Covenant vs Merlin
GitHub Stats
About Covenant
Covenant is a .NET-based command and control (C2) framework that offers a collaborative web-based interface for managing red team operations and implants. It facilitates comprehensive C2 tasks, including implant execution and management, through a user-friendly interface. Notable for its use in red team engagements, Covenant allows operators to execute complex attack scenarios with the flexibility of .NET, supporting both real-time and asynchronous communications.
About Merlin
Merlin is a cross-platform post-exploitation Command and Control (C2) server and agent written in Go. It communicates over HTTP/2 and HTTP/3 (QUIC), leveraging modern protocols that many security tools and network monitors do not inspect. The server provides an interactive CLI for managing multiple agents, executing commands, uploading/downloading files, and running post-exploitation modules. Agents compile to single static binaries for Windows, Linux, and macOS. Merlin supports encrypted JWE/JWT communications, domain fronting, and multiple listener types for operational flexibility.
Platform Support
Tags
Shared
Covenant only
Merlin only