Merlin

Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go.

Highlighted features:

Supported C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
Domain Fronting
Execute .NET assemblies in-process with invoke-assembly or in a sacrificial process with execute-assembly
Execute arbitrary Windows executables (PE) in a sacrificial process with execute-pe
Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC
Encrypted JWT for authentication

Download the latest compiled version of Merlin Server from the [releases](https://github.com/Ne0nd0g/merlin/releases) section

> 
> 
> 
> The Server package contains a compiled Agent for all the major operating systems in the `data/bin` directory
>

Extract the files with 7zip using the `x` function **The password is: `merlin`**

Start Merlin

Configure a [listener](https://merlin-c2.readthedocs.io/en/latest/server/menu/listeners.html)

Deploy an agent. See [Agent Execution Quick Start Guide](https://merlin-c2.readthedocs.io/en/latest/quickStart/agent.html) for examples

Pwn, Pivot, Profit

```
mkdir /opt/merlin;cd /opt/merlin
wget https://github.com/Ne0nd0g/merlin/releases/latest/download/merlinServer-Linux-x64.7z
7z x merlinServer-Linux-x64.7z
sudo ./merlinServer-Linux-x64

```

go get github.com/Ne0nd0g/merlin-agent

For a full list of available commands:

Last updated 1 year ago

Was this helpful?