Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.

Why PowerShell?

PowerShell offers a multitude of offensive advantages, including full .NET access, application whitelisting, direct access to the Win32 API, the ability to assemble malicious binaries in memory, and a default installation on Windows 7+. Offensive PowerShell had a watershed year in 2014, but despite the multitude of useful projects, many pentesters still struggle to integrate PowerShell into their engagements in a secure manner.

Why Choose PowerShell

A Wealth of Modules

Empire aims to solve this weaponization problem by bringing offensive PowerShell to the pentesting community. Existing modules cover everything from Mimikatz, to token manipulation, key logging, screenshots, lateral movement, network situational awareness, and more.

Documentation

Rapid Development

Because the core Empire agent allows for easy extensibility through a modular structure, developing additional capabilities is extremely fast and simple. If you can write functionality in PowerShell, you can build an Empire module quickly and easily.

Module Development

Interested?

Get Empire