Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Quick Start
xmerlinmkdir /opt/merlin;cd /opt/merlin
wget https://github.com/Ne0nd0g/merlin/releases/download/v0.1.4/merlinServer-Linux-x64-v0.1.4.7z
7z x merlinServer-Linux-x64-v0.1.4.7z
sudo ./merlinServer-Linux-x64
Misc.
Merlin Server Command Line Flags
./merlinServer-Linux-x64 -h -debug
Enable debug output
-i string
The IP address of the interface to bind to (default "0.0.0.0")
-p int
Merlin Server Port (default 443)
-v Enable verbose output
-x509cert string
The x509 certificate for the HTTPS listener (default "C:\\Merlin\\data\\x509\\server.crt")
-x509key string
The x509 certificate key for the HTTPS listener (default "C:\\Merlin\\data\\x509\\server.key")
Merlin Agent Command Line Flags
./merlinAgent-Linux-x64 -h -debug
Enable debug output
-sleep duration
Time for agent to sleep (default 10s)
-skew int
Variable time skew for agent to sleep
-url string
Full URL for agent to connect to (default "https://127.0.0.1:443")
-v Enable verbose output
TLS Certificates
WARNING: You should generate your own TLS certificates and replace the default certificates that ship with Merlindata/x509openssl