🐚 GTFOBins 🪟 LOLBAS 🩸 BloodHound 🩸 bloodyAD 📜 Certipy ☁️ Cloud ⚡ goexec 🤖 HackTricks 🔌 HardwareATT 📦 Impacket 🏰 InternalATT 🔀 Ligolo-ng 🐱 Mimikatz 💣 msfvenom 🔧 NetExec 🤖 OSAI 💥 PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
🐍

Sliver C2

41 pages
Aliases and Extensions
Aliases and Extensions Sliver allows an operator to extend the local client console and its features by adding new comma…
Anti-virus Evasion
Anti-virus Evasion The Sliver authors do not consider anti-virus evasion to be within the scope of the Sliver project; t…
Architecture
Architecture This document describes the technical design of Sliver. High Level There are four major components to the S…
Armory
Armory The armory is the Sliver Alias and Extension package manager. It allows you to automatically install various thir…
Audit Log
Audit Log Sliver keeps an audit log of every command and its arguments executed by the server (including commands execut…
BOF and COFF Support
BOF and COFF Support Sliver supports the loading and execution of BOFs and COFFs, generally no code changes are needed t…
C2 Advanced Options
C2 Advanced Options Advanced options, as the name suggests, are for advanced users that know what they're doing. Using t…
Community Guides
Community Guides ⚠️ IMPORTANT: This content was NOT created by the Sliver authors. Please keep in mind it may be out of …
Compile from Source
Compile from Source You'll want to compile Sliver from a MacOS or Linux machine. Compiling from native Windows is possib…
Configuration Files
Configuration Files General Server Configuration The Sliver server configuration file is located in the configs sub-dire…
Cross-compiling Implants
Cross-compiling Implants Any platform can cross-compile a standalone executable to any other platform out of the box; yo…
Cursed
Cursed Cursed is a Chrome/Chromium/Edge/Electron post-exploitation toolkit that integrates with CursedChrome (originally…
Custom Clients
Custom Clients Although the sliver-client is the default way to interact with a sliver-server and with implant sessions,…
DNS C2
DNS C2 DNS can be a finicky, nuanced protocol. If you're unfamiliar with DNS and related concepts, I'd recommend reading…
Daemon Mode
Daemon Mode Sliver supports running in daemon mode, which automatically starts the multiplayer listener but does not pro…
Debugging
Debugging Debugging Sliver binaries (server, client and implant) can be done using the delve debugger. The following exa…
Environment Variables
Environment Variables Assets SLIVER_ROOT_DIR - Override sliver root directory, the default is ~/.sliver/ Updates SLIVER_…
Executable Metadata
Executable Metadata Executable metadata spoofing lets you post-process a generated build and copy metadata/resource deta…
External Builders
External Builders Sliver supports "external builders," which allow a Sliver server to offload implant builds onto other …
GPG Public Key
GPG Public Key GPG siging is deprecated and should be avoided, use the Minisign public key to verify binaries.…
Getting Started
Getting Started Download the latest server release for your platform, and just run the binary. That's it, you're pretty …
HTTPS C2
HTTPS C2 Sliver supports proxy-aware C2 over both HTTP and HTTPS, however since Sliver does not rely upon the SSL/TLS la…
Linux Install Script
Linux Install Script This script installs the latest version of Sliver as a systemd service, installs Windows cross-comp…
Loot
Loot The loot command is a server-side store of looted files and credentials. Since this is implemented server-side, all…
MCP
MCP IMPORTANT: MCP (Model Context Protocol) support is experimental and NOT ALL FUNCTIONALITY IS SUPPORTED YET. Pull req…
Minisign Public Key
Minisign Public Key This Minisign key is used to sign binary artifacts from the Sliver Authors specifically. As anyone i…
Multi-player Mode
Multi-player Mode Multiplayer mode allows multiple operators to connect to the same Sliver server and collaborate on eng…
Notifications
Notifications Notifications Table of Contents Overview Configuration Overview Global Examples Service Examples Amazon SE…
Payload Compatibility
Payload Compatibility This page summarizes implant payload format compatibility by target OS/architecture ( GOOS/GOARCH …
Pivots
Pivots ⚠️ IMPORTANT: Pivots in Sliver are used for specifically pivoting C2 traffic, not to be confused with port forwar…
Port Forwarding
Port Forwarding Sliver provides two mechanisms for port forwarding to tunnel additional connections / tools into the tar…
Reverse SOCKS
Reverse SOCKS Sliver supports two types of SOCKS5 proxies, an "in-band" proxy that tunnels through any C2 protocol, and …
Stagers
Stagers ⚠️ Important: Some staged payloads require a working cross-compiler toolchain on the Sliver server (especially s…
Themes
Themes Console Themes Sliver’s interactive consoles (both sliver-client and the server-only console) use a theme file to…
Third Party Tools
Third Party Tools Sideloading Features Sliver implants support three different ways of loading third party tools: execut…
Traffic Encoders
Traffic Encoders Sliver v1.6 supports user-defined "Traffic Encoders," which can be used to arbitrarily modify the Slive…
Transport Encryption
Transport Encryption ⚠️ NOTE: This document does not apply when mTLS or WireGuard are used. Sliver v1.6.x The following …
Troubleshooting
Troubleshooting Server logs Server related logs are saved to: ~/.sliver/logs/ sliver.log is the main log file for server…
Watchtower
Watchtower The Sliver server has a built-in capability to periodically monitor VirusTotal and IBM X-Force for implant ha…
Wireguard C2
Wireguard C2 This page documents the current implant C2 WireGuard transport implementation used between server/ and impl…
mTLS C2
mTLS C2 This page documents the current implant C2 mTLS transport implementation used between server/ and implant/ code …