id: empire-c2 info: name: Empire C2 - Detect author: pussycat0x severity: info description: | Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server. reference: | - https://github.com/thehappydinoa/awesome-censys-queries#security-applications - https://bc-security.gitbook.io/empire-wiki/ metadata: censys-query: bc517bf173440dad15b99a051389fadc366d5df2 || dcb32e6256459d3660fdc90e4c79e95a921841cc max-request: 1 verified: "true" tags: c2,ir,osint,empire,panel http: - method: GET path: - "{{BaseURL}}" matchers: - type: dsl dsl: - "(\"bc517bf173440dad15b99a051389fadc366d5df2\" == sha1(body)) || (\"dcb32e6256459d3660fdc90e4c79e95a921841cc\" == sha1(body))"