Logging and Downloads

Empire has fairly robust logging built in. To trigger debug loggin, which contains information on each tasking/etc., use the –debug flag when launching. This will output debug information to empire.debug.

Each agent also has an agent.log file contained in ./downloads/agent.log. This contains each tasking sent to the agent, as well as the returned results (all time-stamped). Files uploaded will also store the md5 and original localpath of the file.

empire_agent_log

Downloads also store any downloaded files, or files stored by modules (like screenshots). For downloaded files, the host file location will attempted to be broken out (i.e. C:\temp\blah) in the stored folder structure:

empire_file_download