Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. The Merlin server is a self-contained command line program that requires no installation. You just simply download it and run it. The command-line interface only works great if it will be used by a single operator at a time. The Merlin agent can be controlled through Mythic, which features a web-based user interface that enables multiplayer support, and a slew of other features inherent to the project.
Features
- Supported C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
- Server and Agent: Windows, Linux, macOS (Darwin), MIPS, ARM or anything Go can natively build
- Execute .NET assemblies in-process with invoke-assembly or in a sacrificial process with execute-assembly
- Execute arbitrary Windows executables (PE) in a sacrificial process with execute-pe
- Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC
- OPAQUE Asymmetric Password Authenticated Key Exchange (PAKE)
Project Samples
Categories
Post-Exploitation FrameworksLicense
GNU General Public License version 3.0 (GPLv3)Follow Merlin HTTP/2
Other Useful Business Software
Full-stack observability with actually useful AI | Grafana Cloud
Built on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of Merlin HTTP/2!
