Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. The Merlin server is a self-contained command line program that requires no installation. You just simply download it and run it. The command-line interface only works great if it will be used by a single operator at a time. The Merlin agent can be controlled through Mythic, which features a web-based user interface that enables multiplayer support, and a slew of other features inherent to the project.
Features
- Supported C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
- Server and Agent: Windows, Linux, macOS (Darwin), MIPS, ARM or anything Go can natively build
- Execute .NET assemblies in-process with invoke-assembly or in a sacrificial process with execute-assembly
- Execute arbitrary Windows executables (PE) in a sacrificial process with execute-pe
- Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC
- OPAQUE Asymmetric Password Authenticated Key Exchange (PAKE)
Project Samples
Categories
Post-Exploitation FrameworksLicense
GNU General Public License version 3.0 (GPLv3)Follow Merlin HTTP/2
You Might Also Like
All-in-One IT Monitoring - No More Blind Spots
Tired of switching between different tools and missing critical alerts? PRTG brings everything together, monitoring your entire IT infrastructure from a single, intuitive interface. Whether it’s servers, switches, printers, or cloud services, you get instant visibility and clear notifications - no technical jargon, no clutter. Set up in minutes, PRTG helps you prevent downtime, reduce stress, and prove your value to your company. Focus on your job, not on chasing issues. Try PRTG and experience true IT peace of mind.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of Merlin HTTP/2!