merlin

command module

v2.1.3 Latest Latest Go to latest Published: Apr 23, 2024 License: GPL-3.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Ne0nd0g/merlin

Links

Open Source Insights

README ¶

Merlin

Merlin Logo

Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go.

Highlighted features:

merlin-cli command line interface over gRPC to connect to the Merlin Server facilitating multi-user support
Supported Agent C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
Peer-to-peer (P2P) communication between Agents with bind or reverse for SMB, TCP, and UDP
Configurable agent data encoding and encryption transforms: AES, Base64, gob, hex, JWE, RC4, and XOR
- JWE transform use PBES2_HS512_A256KW PBES2 (RFC 2898) with HMAC SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256-bit keys for the encryption scheme
Configurable agent authenticators:
- None: No authentication
- OPAQUE: Asymmetric Password Authenticated Key Exchange (PAKE)
Encrypted JWT for message authentication
Configurable Agent message data padding to combat beaconing detections based on a fixed message size
Execute .NET assemblies in-process with invoke-assembly or in a sacrificial process with execute-assembly
Execute arbitrary Windows executables (PE) in a sacrificial process with execute-pe
Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC
Integrated Donut, sRDI, and SharpGen support
Dynamically change the Agent's JA3 hash
Mythic support
Documentation & Wiki

An introductory blog post can be found here: https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a

Supporting Repositories:

Merlin Agent - Agent source code
Merlin Agent DLL - Agent DLL source code
Merlin CLI - Command line interface for Merlin
Merlin Documentation - Documentation source code
Merlin on Mythic - Merlin agent for Mythic Framework
Merlin Docker - Base Docker image for for Merlin images
Merlin Message - A Go library for Merlin messages exchanged between a Merlin Server and Agent

Quick Start

Download the latest version of Merlin Server from the releases section

The Server package contains compiled versions of the CLI and Agent for all the major operating systems in the data/bin directory
Extract the files with 7zip using the x function The password is: merlin
Start Merlin
Start the CLI
Configure a listener
Deploy an agent. See Agent Execution Quick Start Guide for examples

Pwn, Pivot, Profit

mkdir /opt/merlin;cd /opt/merlin
wget https://github.com/Ne0nd0g/merlin/releases/latest/download/merlinServer-Linux-x64.7z
7z x merlinServer-Linux-x64.7z
sudo ./merlinServer-Linux-x64
./data/bin/merlinCLI-Linux-x64

Mythic

Merlin can be integrated and used as an agent with the Mythic a collaborative, multi-platform, red teaming framework.

Visit the Merlin on Mythic repository in the MythicAgents organization to get started.

Misc.

To compile Merlin from source, view the Custom Build page
For a full list of available commands:
View the Frequently Asked Questions page
View the Blog Posts page for additional information

Slack

Join the #merlin channel in the BloodHoundGang Slack to ask questions, troubleshoot, or provide feedback.

JetBrains

Thanks to JetBrains for kindly sponsoring Merlin by providing a Goland IDE Open Source license

