v2.0.0
Added
- Peer-to-Peer Agent communications
- gRPC Server for Merlin CLI
- Default interface/port is
127.0.0.1:50051
and default password ismerlin
-addr
the address to listen for gRPC connections from the Merlin CLI-password
the password for CLI RPC clients to connect to the Merlin server-secure
require client TLS certificate verification-tlsCA
TLS Certificate Authority file path to verify client certificates-tlsCert
TLS certificate file path for the Merlin server-tlsKey
TLS private key file path for the Merlin server
- Default interface/port is
- Structured logging in JSON format to STDOUT using log/slog package
-debug
enable debug output-extra
enable extra debug output (e.g., HTTP requests/responses)-trace
enable trace output to see stepping through functions
- New SMB/UDP/TCP listeners
- Used to configure how the listener process Agent traffic
- Listeners DO NOT bind to interfaces/ports on the Merlin server, used for Agent configuration/generation ONLY
- Delegate message types and functions for processing them
- Configurable listener authentication methods for Agent communications: OPAQUE & none
- Configurable listener transforms for Agent communications: aes, base64-byte, base64-string, hex-byte, hex-string, gob-base, gob-string, jwe, rc4, and xor
- The last transform in the list MUST be
gob-base
- The last transform in the list MUST be
- GitHub Actions for building and testing the Merlin Agent
Changed
- Refactored some areas to align with DDD and SOLID to alleviate circular dependencies implementing peer-to-peer comms
- Implemented base "entity" structures and "aggregates"
- Implemented the "Repository" pattern for Agents, Delegates, Groups, Listeners, Servers
- Implemented the "Services" patter for interacting with Agents, Listeners, & Base messages
- Configurable JWT key value for HTTP listeners
- Upgraded quic-go to v0.40.0
- The Minimum supported Go version is now 1.21
- Listeners are now handled by a UUID and no longer by a name as a string
- Moved the
build
string out ofmain.go
and intopkg/merlin.go
- Removed PWNBoard from
main.go
- Removed wiki documentation from
docs
to a new repository at https://github.com/Ne0nd0g/merlin-documentation - Replaced
github.com/satori/go.uuid
withgithub.com/google/uuid
- Replaced
github.com/square/go-jose
withgithub.com/go-jose/go-jose
- Replaced
github.com/Ne0nd0g/merlin/pkg/messages
withgithub.com/Ne0nd0g/merlin-message
- Removes the need to depend on or import the Merlin Server package
Removed
- Removed the interactive CLI menu to Merlin CLI
- Uses gRPC to communicate with the Merlin server
The data/bin
directory contains compiled versions of the Merlin CLI and Merlin Agents
Merlin documentation and Wiki can be found here
The compressed files have a password of
merlin