GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Ne0nd0g → Merlin

Ne0nd0g / Merlin

Licence: gpl-3.0
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

http2agentpost-exploitationc2command-and-control

Projects that are alternatives of or similar to Merlin

venus
A Visual Studio Code Extension agent for Mythic C2
Stars: ✭ 47 (-98.67%)
Mutual labels:  post-exploitation, c2, command-and-control
Bifrost
Bifrost C2. Open-source post-exploitation using Discord API
Stars: ✭ 37 (-98.95%)
Mutual labels:  post-exploitation, c2, command-and-control
AlanFramework
A C2 post-exploitation framework
Stars: ✭ 405 (-88.5%)
Mutual labels:  post-exploitation, c2
Http2 Wrapper
Use HTTP2 the same way like HTTP1
Stars: ✭ 183 (-94.8%)
Mutual labels:  http2, agent
disctopia-c2
Windows Remote Administration Tool that uses Discord as C2
Stars: ✭ 216 (-93.87%)
Mutual labels:  c2, command-and-control
Covertutils
A framework for Backdoor development!
Stars: ✭ 424 (-87.96%)
Mutual labels:  agent, post-exploitation
chkdfront
Check Domain Fronting (chkdfront) - It checks if your domain fronting is working
Stars: ✭ 42 (-98.81%)
Mutual labels:  c2, command-and-control
ToRat client
This is the ToRat client, a part of the ToRat Project.
Stars: ✭ 29 (-99.18%)
Mutual labels:  post-exploitation, command-and-control
dark-lord-obama
AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
Stars: ✭ 61 (-98.27%)
Mutual labels:  c2, command-and-control
meteor
A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.
Stars: ✭ 31 (-99.12%)
Mutual labels:  c2, command-and-control
transportc2
PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.
Stars: ✭ 22 (-99.38%)
Mutual labels:  c2, command-and-control
link
link is a command and control framework written in rust
Stars: ✭ 345 (-90.2%)
Mutual labels:  c2, command-and-control
Hunt Framework
A Web framework for D Programming Language. Full-stack high-performance.
Stars: ✭ 256 (-92.73%)
Mutual labels:  http2
Mimipenguin
A tool to dump the login password from the current linux user
Stars: ✭ 3,151 (-10.53%)
Mutual labels:  post-exploitation
netbox-agent
Netbox agent to run on your infrastructure's servers
Stars: ✭ 99 (-97.19%)
Mutual labels:  agent
computational-economy
An agent-based computational economy with macroeconomic equilibria from microeconomic behaviors
Stars: ✭ 67 (-98.1%)
Mutual labels:  agent
Laravel Http2serverpush
A HTTP2 SeverPush Middleware for Laravel 5
Stars: ✭ 294 (-91.65%)
Mutual labels:  http2
Firefly
Firefly is an asynchronous web framework for rapid development of high-performance web application.
Stars: ✭ 277 (-92.14%)
Mutual labels:  http2
gtfo
Search for Unix binaries that can be exploited to bypass system security restrictions.
Stars: ✭ 88 (-97.5%)
Mutual labels:  post-exploitation
rmqmonitor
A agent that written by Go(lang) used for monitoring RabbitMQ.
Stars: ✭ 17 (-99.52%)
Mutual labels:  agent
View All Similar Projects ➔

AppVeyor Build Status GoReportCard License: GPL v3 Release Downloads Twitter Follow

Merlin

Merlin Logo

Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go.

Highlighted features:

  • Supported C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
  • Server and Agent: Windows, Linux, macOS (Darwin), MIPS, ARM or anything Go can natively build
  • Domain Fronting
  • Execute .NET assemblies in-process with invoke-assembly or in a sacrificial process with execute-assembly
  • Execute arbitrary Windows executables (PE) in a sacrificial process with execute-pe
  • Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC
  • OPAQUE Asymmetric Password Authenticated Key Exchange (PAKE)
  • Encrypted JWT for authentication
  • Agent traffic is an encrypted JWE using PBES2 (RFC 2898) with HMAC SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256-bit keys for the encryption scheme. (PBES2_HS512_A256KW)
  • Integrated Donut, sRDI, and SharpGen support
  • C2 traffic message padding to combat beaconing detections based on a fixed message size
  • Dynamically change the Agent's JA3 hash
  • Mythic support
  • Documentation & Wiki

An introductory blog post can be found here: https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a

Quick Start

  1. Download the latest compiled version of Merlin Server from the releases section

    The Server package contains a compiled Agent for all the major operating systems in the data/bin directory

  2. Extract the files with 7zip using the x function The password is: merlin

  3. Start Merlin

  4. Configure a listener

  5. Deploy an agent. See Agent Execution Quick Start Guide for examples

  6. Pwn, Pivot, Profit

    mkdir /opt/merlin;cd /opt/merlin
wget https://github.com/Ne0nd0g/merlin/releases/latest/download/merlinServer-Linux-x64.7z
7z x merlinServer-Linux-x64.7z
sudo ./merlinServer-Linux-x64

Agents

The Merlin Agent is kept in its own repository so that it can easily be retrieved and compiled:

go get github.com/Ne0nd0g/merlin-agent

The Windows DLL Agent is also kept in a separate repository. See the DLL Agent documentation for building instructions.

Mythic

The Merlin server is a self-contained command line program that requires no installation. You just simply download it and run it. The command-line interface only works great if it will be used by a single operator at a time. The Merlin agent can be controlled through Mythic, which features a web-based user interface that enables multiplayer support, and a slew of other features inherent to the project.

Visit the Merlin repository in the MythicAgents organizaiton to get started.

Misc.

Slack

Join the #merlin channel in the BloodHoundGang Slack to ask questions, troubleshoot, or provide feedback.

JetBrains

Thanks to JetBrains for kindly sponsoring Merlin by providing a Goland IDE Open Source license

JetBrains Logo GoLand Logo

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].