nuclei-templates/http/exposed-panels/c2/empire-c2.yaml

id: empire-c2

info:
  name: Empire C2 - Detect
  author: pussycat0x
  severity: info
  description: |
    Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server.
  reference: |
    - https://github.com/thehappydinoa/awesome-censys-queries#security-applications
    - https://bc-security.gitbook.io/empire-wiki/
  metadata:
    verified: "true"
    max-request: 1
    censys-query: bc517bf173440dad15b99a051389fadc366d5df2 || dcb32e6256459d3660fdc90e4c79e95a921841cc
  tags: c2,ir,osint,empire,panel

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - "(\"dcb32e6256459d3660fdc90e4c79e95a921841cc\" == sha1(body))"
# digest: 4a0a00473045022052f057abc1e056c8c32bf8d2891e13713b1ab7954bbe4b0a6e9708c38a25ebd3022100bcd41dce3d9a23afe4e5ca1b8b85ce3209ac68c14709533258f10bc48977988a:922c64590222798bb761d5b6d8e72950
Empire C2 - Detect 2023-06-14 14:14:53 +00:00			`id: empire-c2`

			`info:`
			`name: Empire C2 - Detect`
			`author: pussycat0x`
			`severity: info`
			`description: \|`
			`Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server.`
			`reference: \|`
lint -fix 2023-06-14 14:26:33 +00:00			`- https://github.com/thehappydinoa/awesome-censys-queries#security-applications`
Empire C2 - Detect 2023-06-14 14:14:53 +00:00			`- https://bc-security.gitbook.io/empire-wiki/`
			`metadata:`
Revert "TemplateMan Update [Mon Apr 8 11:30:07 UTC 2024] :robot:" This reverts commit 433dda4ae5b824564b44075bb95a96ecdbe263a6. 2024-04-08 11:34:33 +00:00			`verified: "true"`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`max-request: 1`
			`censys-query: bc517bf173440dad15b99a051389fadc366d5df2 \|\| dcb32e6256459d3660fdc90e4c79e95a921841cc`
add panel tag to http/exposed-panels/ templates 2023-06-30 22:49:09 +00:00			`tags: c2,ir,osint,empire,panel`
Empire C2 - Detect 2023-06-14 14:14:53 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

			`matchers:`
			`- type: dsl`
			`dsl:`
Update empire-c2.yaml 2023-08-03 18:55:17 +00:00			`- "(\"dcb32e6256459d3660fdc90e4c79e95a921841cc\" == sha1(body))"`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4a0a00473045022052f057abc1e056c8c32bf8d2891e13713b1ab7954bbe4b0a6e9708c38a25ebd3022100bcd41dce3d9a23afe4e5ca1b8b85ce3209ac68c14709533258f10bc48977988a:922c64590222798bb761d5b6d8e72950`