Merlin vs Mythic
GitHub Stats
About Merlin
Merlin is a cross-platform post-exploitation Command and Control (C2) server and agent written in Go. It communicates over HTTP/2 and HTTP/3 (QUIC), leveraging modern protocols that many security tools and network monitors do not inspect. The server provides an interactive CLI for managing multiple agents, executing commands, uploading/downloading files, and running post-exploitation modules. Agents compile to single static binaries for Windows, Linux, and macOS. Merlin supports encrypted JWE/JWT communications, domain fronting, and multiple listener types for operational flexibility.
About Mythic
Mythic is a multiplayer, command and control platform for red team operations. It's designed to be collaborative, allowing multiple operators to manage agents simultaneously through a web-based UI. Mythic supports multiple agent types (Apollo for .NET, Poseidon for Go, Medusa for Python, etc.) and uses a plugin architecture for extensibility. All communication is containerized and managed through Docker. It tracks operations, manages credentials, and provides file management - a complete red team platform.
Platform Support
Tags
Shared
Merlin only
Mythic only