Merlin vs Sliver
GitHub Stats
About Merlin
Merlin is a cross-platform post-exploitation Command and Control (C2) server and agent written in Go. It communicates over HTTP/2 and HTTP/3 (QUIC), leveraging modern protocols that many security tools and network monitors do not inspect. The server provides an interactive CLI for managing multiple agents, executing commands, uploading/downloading files, and running post-exploitation modules. Agents compile to single static binaries for Windows, Linux, and macOS. Merlin supports encrypted JWE/JWT communications, domain fronting, and multiple listener types for operational flexibility.
About Sliver
Sliver is an open-source cross-platform adversary emulation and red team framework developed by BishopFox. It supports C2 over mTLS, HTTP(S), DNS, and WireGuard, with implants that can be compiled for Windows, macOS, and Linux. Sliver supports multiple operators simultaneously, making it ideal for team engagements. It includes features like process injection, pivoting, staged/stageless payloads, and a robust extension system.
Platform Support
Tags
Shared
Merlin only
Sliver only