emp3r0r: Linux/Windows post exploitation framework
emp3r0r
Linux/Windows post-exploitation framework made by Linux user
features
- beautiful terminal UI, use tmux for window management
- multi-tasking, you don’t need to wait for any commands to finish
- basic API provided through Unix socket
- perfect reverse shell (true color, key bindings, custom bashrc, custom bash binary, etc)
- auto persistence via various methods
- post-exploitation tools like nmap, socat, are integrated with a reverse shell
- credential harvesting (WIP)
- process injection
- shellcode injection and dropper
- ELF patcher
- hide processes and files via libc hijacking
- port mapping, from c2 side to agent side, and vice versa
- agent side socks5 proxy
- ssh server
- auto root
- LPE suggest
- system info collecting
- file management, resumable download
- log cleaner
- screenshot
- stealth connection
- anti-antivirus
- internet access checker
- autoproxy for semi-isolated networks
- reverse proxy to bring every host online
- all of these in one HTTP2 connection
- can be encapsulated in any external proxies such as TOR, and CDNs
- interoperability with Metasploit / Cobalt Strike
- packer: cryptor + memfd_create
- packer: use shm_open in older Linux kernels
- dropper: shellcode injector – python
- port mapping: forward from CC to agents, so you can use encapsulate other tools (such as Cobalt Strike) in emp3r0r’s CC tunnel
- randomize everything that can be randomized (file path, port number, etc)
- injector: shellcode loader, using python2
- injector: inject shellcode into the arbitrary process, using go and ptrace syscall
- injector: recover process after injection
- persistence: inject guardian shellcode into an arbitrary process to gain persistence
- headless CC, control using existing commands, can be useful when we write a web-based GUI
- screenshot supports both Windows and Linux
- reverse proxy
- better file manager resumable download/upload
- screenshot
- better shells!
- and many more…
Download
Copyright (c) 2021 jm33-ng