Introduction to Merlin Project
Merlin is an innovative and versatile cross-platform post-exploitation Command & Control (C2) server and agent. Crafted using the Go programming language, Merlin offers a suite of advanced features designed to aid cybersecurity professionals in performing red team operations and security assessments.
Key Features
-
Multi-User Command Line Interface: Merlin includes the
merlin-cli
, a powerful command line interface that connects via gRPC to the Merlin Server. This setup supports multiple users simultaneously, thereby enhancing collaborative efforts and operational efficiency. -
Adaptable C2 Protocols: The project supports various Agent C2 Protocols, including HTTP/1.1 (both clear-text and TLS encrypted), HTTP/2, HTTP/3, and HTTP/2 over QUIC. These protocols ensure that users can maintain secure and flexible communication channels.
-
Peer-to-Peer Communication: Merlin facilitates P2P communication between agents, whether through SMB, TCP, or UDP, making network operations more seamless and robust.
-
Customization with Data Transforms and Authentication: Users can configure agent data encoding and encryption using methods such as AES, Base64, JWE, RC4, and XOR. Additionally, authentication options can be customized, including None or OPAQUE (an asymmetric password authenticated key exchange).
-
Enhanced Security with JWT and Data Padding: Encrypted JSON Web Tokens (JWT) are used for message authentication, while configurable padding adds an extra layer of defense against detection techniques based on fixed message sizes.
-
Execution Capabilities: The tool can execute .NET assemblies and arbitrary Windows executables (PE) either in-process or in sacrificial processes. Additionally, Merlin enables a variety of shellcode execution techniques, such as CreateThread and QueueUserAPC, among others.
-
Open Source and Extensible:
- Integrated tools: Merlin integrates with tools like Donut, sRDI, and SharpGen.
- JA3 Hash Adaptability: Agents can dynamically change their JA3 hashes.
- Mythic Compatibility: Merlin is compatible with the Mythic framework, a powerful tool for red teaming operations.
-
Documentation and Community Support: Comprehensive documentation and an active community support network ensure users can easily access help and share insights about using Merlin effectively.
Getting Started
To begin using Merlin, follow these steps:
- Download: Obtain the latest version from the releases section. The download includes all necessary components.
- Setup: Use tools like 7zip to extract the files. The extraction password is 'merlin'.
- Launch: Start the Merlin server and the CLI, configure a listener, deploy an agent, and engage in operations.
Integrations and Resources
- Mythic Framework Integration: Visit Merlin on Mythic for details on setting up Merlin within the Mythic platform.
- Compilation and Command List: Users can compile Merlin from source by following the instructions in the documentation. A comprehensive list of commands available in the system can be found in the respective menus, which include the Main, Listener, Agent, and Module menus.
Community and Support
Engage with the Merlin community on Slack by joining the #merlin
channel in the BloodHoundGang space. Here, users can ask questions, receive troubleshooting assistance, and offer feedback.
Sponsorship
Merlin's development is supported by JetBrains, who provide an open-source license for their GoLand IDE, facilitating a smoother development experience.
Merlin is a sophisticated C2 tool built to meet the evolving needs of cybersecurity professionals, providing flexibility, security, and robust functionality for post-exploitation and red team activities. For more extensive details and to dive into its capabilities, visit the Merlin Documentation & Wiki.