Skip to content
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Go JavaScript Makefile Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Update issue templates Jun 14, 2018
cmd Fixed spelling errors. Added release date to changelog Aug 20, 2019
data Merge branch 'dev' into evade-and-persist Jul 27, 2019
docs Fixed spelling errors. Added release date to changelog Aug 20, 2019
pkg Fixed spelling errors. Added release date to changelog Aug 20, 2019
test/testServer Fixed spelling errors. Added release date to changelog Aug 20, 2019
.gitattributes Updated .gitattributes Jan 1, 2019
.gitignore fixes #41 when uploading to a filepath containing a space Jan 11, 2019
Dockerfile Minor modifications to comments Feb 27, 2019
LICENSE Added GNU GPL v3.0 license information. Dec 18, 2017
Makefile Updated to better support HTTP/1.1 protocol denoted as https Aug 19, 2019
README.MD Added support for HTTP/1.1 and user-defined proxy settings. Updated M… Jun 15, 2019
go.mod
go.sum Fixed spelling errors. Added release date to changelog Aug 20, 2019

README.MD

AppVeyor GoReportCard License: GPL v3 Release Downloads Twitter Follow

Merlin (BETA)

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control  server and agent written in golang.

An introductory blog post can be found here: https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a

asciicast

Quick Start

  1. Download the latest compiled version of Merlin Server from the releases section
  2. Extract the files with 7zip using the x function. The password is: merlin
  3. Start Merlin
  4. Deploy an agent. See Agent Execution Quick Start Guide for examples
  5. Pwn, Pivot, Profit
mkdir /opt/merlin;cd /opt/merlin
wget https://github.com/Ne0nd0g/merlin/releases/download/v0.1.4/merlinServer-Linux-x64-v0.1.4.7z
7z x merlinServer-Linux-x64-v0.1.4.7z
sudo ./merlinServer-Linux-x64

Misc.

Merlin Server Command Line Flags

./merlinServer-Linux-x64 -h

Version: 0.8.0.BETA
Build: nonRelease
  -debug
        Enable debug output
  -i string
        The IP address of the interface to bind to (default "127.0.0.1")
  -p int
        Merlin Server Port (default 443)
  -proto string
        Protocol for the agent to connect with [h2, hq] (default "h2")
  -psk string
        Pre-Shared Key used to encrypt initial communications (default "merlin")
  -v    Enable verbose output
  -x509cert string
        The x509 certificate for the HTTPS listener (default "/opt/merlin/data/x509/server.crt")
  -x509key string
        The x509 certificate key for the HTTPS listener (default "/opt/merlin/data/x509/server.key")

Merlin Agent Command Line Flags

./merlinAgent-Linux-x64 -h

Merlin Agent
  -debug
        Enable debug output
  -proto string
        Protocol for the agent to connect with [h2, hq] (default "h2")
  -psk string
        Pre-Shared Key used to encrypt initial communications (default "merlin")
  -sleep duration
        Time for agent to sleep (default 30s)
  -url string
        Full URL for agent to connect to (default "https://127.0.0.1:443")
  -v    Enable verbose output
  -version
        Print the agent version and exit

Slack

Join the #merlin channel in the BloodHoundGang Slack to chat about Merlin

You can’t perform that action at this time.