v2.1.1

Ne0nd0g · Jan 4, 2024 · e5fe83b · e5fe83b
1 parent fc57f87
commit e5fe83b
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 44 deletions.
diff --git a/README.MD b/README.MD
@@ -1,4 +1,4 @@
-[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/yadppqp12h445akx/branch/master?svg=true)](https://ci.appveyor.com/project/Ne0nd0g/merlin/branch/master)
+[![CodeQL](https://github.com/Ne0nd0g/merlin/actions/workflows/codeql.yml/badge.svg)](https://github.com/Ne0nd0g/merlin/actions/workflows/codeql.yml)
 [![GoReportCard](https://goreportcard.com/badge/github.com/Ne0nd0g/merlin)](https://goreportcard.com/report/github.com/Ne0nd0g/merlin)
 [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
 [![Release](https://img.shields.io/github/release/Ne0nd0g/merlin.svg)](https://github.com/Ne0nd0g/merlin/releases/latest)
@@ -15,76 +15,74 @@ Merlin is a cross-platform post-exploitation Command & Control server and agent
 
 Highlighted features:
 
-- Supported C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
-- Server and Agent: Windows, Linux, macOS (Darwin), MIPS, ARM or anything Go can [natively build](https://golang.org/doc/install/source#environment)
-  - [Windows DLL Agent](https://github.com/Ne0nd0g/merlin-agent-dll)
-- Domain Fronting
+- [merlin-cli](https://github.com/Ne0nd0g/merlin-cli) command line interface over gRPC to connect to the Merlin Server facilitating multi-user support
+- Supported Agent C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC)
+- Peer-to-peer (P2P) communication between Agents with bind or reverse for SMB, TCP, and UDP
+- Configurable agent data encoding and encryption transforms: AES, Base64, gob, hex, JWE, RC4, and XOR
+    - JWE transform use [PBES2_HS512_A256KW](https://tools.ietf.org/html/rfc7518#section-4.8) PBES2 (RFC 2898) with HMAC
+  SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256-bit keys for the encryption scheme 
+- Configurable agent authenticators:
+  - None: No authentication 
+  - [OPAQUE](https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-00): Asymmetric Password Authenticated Key Exchange (PAKE)
+- Encrypted JWT for message authentication
+- Configurable Agent message data [padding](https://merlin-c2.readthedocs.io/en/latest/agent/cli.html#padding) 
+  to combat beaconing detections based on a fixed message size
 - Execute .NET assemblies in-process with `invoke-assembly` or in a sacrificial process with `execute-assembly`
 - Execute arbitrary Windows executables (PE) in a sacrificial process with `execute-pe` 
-- Various shellcode execution techniques: CreateThread, CreateRemoteThread,  RtlCreateUserThread, QueueUserAPC
-- [OPAQUE](https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-00) Asymmetric Password Authenticated Key Exchange (PAKE)
-- Encrypted JWT for authentication
-- Agent traffic is an encrypted JWE using PBES2 (RFC 2898) with HMAC SHA-512 as the PRF and AES Key Wrap (RFC 3394) 
-  using 256-bit keys for the encryption scheme. ([PBES2_HS512_A256KW](https://tools.ietf.org/html/rfc7518#section-4.8))
+- Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC
 - Integrated [Donut](https://github.com/Binject/go-donut), [sRDI](https://github.com/monoxgas/sRDI), 
   and [SharpGen](https://github.com/cobbr/SharpGen) support
-- C2 traffic message [padding](https://merlin-c2.readthedocs.io/en/latest/server/menu/agents.html#padding) to combat 
-  beaconing detections based on a fixed message size
-- Dynamically change the Agent's [JA3](https://merlin-c2.readthedocs.io/en/latest/server/menu/agents.html#ja3) hash 
+- Dynamically change the Agent's [JA3](https://merlin-c2.readthedocs.io/en/latest/agent/cli.html#ja3) hash 
 - [Mythic](#mythic) support
 - [Documentation & Wiki](https://merlin-c2.readthedocs.io/en/latest/)
 
 An introductory blog post can be found here: <https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a>
 
+Supporting Repositories:
+- [Merlin Agent](https://github.com/Ne0nd0g/merlin-agent) - Agent source code
+- [Merlin Agent DLL](https://github.com/Ne0nd0g/merlin-agent-dll) - Agent DLL source code
+- [Merlin CLI](https://github.com/Ne0nd0g/merlin-cli) - Command line interface for Merlin
+- [Merlin Documentation](https://github.com/Ne0nd0g/merlin-documentation) - Documentation source code
+- [Merlin on Mythic](https://github.com/MythicAgents/merlin) - Merlin agent for Mythic Framework
+- [Merlin Docker](https://github.com/Ne0nd0g/merlin-docker) - Base Docker image for for Merlin images
+- [Merlin Message](https://github.com/Ne0nd0g/merlin-message) - A Go library for Merlin messages exchanged between a Merlin Server and Agent
+
 ## Quick Start
 
-1. Download the latest compiled version of Merlin Server from the [releases](https://github.com/Ne0nd0g/merlin/releases) section
-   > The Server package contains a compiled Agent for all the major operating systems in the `data/bin` directory
+1. Download the latest version of Merlin Server from the [releases](https://github.com/Ne0nd0g/merlin/releases) section
+   > The Server package contains compiled versions of the CLI and Agent for all the major operating systems in the `data/bin` directory
 2. Extract the files with 7zip using the `x` function **The password is: `merlin`**
 3. Start Merlin
-4. Configure a [listener](https://merlin-c2.readthedocs.io/en/latest/server/menu/listeners.html)   
-5. Deploy an agent. See [Agent Execution Quick Start Guide](https://merlin-c2.readthedocs.io/en/latest/quickStart/agent.html) for examples
-6. Pwn, Pivot, Profit
+4. Start the CLI
+5. Configure a [listener](https://merlin-c2.readthedocs.io/en/latest/cli/menu/listeners.html)   
+6. Deploy an agent. See [Agent Execution Quick Start Guide](https://merlin-c2.readthedocs.io/en/latest/quickStart/quickstart.html#merlin-agent) for examples
+7. Pwn, Pivot, Profit
 
    ```
    mkdir /opt/merlin;cd /opt/merlin
    wget https://github.com/Ne0nd0g/merlin/releases/latest/download/merlinServer-Linux-x64.7z
    7z x merlinServer-Linux-x64.7z
    sudo ./merlinServer-Linux-x64
+   ./data/bin/merlinCLI-Linux-x64
    ```
 
-## Agents
-
-The [Merlin Agent](https://github.com/Ne0nd0g/merlin-agent) is kept in its own repository so that it can easily be 
-retrieved and compiled:
-
-```text
-go get github.com/Ne0nd0g/merlin-agent
-```
-
-The [Windows DLL Agent](https://github.com/Ne0nd0g/merlin-agent-dll) is also kept in a separate repository.
-See the [DLL Agent](https://merlin-c2.readthedocs.io/en/latest/agent/dll.html) documentation for building instructions.
-
 ## Mythic
 
-The Merlin server is a self-contained command line program that requires no installation. You just simply download it 
-and run it.
-The command-line interface only works great if it will be used by a single operator at a time. 
-The Merlin agent can be controlled through [Mythic](https://github.com/its-a-feature/Mythic), which features a web-based
-user interface that enables multiplayer support, and a slew of other features inherent to the project.
+Merlin can be integrated and used as an agent with the [Mythic](https://github.com/its-a-feature/Mythic) a 
+collaborative, multi-platform, red teaming framework.
 
-Visit the [Merlin](https://github.com/MythicAgents/merlin) repository in the MythicAgents organizaiton to get started.
+Visit the [Merlin on Mythic](https://github.com/MythicAgents/merlin) repository in the MythicAgents organization
+to get started.
 
 ## Misc.
 
-* The latest development build of Merlin can be downloaded from [AppVeyor](https://ci.appveyor.com/project/Ne0nd0g/merlin-i9c58/build/artifacts)
-* To compile Merlin from source, view the [Custom Build](https://merlin-c2.readthedocs.io/en/latest/agent/custom.html) page
+* To compile Merlin from source, view the [Custom Build](https://merlin-c2.readthedocs.io/en/latest/quickStart/quickstart.html#merlin-server) page
 * For a full list of available commands:
-   * [Main Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/main.html)
-   * [Listener Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/listeners.html)
-   * [Agent Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/agents.html)
-   * [Module Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/modules.html)
-* View the [Frequently Asked Questions](https://merlin-c2.readthedocs.io/en/latest/quickStart/faq.html) page
+   * [Main Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/main.html)
+   * [Listener Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/listeners.html)
+   * [Agent Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/agents.html)
+   * [Module Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/modules.html)
+* View the [Frequently Asked Questions](https://merlin-c2.readthedocs.io/en/latest/faq/faq.html) page
 * View the [Blog Posts](https://merlin-c2.readthedocs.io/en/latest/misc/blogs.html) page for additional information
 
 ## Slack

diff --git a/docs/CHANGELOG.MD b/docs/CHANGELOG.MD
@@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## 2.1.1 - 2024-01-03
+## 2.1.1 - 2024-01-04
 
 ### Added