JetBrains Logo

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
pkg
agents
agents/memory
authenticators Package authenticators holds the factories to create structures that implement the Authenticator interface This interface is used to authenticate agents	Package authenticators holds the factories to create structures that implement the Authenticator interface This interface is used to authenticate agents
authenticators/none Package none is an empty, or nil, authenticator used to bypass authentication requirements	Package none is an empty, or nil, authenticator used to bypass authentication requirements
authenticators/opaque
client Package client contains code for working with Merlin Command Line Interface (CLI) clients connected over gRPC	Package client contains code for working with Merlin Command Line Interface (CLI) clients connected over gRPC
client/memory
client/message Package message is used to handle messages created by the Merlin server that need to sent to CLI clients	Package message is used to handle messages created by the Merlin server that need to sent to CLI clients
client/message/memory Package memory provides an in-memory repository for messages	Package memory provides an in-memory repository for messages
core
delegate Package delegate provides a repository to store and retrieve delegate Base messages that have been encoded/encrypted into a byte slice using the Agent's transforms and keys	Package delegate provides a repository to store and retrieve delegate Base messages that have been encoded/encrypted into a byte slice using the Agent's transforms and keys
delegate/memory
group Package group manages Agent groupings so that tasks can be issued against a group	Package group manages Agent groupings so that tasks can be issued against a group
group/memory Package memory is an in-memory database used to store and retrieve groups	Package memory is an in-memory database used to store and retrieve groups
jobs Package jobs holds the structures for Agent jobs	Package jobs holds the structures for Agent jobs
jobs/memory Package memory is an in-memory repository for storing and managing Agent Jobs and associated Job tracking structures	Package memory is an in-memory repository for storing and managing Agent Jobs and associated Job tracking structures
listeners Package listeners houses listeners for various protocols to receive, handle, and return Agent traffic	Package listeners houses listeners for various protocols to receive, handle, and return Agent traffic
listeners/http Package http contains structures and repositories to create, store, and manage HTTP based Agent listeners	Package http contains structures and repositories to create, store, and manage HTTP based Agent listeners
listeners/http/memory Package memory is an in-memory database used to store and retrieve HTTP listeners	Package memory is an in-memory database used to store and retrieve HTTP listeners
listeners/smb Package smb contains the structures and interface for peer-to-peer communications through an SMB bind listener used for Agent communications SMB listener's do not have a server because the Merlin Server does not send/receive messages.	Package smb contains the structures and interface for peer-to-peer communications through an SMB bind listener used for Agent communications SMB listener's do not have a server because the Merlin Server does not send/receive messages.
listeners/smb/memory Package memory is an in-memory database used to store and retrieve SMB listeners	Package memory is an in-memory database used to store and retrieve SMB listeners
listeners/tcp Package tcp contains the structures and interface for peer-to-peer communications through a TCP bind listener used for Agent communications TCP listener's do not have a server because the Merlin Server does not send/receive messages.	Package tcp contains the structures and interface for peer-to-peer communications through a TCP bind listener used for Agent communications TCP listener's do not have a server because the Merlin Server does not send/receive messages.
listeners/tcp/memory Package memory is an in-memory database used to store and retrieve TCP listeners	Package memory is an in-memory database used to store and retrieve TCP listeners
listeners/udp Package udp contains the structures and interface for peer-to-peer communications through a UDP bind listener used for Agent communications UDP listener's do not have a server because the Merlin Server does not send/receive messages.	Package udp contains the structures and interface for peer-to-peer communications through a UDP bind listener used for Agent communications UDP listener's do not have a server because the Merlin Server does not send/receive messages.
listeners/udp/memory Package memory is an in-memory database used to store and retrieve UDP listeners	Package memory is an in-memory database used to store and retrieve UDP listeners
logging
modules
modules/donut
modules/minidump
modules/sharpgen
modules/shellcode
modules/socks
modules/srdi
modules/winapi/createprocess
opaque Package opaque holds the functions and structures to perform OPAQUE registration and authentication https://github.com/cfrg/draft-irtf-cfrg-opaque	Package opaque holds the functions and structures to perform OPAQUE registration and authentication https://github.com/cfrg/draft-irtf-cfrg-opaque
rpc
servers Package servers contains servers for various protocols to listen for and return Agent communications	Package servers contains servers for various protocols to listen for and return Agent communications
servers/http Package http holds the HTTP servers to send/receive Agent messages	Package http holds the HTTP servers to send/receive Agent messages
servers/http/memory Package memory is an in-memory database used to store and retrieve HTTP servers	Package memory is an in-memory database used to store and retrieve HTTP servers
services/agent Package agent is the service for interacting with Agent objects	Package agent is the service for interacting with Agent objects
services/client Package client provides a service for working with Merlin CLI clients	Package client provides a service for working with Merlin CLI clients
services/job Package job is a service used to interact with Agent Jobs	Package job is a service used to interact with Agent Jobs
services/listeners Package listeners is a service for creating and managing Listener objects	Package listeners is a service for creating and managing Listener objects
services/message Package message is a service to process and return Agent Base messages	Package message is a service to process and return Agent Base messages
services/rpc
transformer Package transformer provides encoding and encryption methods to transform Agent messages	Package transformer provides encoding and encryption methods to transform Agent messages
transformer/encoders/base64 Package base64 encodes/decodes Agent messages	Package base64 encodes/decodes Agent messages
transformer/encoders/gob Package gob encodes/decodes Agent messages	Package gob encodes/decodes Agent messages
transformer/encoders/hex Package hex encodes/decodes Agent messages	Package hex encodes/decodes Agent messages
transformer/encrypters/aes Package aes encrypts/decrypts Agent messages	Package aes encrypts/decrypts Agent messages
transformer/encrypters/jwe Package jwe encrypts/decrypts Agent messages to/from JSON Web Encryption compact serialization format	Package jwe encrypts/decrypts Agent messages to/from JSON Web Encryption compact serialization format
transformer/encrypters/rc4 Package rc4 encrypts/decrypts Agent messages	Package rc4 encrypts/decrypts Agent messages
transformer/encrypters/xor Package xor encrypts/decrypts Agent messages	Package xor encrypts/decrypts Agent messages