explaingit

bishopfox/sliver

11,191GoAudience · ops devopsComplexity · 4/5LicenseSetup · moderate

TLDR

Sliver is an open-source red-team framework by BishopFox that lets authorized security teams simulate real attackers, operators run a control server while a compiled implant communicates back over TLS, WireGuard, HTTPS, or DNS.

Mindmap

mindmap
  root((sliver))
    What it does
      Red team framework
      Adversary emulation
      Authorized attack sim
    Architecture
      Operator server
      Compiled implant
      Multiplayer mode
    C2 protocols
      Mutual TLS
      WireGuard
      HTTPS
      DNS
    Windows capabilities
      Process injection
      Token manipulation
      Staged payloads
    Tech stack
      Go
      Python scripting
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run an authorized red-team engagement where multiple operators share one Sliver server to coordinate simulated attacks.

USE CASE 2

Generate a unique implant for each authorized target system to simulate how real attackers avoid detection.

USE CASE 3

Automate red-team tasks during a penetration test using Sliver's Python scripting interface.

USE CASE 4

Test Windows defenses by simulating process injection and token manipulation techniques in a lab environment.

Tech stack

GoPythonWireGuardTLS

Getting it running

Difficulty · moderate Time to first run · 30min

A one-line installer sets up the server on Linux, use only on systems you have explicit written authorization to test.

You can use and modify this software freely, but any project that includes it must also be released under the GPLv3 license.

In plain English

Sliver is an open-source framework used by security teams to simulate real-world attacks against computer networks. The practice is called adversary emulation or red teaming: a team of security professionals acts like an attacker, probing a company's defenses to find gaps before a real attacker does. Sliver was created by BishopFox, a cybersecurity consultancy. The framework works in two parts. Operators control sessions from a server and client application that run on macOS, Windows, or Linux. The other part is a small program, called an implant, that gets installed on a target system during an authorized engagement. The implant communicates back to the control server over several network protocols: mutual TLS, WireGuard, HTTPS, and DNS. Because each implant is compiled fresh with unique encryption keys, it looks different every time it is built, which helps simulate how sophisticated real-world attackers avoid detection. Notable features include multiplayer mode (so multiple testers can share one server session), both staged and stageless payloads (staged means the implant downloads additional code after initial access, stageless means it arrives complete), and Python scripting for automation. On Windows there are capabilities for moving between processes, injecting code into running applications, and manipulating user tokens, which are techniques commonly tested in red team exercises. Installation is straightforward: a one-line command downloads and sets up the server on Linux, or you can compile from source. Documentation and tutorials are available at sliver.sh. The code is released under the GPLv3 license.

Copy-paste prompts

Prompt 1
I am running an authorized penetration test. Show me how to install the Sliver server on Linux and generate a stageless implant that communicates over mutual TLS.
Prompt 2
In an authorized red-team lab, how do I enable multiplayer mode in Sliver so two operators can share the same session server?
Prompt 3
For an authorized security engagement, write a Python script using Sliver's scripting API that automatically lists active sessions and runs a command on each one.
Prompt 4
Explain how Sliver's unique-per-build encryption works and why it helps simulate sophisticated attackers during an authorized red-team exercise.
Open on GitHub → Explain another repo

← bishopfox on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.