CLR is the entrypoint for Jobs that are processed to determine which CLR function should be executed.

Connect establishes a TCP or UDP connection to a tcp-bind or udp-bind peer-to-peer Agent.

ConnectSMB establishes an SMB connection over a named pipe to a smb-bind peer-to-peer Agent.

CreateProcess spawns a child process with anonymous pipes, executes shellcode in it, and returns the output from the executed shellcode.

Download receives a job from the server to download a file to host where the Agent is running.

ExecuteCommand runs the provided input program and arguments, returning results in a message base.

ExecuteShellcode instructs the agent to load and run shellcode according to the input job.

ExecuteShellcodeCreateProcessWithPipe creates a child process, redirects STDOUT/STDERR to an anonymous pipe, injects/executes shellcode, and retrieves output lint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeQueueUserAPC executes provided shellcode in the provided target process using the Windows QueueUserAPC API call lint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeRemote executes provided shellcode in the provided target process lint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeRtlCreateUserThread executes provided shellcode in the provided target process using the Windows RtlCreateUserThread call lint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeSelf executes provided shellcode in the current process lint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

Link connects to the provided target over the provided protocol and establishes a peer-to-peer connection with the Agent.

Listener binds to the provided interface and port and begins listening for incoming connections from other peer-to-peer agents.

ListenSMB binds to the provided named pipe and listens for incoming SMB connections.

ListenTCP binds to the provided address and listens for incoming TCP connections.

ListenUDP binds to the provided address and listens for incoming UDP connections.

Memfd places a linux executable file in-memory, executes it, and returns the results Uses the linux memfd_create API call to create an anonymous file https://man7.org/linux/man-pages/man2/memfd_create.2.html http://manpages.ubuntu.com/manpages/bionic/man2/memfd_create.2.html.

Memory is a handler for working with virtual memory on the host operating system.

MiniDump is the top-level function used to receive a job and subsequently execute a Windows memory dump on the target process The function returns the memory dump as a file upload to the server.

Native executes a golang native command that does not use any executables on the host.

Netstat is used to print network connections on the target system.

Pipes is only a valid function on Windows agents...for now.

PS lists running processes Only available on Windows.

RunAs creates a new process as the provided user.

Setup is used to prepare the environment or context for subsequent commands and is specific to each operating system.

SSH executes a command on a remote host using the SSH protocol and does not provide an interactive session.

TearDown is the opposite of Setup and removes and environment or context applications.

Token is the entrypoint for Jobs that are processed to determine which Token function should be executed.

Unlink terminates a peer-to-peer Agent connection.

Upload receives a job from the server to upload a file from the host to the Merlin server.

Uptime retrieves the system's uptime Windows only.

MaxSizeUDP is the maximum size that a UDP fragment can be, following the moderate school of thought due to 1500 MTU http://ithare.com/udp-from-mog-perspective/.