Logging and Downloads
Empire has fairly robust logging built in. To trigger debug loggin, which contains information on each tasking/etc., use the –debug flag when launching. This will output debug information to empire.debug.
Each agent also has an agent.log file contained in ./downloads/agent.log. This contains each tasking sent to the agent, as well as the returned results (all time-stamped). Files uploaded will also store the md5 and original localpath of the file.
Downloads also store any downloaded files, or files stored by modules (like screenshots). For downloaded files, the host file location will attempted to be broken out (i.e. C:\temp\blah) in the stored folder structure: