Command Line Flags
Merlin is composed of the following components:
Merlin Server - The program that receives and handles Agent traffic and operator CLI commands to control the server and Agents
Merlin Agent - The post-exploitation command and control Agent that runs on a compromised host
Merlin CLI - The command line interface that allows operators to interact with the Merlin Server and Agents
This page cover the Merlin Command Line Interface (CLI) program
The CLI uses Google RPC (gRPC) protocol buffers over TLS to communicate with the Merlin Server. All API calls require a password to authenticate to the server.
$ ./merlin-cli -h
Usage of merlin-cli:
The address of the Merlin server to connect to (default "127.0.0.1:50051")
the password to connect to the Merlin server (default "merlin")
Require server TLS certificate verification
TLS Certificate Authority file path
TLS certificate file path
TLS private key file path
Print the version number and exit
The default address is
addr flag specifies the address of the Merlin Server to connect to. The connection uses gRPC over TLS.
The default password is
merlin and should always be changed to prevent unauthorized access
password flag sets the password needed to authenticate all gRPC requests.
By default, the Merlin Server will generate a self-signed TLS certificate that will not be trusted by the CLI if this flag is enabled.
secure flag enables TLS certificate verification. When this flag is set, the CLI will verify the Server’s TLS certificate.
tlsCA flag specifies a custom CA certificate file to validate and trust the Server’s certificate.
tlsCert flag specifies the certificate file the Merlin CLI will use for mutual TLS authentication with the Merlin Server.
tlsKey flag specifies the private key file for the
version flag prints the version number of the Merlin Server and exits.
$ ./merlin-cli -version
Merlin Version: 1.0.0, Build: nonRelease