{"id":13382288,"url":"https://github.com/ne0nd0g/merlin","last_synced_at":"2025-05-13T00:15:55.041Z","repository":{"id":37484262,"uuid":"78200488","full_name":"Ne0nd0g/merlin","owner":"Ne0nd0g","description":"Merlin is a cross-platform post-exploitation HTTP/2 Command \u0026 Control  server and agent written in golang.","archived":false,"fork":false,"pushed_at":"2025-04-17T15:08:42.000Z","size":28380,"stargazers_count":5230,"open_issues_count":20,"forks_count":827,"subscribers_count":136,"default_branch":"main","last_synced_at":"2025-05-13T00:15:40.902Z","etag":null,"topics":["agent","c2","command-and-control","golang","http2","post-exploitation"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ne0nd0g.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":"docs/CONTRIBUTING.MD","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-01-06T11:18:20.000Z","updated_at":"2025-05-12T10:29:14.000Z","dependencies_parsed_at":"2023-10-20T21:59:58.698Z","dependency_job_id":"c52d0893-7354-4d25-ba5b-7926452f9d05","html_url":"https://github.com/Ne0nd0g/merlin","commit_stats":{"total_commits":547,"total_committers":19,"mean_commits":"28.789473684210527","dds":"0.17733089579524675","last_synced_commit":"ffb9feb58c5464177eaa042a04378aa3e976fed6"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ne0nd0g%2Fmerlin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ne0nd0g%2Fmerlin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ne0nd0g%2Fmerlin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ne0nd0g%2Fmerlin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ne0nd0g","download_url":"https://codeload.github.com/Ne0nd0g/merlin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253843225,"owners_count":21972874,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","c2","command-and-control","golang","http2","post-exploitation"],"created_at":"2024-07-30T10:00:53.359Z","updated_at":"2025-05-13T00:15:54.997Z","avatar_url":"https://github.com/Ne0nd0g.png","language":"Go","funding_links":[],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"42a4a0bcb02fcb7a30fe7e42b7a9cdb5\"\u003e\u003c/a\u003eMerlin","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"98a851c8e6744850efcb27b8e93dff73\"\u003e\u003c/a\u003eC\u0026C","\u003ca id=\"941bae92e80ca3f9c21a232cc959eb67\"\u003e\u003c/a\u003e工具"],"readme":"[![CodeQL](https://github.com/Ne0nd0g/merlin/actions/workflows/codeql.yml/badge.svg)](https://github.com/Ne0nd0g/merlin/actions/workflows/codeql.yml)\n[![GoReportCard](https://goreportcard.com/badge/github.com/Ne0nd0g/merlin)](https://goreportcard.com/report/github.com/Ne0nd0g/merlin)\n[![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)\n[![Release](https://img.shields.io/github/release/Ne0nd0g/merlin.svg)](https://github.com/Ne0nd0g/merlin/releases/latest)\n[![Downloads](https://img.shields.io/github/downloads/Ne0nd0g/merlin/total.svg)](https://github.com/Ne0nd0g/merlin/releases)\n[![Twitter Follow](https://img.shields.io/twitter/follow/merlin_c2.svg?style=social\u0026label=Follow)](https://twitter.com/merlin_c2)\n\n# Merlin\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"Merlin Logo\" src=\"docs/images/merlin.png\" height=\"30%\" width=\"30%\"\u003e\n\u003c/p\u003e\n\nMerlin is a cross-platform post-exploitation Command \u0026 Control server and agent written in Go.\n\nHighlighted features:\n\n- [merlin-cli](https://github.com/Ne0nd0g/merlin-cli) command line interface over gRPC to connect to the Merlin Server facilitating multi-user support\n- Supported Agent C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)\n- Peer-to-peer (P2P) communication between Agents with bind or reverse for SMB, TCP, and UDP\n- Configurable agent data encoding and encryption transforms: AES, Base64, gob, hex, JWE, RC4, and XOR\n    - JWE transform use [PBES2_HS512_A256KW](https://tools.ietf.org/html/rfc7518#section-4.8) PBES2 (RFC 2898) with HMAC\n  SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256-bit keys for the encryption scheme \n- Configurable agent authenticators:\n  - None: No authentication \n  - [OPAQUE](https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-00): Asymmetric Password Authenticated Key Exchange (PAKE)\n- Encrypted JWT for message authentication\n- Configurable Agent message data [padding](https://merlin-c2.readthedocs.io/en/latest/agent/cli.html#padding) \n  