Skip to content

Latest commit

 

History

History
95 lines (76 loc) · 5.02 KB

README.md

File metadata and controls

95 lines (76 loc) · 5.02 KB

emp3r0r

A post-exploitation framework for Linux/Windows

Status

  • emp3r0r C2 (Linux/Windows) is ready for testing. Please report bugs if you find any.
  • Read wiki to get started (中文)
  • Download from here
  • Write modules for emp3r0r with your favorite languages
  • SSH harvester is ready for use
  • Windows support is ready with fully-interactive shell
ssh-harvester.mp4
MORE screenshots

image

image

image

c2


Motivation

Initially, emp3r0r was developed as one of my weaponizing experiments. It was a learning process for me trying to implement common Linux adversary techniques and some of my original ideas.

So, what makes emp3r0r different? First of all, it is the first C2 framework that targets Linux platform including the capability of using any other tools through it. Take a look at the features for more valid reasons to use it.

To support third-party modules, emp3r0r has complete python3 support, included in vaccine module, 15MB in total, with necessary third party packages such as Impacket, Requests and MySQL.


Features

  • Beautiful Terminal UI
    • Use tmux for window management
  • Stealth
    • Automatically changes argv so you won't notice it in ps listing
    • Hide files and PIDs via Glibc hijacking (patcher in get_persistence)
    • Built-in Elvish Shell with the same disguise as main process
    • All C2 communications made in HTTP2/TLS
    • Defeat JA3 fingerprinting with UTLS
    • Painlessly encapsulated in Shadowsocks and KCP
    • Able to encapsulate in any external proxies such as TOR and CDNs
    • C2 relaying via SSH
    • DLL agent
  • Multi-Tasking
    • Don't have to wait for any commands to finish
  • Module Support
  • Perfect Shell Experience via SSH with PTY support
    • Compatible with any SSH client and available for Windows
  • Bettercap
  • Auto persistence via various methods
  • Post-exploitation Tools
    • Nmap, Socat, Ncat, Bettercap, etc
  • Credential Harvesting
  • Process Injection
  • Shellcode Injection
  • ELF Patcher for persistence
  • Packer
    • Encrypts and compresses agent binary and runs agent in a covert way
  • Hide processes and files and get persistence via shared library injection
  • Networking
    • Port Mapping
      • From C2 side to agent side, and vice versa
      • TCP/UDP both supported
    • Agent Side Socks5 Proxy with UDP support
  • Auto Root
  • LPE Suggest
  • System Info Collect
  • File Management
  • Log Cleaner
  • Screenshot
  • Anti-Antivirus
  • Internet Access Checker
  • Automatically bridge agents from internal networks to C2
    • For semi-isolated networks
  • Proxy via agent to agent SSH connection
  • Interoperability with Metasploit/Cobalt Strike
  • and many more :)