reddit hackernews mail facebook facebook linkedin


Cross-platform post-exploitation HTTP/2 Command & Control server and agent.

Highlighted features:
- merlin-cli command line interface over gRPC to connect to the Merlin Server facilitating multi-user support
- Supported Agent C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
- Peer-to-peer (P2P) communication between Agents with bind or reverse for SMB, TCP, and UDP
- Configurable agent data encoding and encryption transforms: AES, Base64, gob, hex, JWE, RC4, and XOR
- JWE transform use PBES2_HS512_A256KW PBES2 (RFC 2898) with HMAC SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256-bit keys for the encryption scheme
- Configurable agent authenticators:
- None: No authentication
- OPAQUE: Asymmetric Password Authenticated Key Exchange (PAKE)
- Encrypted JWT for message authentication
- Configurable Agent message data padding to combat beaconing detections based on a fixed message size
- Execute .NET assemblies in-process with invoke-assembly or in a sacrificial process with execute-assembly
- Execute arbitrary Windows executables (PE) in a sacrificial process with execute-pe
- Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC
- Integrated Donut, sRDI, and SharpGen support
- Dynamically change the Agent's JA3 hash
- Mythic support
- Documentation & Wiki