Skip to content

Ne0nd0g/merlin-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.github/workflows
.github/workflows
 
 
.qodana
.qodana
 
 
banner
banner
 
 
commands
commands
 
 
completer
completer
 
 
core
core
 
 
docs
docs
 
 
entity
entity
 
 
listener
listener
 
 
message
message
 
 
module
module
 
 
rpc
rpc
 
 
services
services
 
 
version
version
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
qodana.yaml
qodana.yaml
 
 

Repository files navigation

Build GoReportCard License: GPL v3 Release Downloads Qodana CodeQL Twitter Follow

Merlin CLI

Merlin is composed of the following components:

  • Merlin Server - The program that receives and handles Agent traffic and operator CLI commands to control the server and Agents
  • Merlin Agent - The post-exploitation command and control Agent that runs on a compromised host
  • Merlin CLI - The command line interface that allows operators to interact with the Merlin Server and Agents

This repository covers the Merlin Command Line Interface (CLI) program

Releases from the https://github.com/Ne0nd0g/merlin/releases page contain the Merlin Server, Agent, and CLI programs.

Merlin documentation can be found at https://merlin-c2.readthedocs.io/en/latest/

The Main Merlin C2 repository can be found here: https://github.com/Ne0nd0g/merlin

Command Line Interface

The CLI uses Google RPC (gRPC) protocol buffers over TLS to communicate with the Merlin Server. All API calls require a password to authenticate to the server.

WARNING: The default password is merlin and should always be changed to prevent unauthorized access

NOTE: By default, the Merlin Server will generate a self-signed TLS certificate that will not be trusted by the CLI if the secure flag is used

    $ ./merlin-cli -h
    Usage of merlin-cli:
      -addr string
            The address of the Merlin server to connect to (default "127.0.0.1:50051")
      -password string
            the password to connect to the Merlin server (default "merlin")
      -secure
            Require server TLS certificate verification
      -tlsCA string
            TLS Certificate Authority file path
      -tlsCert string
            TLS certificate file path
      -tlsKey string
            TLS private key file path
      -version
            Print the version number and exit
  • addr - this flag specifies the address of the Merlin Server to connect to. The connection uses gRPC over TLS.
  • password - this flag sets the password needed to authenticate all gRPC requests
  • secure - this flag enables TLS certificate verification. When this flag is set, the CLI will verify the Server's TLS certificate
  • tlsCA - this flag specifies a custom CA certificate file to validate and trust the Server's certificate
  • tlsCert - this flag specifies the certificate file the Merlin CLI will use for mutual TLS authentication with the Merlin Server
  • tlsKey - this flag specifies the private key file for the tlsCert
  • version - this flag prints the version number of the Merlin Server and exits

About

gRPC client for the Merlin Server

Resources

Readme

License

GPL-3.0 license
Activity

Stars

16 stars

Watchers

3 watching

Forks

7 forks
Report repository

Releases 5

v1.1.4 Latest
Apr 23, 2024
+ 4 releases

Packages

No packages published

Languages