{
	"id": "4fb7e7b8-1c59-4009-a36c-5dc5a814c7da",
	"created_at": "2026-04-06T01:31:50.92951Z",
	"updated_at": "2026-04-10T03:21:38.588436Z",
	"deleted_at": null,
	"sha1_hash": "e37c277bb746b1e18013f4b2ac7ce05a913a6bec",
	"title": "GitHub - Ne0nd0g/merlin: Merlin is a cross-platform post-exploitation HTTP/2 Command \u0026 Control server and agent written in golang.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 453923,
	"plain_text": "GitHub - Ne0nd0g/merlin: Merlin is a cross-platform post-exploitation HTTP/2 Command \u0026 Control server and agent\r\nwritten in golang.\r\nBy Ne0nd0g\r\nArchived: 2026-04-06 00:28:09 UTC\r\nCodeQL no status\r\n ggoo rreeppoorrtt A + LLiicceennssee GGPPLL vv33 rreelleeaassee vv22..11..44 ddoowwnnllooaaddss 105k FFoollllooww\r\nMerlin is a cross-platform post-exploitation Command \u0026 Control server and agent written in Go.\r\nHighlighted features:\r\nmerlin-cli command line interface over gRPC to connect to the Merlin Server facilitating multi-user\r\nsupport\r\nSupported Agent C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c),\r\nhttp/3 (http/2 over QUIC)\r\nPeer-to-peer (P2P) communication between Agents with bind or reverse for SMB, TCP, and UDP\r\nConfigurable agent data encoding and encryption transforms: AES, Base64, gob, hex, JWE, RC4, and\r\nXOR\r\nJWE transform use PBES2_HS512_A256KW PBES2 (RFC 2898) with HMAC SHA-512 as the\r\nPRF and AES Key Wrap (RFC 3394) using 256-bit keys for the encryption scheme\r\nConfigurable agent authenticators:\r\nNone: No authentication\r\nOPAQUE: Asymmetric Password Authenticated Key Exchange (PAKE)\r\nEncrypted JWT for message authentication\r\nConfigurable Agent message data padding to combat beaconing detections based on a fixed message size\r\nExecute .NET assemblies in-process with invoke-assembly or in a sacrificial process with execute-assembly\r\nExecute arbitrary Windows executables (PE) in a sacrificial process with execute-pe\r\nhttps://github.com/Ne0nd0g/merlin\r\nPage 1 of 3\n\nVarious shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread,\r\nQueueUserAPC\r\nIntegrated Donut, sRDI, and SharpGen support\r\nDynamically change the Agent's JA3 hash\r\nMythic support\r\nDocumentation \u0026 Wiki\r\nAn introductory blog post can be found here: https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a\r\nSupporting Repositories:\r\nMerlin Agent - Agent source code\r\nMerlin Agent DLL - Agent DLL source code\r\nMerlin CLI - Command line interface for Merlin\r\nMerlin Documentation - Documentation source code\r\nMerlin on Mythic - Merlin agent for Mythic Framework\r\nMerlin Docker - Base Docker image for for Merlin images\r\nMerlin Message - A Go library for Merlin messages exchanged between a Merlin Server and Agent\r\nQuick Start\r\n1. Download the latest version of Merlin Server from the releases section\r\nThe Server package contains compiled versions of the CLI and Agent for all the major operating\r\nsystems in the data/bin directory\r\n2. Extract the files with 7zip using the x function The password is: merlin\r\n3. Start Merlin\r\n4. Start the CLI\r\n5. Configure a listener\r\n6. Deploy an agent. See Agent Execution Quick Start Guide for examples\r\n7. Pwn, Pivot, Profit\r\nmkdir /opt/merlin;cd /opt/merlin\r\nwget https://github.com/Ne0nd0g/merlin/releases/latest/download/merlinServer-Linux-x64.7z\r\n7z x merlinServer-Linux-x64.7z\r\nsudo ./merlinServer-Linux-x64\r\n./data/bin/merlinCLI-Linux-x64\r\nMythic\r\nhttps://github.com/Ne0nd0g/merlin\r\nPage 2 of 3\n\nMerlin can be integrated and used as an agent with the Mythic a collaborative, multi-platform, red teaming\r\nframework.\r\nVisit the Merlin on Mythic repository in the MythicAgents organization to get started.\r\nMisc.\r\nTo compile Merlin from source, view the Custom Build page\r\nFor a full list of available commands:\r\nMain Menu\r\nListener Menu\r\nAgent Menu\r\nModule Menu\r\nView the Frequently Asked Questions page\r\nView the Blog Posts page for additional information\r\nSlack\r\nJoin the #merlin channel in the BloodHoundGang Slack to ask questions, troubleshoot, or provide feedback.\r\nJetBrains\r\nThanks to JetBrains for kindly sponsoring Merlin by providing a Goland IDE Open Source license\r\n \r\nSource: https://github.com/Ne0nd0g/merlin\r\nhttps://github.com/Ne0nd0g/merlin\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/Ne0nd0g/merlin"
	],
	"report_names": [
		"merlin"
	],
	"threat_actors": [],
	"ts_created_at": 1775439110,
	"ts_updated_at": 1775791298,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e37c277bb746b1e18013f4b2ac7ce05a913a6bec.pdf",
		"text": "https://archive.orkl.eu/e37c277bb746b1e18013f4b2ac7ce05a913a6bec.txt",
		"img": "https://archive.orkl.eu/e37c277bb746b1e18013f4b2ac7ce05a913a6bec.jpg"
	}
}