Offensive Tools
Sliver: Cross-platform General Purpose Implant Framework Written in Golang
Sliver is designed to be an open source alternative to Cobalt Strike. Sliver supports asymmetrically encrypted C2 over DNS, HTTP, HTTPS, and Mutual TLS using per-binary X.509 certificates signed by a per-instance certificate authority and supports multiplayer mode for collaboration.
Open-Source C2 Framework
Sliver is an open-source cross-platform adversary emulation/red team framework. It can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.
The server and client support MacOS, Windows, and Linux. Implants are supported on MacOS, Windows, and Linux (and possibly every Golang compiler target but we've not tested them all).
Need help? Check out the Wiki or GitHub discussion boards. You can also find us on the #sliver channel in our Discord server.
Features v1.6 Overview
- Dynamic code generation
- Compile-time obfuscation
- Multiplayer-mode
- Staged and Stageless payloads
- Procedurally generated C2 over HTTP(S)
- DNS canary blue team detection
- Secure C2 over mTLS, WireGuard, HTTP(S), and DNS
- Fully scriptable using JavaScript/TypeScript or Python
- Windows process migration, process injection, user token manipulation, etc.
- Let's Encrypt integration
- In-memory .NET assembly execution
- COFF/BOF in-memory loader
- TCP and named pipe pivots
Source Code
assets/- Static assets that are embedded into the server binary, generated bygo-assets.shclient/- Client code, the majority of this code is also used by the serverprotobuf/- - Protobuf codeserver/-Server-side codesliver/- Implant code, rendered by the server at runtimeutil/- Utility functions that may be shared by the server and client
Lead Researchers
Joe DeMesy & Ronan Kervella
Joe DeMesy
is a Principal at Bishop Fox. Joe is an expert in secure development, proficient in several programming languages, and is a leading contributor to various open source projects.Joe is a noted expert in the field of information security, having been quoted in Market Watch, NPR, InformationWeek, and Dark Reading. He has also presented his research at conferences such as BSidesLV, Kiwicon, BlackHat and private conferences hosted by the US Department of Defense. GitHub: moloch--
Ronan Kervella
(OSCP) is a Senior Security Consultant at Bishop Fox, where he focuses on red teaming, internal penetration testing and hybrid application assessments. He is the author of multiple open source-tools and is an active contributor to the Sliver framework. He has advised Fortune 500 brands and startups in industries such as media, healthcare, and software development. GitHub: rkervella
Sliver Research
Related Resources
Workshop: Sliver - Getting Started & 1.6 Features
Watch an interactive workshop led by Bishop Fox Senior Security Consultant, Tim Ghatas, as we dive into Sliver, the open-source C2 framework making waves in Red Team ops.
Ace the OSEP Exam with Sliver Framework
Unlock the secrets of passing the OSEP exam with our senior security expert, Jon Guild. Join us as Jon shares his invaluable tips and tricks for conquering this benchmark exam designed for penetration testers.
Sliver Mastery: Dominating Active Directory Through Advanced Trust Exploitation
Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills. Arm yourself with the knowledge and skills of enumeration, lateral movement, and escalation techniques from first-hand experience in a vulnerable lab environment.