Custom Build¶
This section details how to build custom build a Merlin Agent using the Make file.
NOTE: Merlin is distributed with pre-compiled agent binaries for all major platforms in the data/bin directory.
Basic¶
The provided Make file can be used to build a new agent from source. It is recommended that you first use
go get github.com/Ne0nd0g/Merlin to pull a copy of the Merlin source code to the host. Move into the Merlin root
directory where the Make file is located.
- Windows agent:
make agent-windows - Linux agent:
make agent-linux - macOS agent:
make agent-darwin - Windows DLL:
make agent-dll - MIPS agent:
make agent-mips - ARM agent:
make agent-arm
Advanced¶
Use the provided Make file to build a Merlin Agent with hard coded values. This removes the need for an operator to use commandline arguments and allows the Agent to simply be executed. The table below shows configurable compile options
| Option | Description | Notes |
|---|---|---|
| URL | Full URL for agent to connect to (default “https://127.0.0.1:443”) | same as the -url commandline flag |
| PSK | Pre-Shared Key used to encrypt initial communications (default “merlin”) | same as -psk commandline flag |
| PROXY | Hardcoded proxy to use for http/1.1 traffic only that will override host configuration | same as -proxy commandline flag |
| HOST | HTTP Host header | same as -host commandline flag |
| PROTO | Protocol for the agent to connect with [https (HTTP/1.1), http (HTTP/1.1 Clear-Text), h2 (HTTP/2), h2c (HTTP/2 Clear-Text), http3 (QUIC or HTTP/3.0)] (default ‘h2’) | same as -proto commandline flag |
| JA3 | JA3 signature string (not the MD5 hash). Overrides -proto flag | same as -ja3 commandline flag |
An example of creating a new Linux HTTP agent that is using domain fronting through https://merlin.com/c2endpoint.php using a PSK of SecurePassword1:
make agent-linux URL=https://merlin.com:443/c2endpoint.php HOST=myendpoint.azureedge.net PROTO=https PSK=SecurePassword1
Windows Agent¶
The Windows Merlin Agent executable is compiled as a GUI application instead of console application. The Merlin Agent
does not have a GUI component. The reason this is used is so that the Merlin Agent window disappears after it is executed.
This behavior is intentional so that the user will not see the application window. This is done with the LDFLAGS when
building the agent using the -H=windowsgui option as shown here
This causes problems when a user WANTS to see the Merlin Agent verbose or debug output. To view Merlin verbose/debug
output, recompile the agent after removing -H=windowsgui from the Make file. Alternatively, compile the Windows
agent with: go build -o Merlin.exe cmd/merlinagent/main.go.
Cross-Compiling¶
The Merlin agent and server can be cross-compiled to any operating system or architecture. A list of golang supported operating systems and architectures can be found here: https://golang.org/doc/install/source#environment
| $GOOS | $GOARCH |
|---|---|
| android | arm |
| darwin | 386 |
| darwin | amd64 |
| darwin | arm |
| darwin | arm64 |
| dragonfly | amd64 |
| freebsd | 386 |
| freebsd | amd64 |
| freebsd | arm |
| linux | 386 |
| linux | amd64 |
| linux | arm |
| linux | arm64 |
| linux | ppc64 |
| linux | ppc64le |
| linux | mips |
| linux | mipsle |
| linux | mips64 |
| linux | mips64le |
| netbsd | 386 |
| netbsd | amd64 |
| netbsd | arm |
| openbsd | 386 |
| openbsd | amd64 |
| openbsd | arm |
| plan9 | 386 |
| plan9 | amd64 |
| solaris | amd64 |
| windows | 386 |
| windows | amd64 |
Mobile¶
- The gomobile library can be used to compile for Android and iOS:
- https://godoc.org/golang.org/x/mobile/cmd/gomobile
These instructions can be followed to compile for Android
- Install Android SDK: https://developer.android.com/ndk/guides/index.html
- Install gomobile:
go get golang.org/x/mobile/cmd/gomobile
- Initialize gomobile:
bin\gomobile init -ndk=C:\Users\[username]\AppData\Local\Android\Sdk\ndk-bundle
- Build the APK:
bin\gomobile build -target=android merlinagent