DeathStar - Automate getting Domain Admin using Empire

DeathStar is a Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques.

How does it work?

See the accompanying blog post here:


Currently, for Death Star to work you're going to have to install my fork of Empire until this pull request gets merged and the changes get pushed to master. The fork contains some API and back-end database fixes for scripts that interact with the RESTful API.
  • First grab, install and run Empire:
git clone
cd Empire/setup && ./ && cd ..
# Start the Empire console and RESTful API
python empire --rest --username empireadmin --password Password123
  • Then grab, setup and run DeathStar:
git clone
# Death Star is written in Python3
pip3 install -r requirements.txt


  1. Run DeathStar
  2. Get an Empire Agent on a box connected to a Domain
  3. Go grab a coffee/tea/redbull, DeathStar will take care of everything else ;)
Powered by Blogger.