Plugins are an extension of Empire that allow for custom scripts to be loaded. This allows anyone to easily build or add community projects to extend Empire functionality. Plugins can be accessed from the Empire client or the API as long as the plugin follows the template example. A list of Empire Plugins is located here.
| Plugin Name | Description | Preview | Authors | Sponsor Plugin |
|---|---|---|---|---|
| Socks Proxy Server | Self-contained server for Invoke-SocksProxy. |  |
@Cx01N, @mjokic | |
| Chisel Server | Runs chisels from the Empire CLI. |  |
@kevin | |
| AMSI Fail | The AMSI Fail Plugin calls the AMSI.fail API to generate and add a fresh AMSI Bypass to the Empire database. |  |
@Vinnybod | X |
| MITRE ATT&CK | The ATT&CK plugin assists in better threat emulation in Empire by leveraging the MITRE ATT&CK Framework for report generation and module management. |  |
@Cx01N | X |
| Advanced Reports | Creates customizable PDF reports (Empire Report, Module Report, Master Log, Sessions, Credentials) |  |
@Cx01N | X |
| EternalBlue-Plugin | EternalBlue-Plugin uses the EternalBlue exploit (CVE-17-010) to perform remote code execution on SMB. |  |
@Cx01N | X |
| Nmap-Plugin | Nmap-Plugin gives a way to interface directly from Empire to Nmap and send commands through Python3-Nmap. |  |
@Cx01N | X |
| Twilio-Plugin | The Twilio Plugin is meant to show the possibilities of the Hooks feature implemented in Empire 4.1. It sends a text message every time an agent connects. | @Vinnybod | ||
| denylist-plugin | The purpose of this plugin is to block certain IP addresses from connecting to the server. It is to showcase the event-driven nature of the hook system. | @Vinnybod |