Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary.

The server, client, and implant all support MacOS, Windows, and Linux (and possibly every Golang compiler target but we’ve not tested them all).

FEATURES OF SLIVER

  • Dynamic code generation
  • Compile-time obfuscation
  • Local and remote process injection
  • Anti-anti-anti-forensics
  • Secure C2 over mTLS, HTTP(S), and DNS
  • Procedurally generated C2 over HTTP (work in progress)
  • Let’s Encrypt integration
  • In-memory .NET assembly execution
  • Windows process migration
  • Windows user token manipulation
  • Multiplayer-mode
  • DNS Canary Blue Team Detection

USING SLIVER

Download the latest release and see the Sliver wiki for a quick tutorial on basic setup and usage. To get the very latest and greatest compile from source.

COMPILE FROM SOURCE

You’ll want to compile from a MacOS or Linux machine, compiling from Windows should work but none of the scripts are designed to run on Windows (you can compile the Windows binaries from MacOS or Linux). If all you have is a Windows machine, using the Docker build will probably the easiest choice.

Docker Build

The Docker builds are mostly designed for running unit tests, but can be useful if you want a “just do everything” build, you just need to have Docker installed on the machine. First git clone the Sliver repo, then run the build.py script (the script isn’t required but has a few short cuts see ./build.py --help). Alternatively, execute the following command:

docker build -t sliver .

The Docker build includes mingw and Metasploit, so it can take a while to build from scratch but Docker should cache the layers effectively. Sliver will also run it’s unit tests as part of the build, and that takes a few minutes too.

From Scratch (No Docker)

From scratch without Docker, requirements for compiling:

  • Go v1.11 or later
  • makesedtarwgetzip commands
  • dep
  • protoc
  • packr (v1) go get -u github.com/gobuffalo/packr/packr
  • Clone the project into $GOPATH/src/github.com/bishopfox/sliver

Build thin server (for development):

$ dep ensure
$ ./go-assets.sh
$ make

Statically compile and bundle server with all dependencies and assets:

$ dep ensure
$ ./go-assets.sh
$ make static-macos
$ make static-linux
$ make static-windows

Source Code

  • assets/ – Static assets that are embedded into the server binary, generated by go-assets.sh
  • client/ – Client code, the majority of this code is also used by the server
  • protobuf/ – Protobuf code
  • server/ – Server-side code
  • sliver/ – Implant code, rendered by the server at runtime
  • util/ – Utility functions that may be shared by the server and client

DOWNLOAD SLIVER

LEAVE A REPLY

Please enter your comment!
Please enter your name here