ENNAENNA

Merlin

GPL-3.0

๐Ÿ”ฅ Offensive Ops ยท Go

Merlin is a cross-platform post-exploitation Command and Control (C2) server and agent written in Go. It communicates over HTTP/2 and HTTP/3 (QUIC), leveraging modern protocols that many security tools and network monitors do not inspect. The server provides an interactive CLI for managing multiple agents, executing commands, uploading/downloading files, and running post-exploitation modules. Agents compile to single static binaries for Windows, Linux, and macOS. Merlin supports encrypted JWE/JWT communications, domain fronting, and multiple listener types for operational flexibility.

5.5kstars
837forks
21issues
Updated 1y ago
+I use this
View on GitHub

Installation

$ go install github.com/Ne0nd0g/merlin-cli@latest

Use Cases

  • Post-exploitation command and control over HTTP/2
  • Evading network inspection that ignores HTTP/2 traffic
  • Cross-platform agent deployment
  • Domain fronting for covert C2 channels

Tags

c2http2post-exploitationcross-platformquiccommand-and-controlagentgolang

Details

Category
๐Ÿ”ฅ Offensive Ops
Language
Go
Repository
Ne0nd0g/merlin
License
GPL-3.0
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/Ne0nd0g/merlin

Releases

github.com/Ne0nd0g/merlin/releases

Issues

github.com/Ne0nd0g/merlin/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Covenant

C#

.NET C2 framework. Collaborative, web-based interface for red team operations and implant management.

Compare Merlin vs Covenant

Sliver

Go

Open-source C2 framework by BishopFox. mTLS, HTTP(S), DNS, WireGuard implants with multi-operator support.

Compare Merlin vs Sliver

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

Compare Merlin vs Mythic

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

Compare Merlin vs Havoc

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound