Skip to content

v2.0.0

Compare
Choose a tag to compare
@github-actions github-actions released this 05 Nov 22:45
e80c47a

Added

  • Peer-to-Peer Agent communications
  • gRPC Server for Merlin CLI
    • Default interface/port is 127.0.0.1:50051 and default password is merlin
    • -addr the address to listen for gRPC connections from the Merlin CLI
    • -password the password for CLI RPC clients to connect to the Merlin server
    • -secure require client TLS certificate verification
    • -tlsCA TLS Certificate Authority file path to verify client certificates
    • -tlsCert TLS certificate file path for the Merlin server
    • -tlsKey TLS private key file path for the Merlin server
  • Structured logging in JSON format to STDOUT using log/slog package
    • -debug enable debug output
    • -extra enable extra debug output (e.g., HTTP requests/responses)
    • -trace enable trace output to see stepping through functions
  • New SMB/UDP/TCP listeners
    • Used to configure how the listener process Agent traffic
    • Listeners DO NOT bind to interfaces/ports on the Merlin server, used for Agent configuration/generation ONLY
  • Delegate message types and functions for processing them
  • Configurable listener authentication methods for Agent communications: OPAQUE & none
  • Configurable listener transforms for Agent communications: aes, base64-byte, base64-string, hex-byte, hex-string, gob-base, gob-string, jwe, rc4, and xor
    • The last transform in the list MUST be gob-base
  • GitHub Actions for building and testing the Merlin Agent

Changed

  • Refactored some areas to align with DDD and SOLID to alleviate circular dependencies implementing peer-to-peer comms
    • Implemented base "entity" structures and "aggregates"
    • Implemented the "Repository" pattern for Agents, Delegates, Groups, Listeners, Servers
    • Implemented the "Services" patter for interacting with Agents, Listeners, & Base messages
  • Configurable JWT key value for HTTP listeners
  • Upgraded quic-go to v0.40.0
  • The Minimum supported Go version is now 1.21
  • Listeners are now handled by a UUID and no longer by a name as a string
  • Moved the build string out of main.go and into pkg/merlin.go
  • Removed PWNBoard from main.go
  • Removed wiki documentation from docs to a new repository at https://github.com/Ne0nd0g/merlin-documentation
  • Replaced github.com/satori/go.uuid with github.com/google/uuid
  • Replaced github.com/square/go-jose with github.com/go-jose/go-jose
  • Replaced github.com/Ne0nd0g/merlin/pkg/messages with github.com/Ne0nd0g/merlin-message
    • Removes the need to depend on or import the Merlin Server package

Removed

  • Removed the interactive CLI menu to Merlin CLI
    • Uses gRPC to communicate with the Merlin server

The data/bin directory contains compiled versions of the Merlin CLI and Merlin Agents

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin