Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
golang.org/x/net
to v0.24.0 to address CVE-2023-45288The data/bin
directory contains compiled versions of the Merlin CLI and Merlin Agents
Merlin documentation and Wiki can be found here
The compressed files have a password of
merlin
readSOCKSClient()
function to close the connection on any connection read errorprocessMessage()
to drop SOCKS jobs when the connection was already closedNewInfoWithID()
factory for SOCKS jobs information structures that keep the same Job ID for the connection lifetimeThe data/bin
directory contains compiled versions of the Merlin CLI and Merlin Agents
Merlin documentation and Wiki can be found here
The compressed files have a password of
merlin
github.com/Ne0nd0g/merlin-message
to v1.3.0github.com/quic-go/quic-go
to v0.40.1google.golang.org/grpc
to v1.60.0ne0nd0g/merlin-base
v1.5.0 in DockerfileENTRYPOINT
to execute a compiled binary instead of go run
GOGARBLE
environment variable from MakefileThe data/bin
directory contains compiled versions of the Merlin CLI and Merlin Agents
Merlin documentation and Wiki can be found here
The compressed files have a password of
merlin
127.0.0.1:50051
and default password is merlin
-addr
the address to listen for gRPC connections from the Merlin CLI-password
the password for CLI RPC clients to connect to the Merlin server-secure
require client TLS certificate verification-tlsCA
TLS Certificate Authority file path to verify client certificates-tlsCert
TLS certificate file path for the Merlin server-tlsKey
TLS private key file path for the Merlin server-debug
enable debug output-extra
enable extra debug output (e.g., HTTP requests/responses)-trace
enable trace output to see stepping through functionsgob-base
build
string out of main.go
and into pkg/merlin.go
main.go
docs
to a new repository at https://github.com/Ne0nd0g/merlin-documentation
github.com/satori/go.uuid
with github.com/google/uuid
github.com/square/go-jose
with github.com/go-jose/go-jose
github.com/Ne0nd0g/merlin/pkg/messages
with github.com/Ne0nd0g/merlin-message
The data/bin
directory contains compiled versions of the Merlin CLI and Merlin Agents
Merlin documentation and Wiki can be found here
The compressed files have a password of
merlin
Merlin documentation and Wiki can be found here
The compressed files have a password of
merlin
socks start 9050
from the agent menu to start a SOCKS5 listener on port 9050 on the Merlin serverMerlin documentation and Wiki can be found here
The compressed files have a password of
merlin
memory
command w/ associated API & documentation to read/write virtual memory for Windows agents
read
command will just read the specified number of bytes and return the resultswrite
command will just write the specified bytes without reading them firstpatch
command will find a specified function, read the existing bytes, and then overwrite it with the provided bytesMerlin documentation and Wiki can be found here
The compressed files have a password of
merlin
windows-garble
, linux-garble
, & darwin-garble
make linux-garble SEED=<your seed valuee>
Merlin documentation and Wiki can be found here
The compressed files have a password of
merlin