PowerShell Empire

PowerShell Empire is a post-exploitation framework, giving the ability to run PowerShell agents without needing powershell.exe, to use post-exploitation modules ranging from key loggers to Mimikatz, and communications that evade network detection. It comes with the default installation of Kali, and Empire agents have the ability to be launched through other frameworks such as metasploit, as well as the ability to inject other agents from a current Empire agent.

Note: Think of a listener as a metasploit handler, and a stager as a payload.


Clone the repository to a location of your choosing and run the setup script /opt/Empire/setup/install.sh to pull the dependencies and get it all configured. Choices. Packages. Possibly a warning or two (that are probably not fatal) and when prompted to choose a key to secure the comms channel between agents and Empire listeners, hit enter to allow a random key to be generated (perhaps choose a different one later, but random is good).

The below are the usual cheat sheets. I am gradually building up to each function having an example.