.",
"internal": false,
"required": true,
"strict": true,
"suggested_values": [
"True",
"False"
],
"value": "True"
},
"Bypasses": {
"depends_on:": [],
"description": "Bypasses as a space separated list to be prepended to the launcher",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Language": {
"depends_on:": [],
"description": "Language of the stager to generate.",
"internal": false,
"required": true,
"strict": true,
"suggested_values": [
"powershell",
"python"
],
"value": "powershell"
},
"Listener": {
"depends_on:": [],
"description": "Listener to generate stager for.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": ""
},
"Obfuscate": {
"depends_on:": [],
"description": "Switch. Obfuscate the launcher powershell code, uses the ObfuscateCommand for obfuscation types. For powershell only.",
"internal": false,
"required": false,
"strict": true,
"suggested_values": [
"True",
"False"
],
"value": "False"
},
"ObfuscateCommand": {
"depends_on:": [],
"description": "The Invoke-Obfuscation command to use. Only used if Obfuscate switch is True. For powershell only.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "Token\\All\\1"
},
"OutFile": {
"depends_on:": [],
"description": "Filename that should be used for the generated output.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Proxy": {
"depends_on:": [],
"description": "Proxy to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"ProxyCreds": {
"depends_on:": [],
"description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"SafeChecks": {
"depends_on:": [],
"description": "Switch. Checks for LittleSnitch or a SandBox, exit the staging process if True. Defaults to True.",
"internal": false,
"required": true,
"strict": true,
"suggested_values": [
"True",
"False"
],
"value": "True"
},
"StagerRetries": {
"depends_on:": [],
"description": "Times for the stager to retry connecting.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "0"
},
"UserAgent": {
"depends_on:": [],
"description": "User-agent string to use for the staging request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
}
}
}
]
}GET /api/v2/stager-templates/{uid} HTTP/1.1
Accept: */*
{
"authors": [
"@harmj0y"
],
"comments": [
""
],
"description": "Generates a one-liner stage0 launcher for Empire.",
"id": "multi_launcher",
"name": "Launcher",
"options": {
"Base64": {
"depends_on:": [],
"description": "Switch. Base64 encode the output.",
"internal": false,
"required": true,
"strict": true,
"suggested_values": [
"True",
"False"
],
"value": "True"
},
"Bypasses": {
"depends_on:": [],
"description": "Bypasses as a space separated list to be prepended to the launcher",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Language": {
"depends_on:": [],
"description": "Language of the stager to generate.",
"internal": false,
"required": true,
"strict": true,
"suggested_values": [
"powershell",
"python"
],
"value": "powershell"
},
"Listener": {
"depends_on:": [],
"description": "Listener to generate stager for.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": ""
},
"Obfuscate": {
"depends_on:": [],
"description": "Switch. Obfuscate the launcher powershell code, uses the ObfuscateCommand for obfuscation types. For powershell only.",
"internal": false,
"required": false,
"strict": true,
"suggested_values": [
"True",
"False"
],
"value": "False"
},
"ObfuscateCommand": {
"depends_on:": [],
"description": "The Invoke-Obfuscation command to use. Only used if Obfuscate switch is True. For powershell only.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "Token\\All\\1"
},
"OutFile": {
"depends_on:": [],
"description": "Filename that should be used for the generated output.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Proxy": {
"depends_on:": [],
"description": "Proxy to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"ProxyCreds": {
"depends_on:": [],
"description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"SafeChecks": {
"depends_on:": [],
"description": "Switch. Checks for LittleSnitch or a SandBox, exit the staging process if True. Defaults to True.",
"internal": false,
"required": true,
"strict": true,
"suggested_values": [
"True",
"False"
],
"value": "True"
},
"StagerRetries": {
"depends_on:": [],
"description": "Times for the stager to retry connecting.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "0"
},
"UserAgent": {
"depends_on:": [],
"description": "User-agent string to use for the staging request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
}
}
}