to combat beaconing detections based on a fixed message size\n- Execute .NET assemblies in-process with `invoke-assembly` or in a sacrificial process with `execute-assembly`\n- Execute arbitrary Windows executables (PE) in a sacrificial process with `execute-pe` \n- Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC\n- Integrated [Donut](https://github.com/Binject/go-donut), [sRDI](https://github.com/monoxgas/sRDI), \n  and [SharpGen](https://github.com/cobbr/SharpGen) support\n- Dynamically change the Agent's [JA3](https://merlin-c2.readthedocs.io/en/latest/agent/cli.html#ja3) hash \n- [Mythic](#mythic) support\n- [Documentation \u0026 Wiki](https://merlin-c2.readthedocs.io/en/latest/)\n\nAn introductory blog post can be found here: \u003chttps://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a\u003e\n\nSupporting Repositories:\n- [Merlin Agent](https://github.com/Ne0nd0g/merlin-agent) - Agent source code\n- [Merlin Agent DLL](https://github.com/Ne0nd0g/merlin-agent-dll) - Agent DLL source code\n- [Merlin CLI](https://github.com/Ne0nd0g/merlin-cli) - Command line interface for Merlin\n- [Merlin Documentation](https://github.com/Ne0nd0g/merlin-documentation) - Documentation source code\n- [Merlin on Mythic](https://github.com/MythicAgents/merlin) - Merlin agent for Mythic Framework\n- [Merlin Docker](https://github.com/Ne0nd0g/merlin-docker) - Base Docker image for for Merlin images\n- [Merlin Message](https://github.com/Ne0nd0g/merlin-message) - A Go library for Merlin messages exchanged between a Merlin Server and Agent\n\n## Quick Start\n\n1. Download the latest version of Merlin Server from the [releases](https://github.com/Ne0nd0g/merlin/releases) section\n   \u003e The Server package contains compiled versions of the CLI and Agent for all the major operating systems in the `data/bin` directory\n2. Extract the files with 7zip using the `x` function **The password is: `merlin`**\n3. Start Merlin\n4. Start the CLI\n5. Configure a [listener](https://merlin-c2.readthedocs.io/en/latest/cli/menu/listeners.html)   \n6. Deploy an agent. See [Agent Execution Quick Start Guide](https://merlin-c2.readthedocs.io/en/latest/quickStart/quickstart.html#merlin-agent) for examples\n7. Pwn, Pivot, Profit\n\n   ```\n   mkdir /opt/merlin;cd /opt/merlin\n   wget https://github.com/Ne0nd0g/merlin/releases/latest/download/merlinServer-Linux-x64.7z\n   7z x merlinServer-Linux-x64.7z\n   sudo ./merlinServer-Linux-x64\n   ./data/bin/merlinCLI-Linux-x64\n   ```\n\n## Mythic\n\nMerlin can be integrated and used as an agent with the [Mythic](https://github.com/its-a-feature/Mythic) a \ncollaborative, multi-platform, red teaming framework.\n\nVisit the [Merlin on Mythic](https://github.com/MythicAgents/merlin) repository in the MythicAgents organization\nto get started.\n\n## Misc.\n\n* To compile Merlin from source, view the [Custom Build](https://merlin-c2.readthedocs.io/en/latest/quickStart/quickstart.html#merlin-server) page\n* For a full list of available commands:\n   * [Main Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/main.html)\n   * [Listener Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/listeners.html)\n   * [Agent Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/agents.html)\n   * [Module Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/modules.html)\n* View the [Frequently Asked Questions](https://merlin-c2.readthedocs.io/en/latest/faq/faq.html) page\n* View the [Blog Posts](https://merlin-c2.readthedocs.io/en/latest/misc/blogs.html) page for additional information\n\n## Slack\n\nJoin the `#merlin` channel in the [BloodHoundGang](https://bloodhoundgang.herokuapp.com/) Slack to ask questions, \ntroubleshoot, or provide feedback.\n\n## JetBrains\n\nThanks to [JetBrains](https://www.jetbrains.com/?from=merlin) for kindly sponsoring Merlin by providing a Goland IDE \nOpen Source license\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"JetBrains Logo\" src=\"docs/images/jetbrains-variant-4.png\" height=\"40%\" width=\"40%\"\u003e\n  \u003cimg alt=\"GoLand Logo\" src=\"docs/images/icon-goland.png\" height=\"20%\" width=\"20%\"\u003e\n\u003c/p\u003e\n ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fne0nd0g%2Fmerlin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fne0nd0g%2Fmerlin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fne0nd0g%2Fmerlin/lists"}