Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary.
The server, client, and implant all support MacOS, Windows, and Linux (and possibly every Golang compiler target but we’ve not tested them all).
FEATURES OF SLIVER
- Dynamic code generation
- Compile-time obfuscation
- Local and remote process injection
- Secure C2 over mTLS, HTTP(S), and DNS
- Procedurally generated C2 over HTTP (work in progress)
- Let’s Encrypt integration
- In-memory .NET assembly execution
- Windows process migration
- Windows user token manipulation
- DNS Canary Blue Team Detection
COMPILE FROM SOURCE
You’ll want to compile from a MacOS or Linux machine, compiling from Windows should work but none of the scripts are designed to run on Windows (you can compile the Windows binaries from MacOS or Linux). If all you have is a Windows machine, using the Docker build will probably the easiest choice.
The Docker builds are mostly designed for running unit tests, but can be useful if you want a “just do everything” build, you just need to have Docker installed on the machine. First
git clone the Sliver repo, then run the
build.py script (the script isn’t required but has a few short cuts see
./build.py --help). Alternatively, execute the following command:
docker build -t sliver .
The Docker build includes mingw and Metasploit, so it can take a while to build from scratch but Docker should cache the layers effectively. Sliver will also run it’s unit tests as part of the build, and that takes a few minutes too.
From scratch without Docker, requirements for compiling:
- Go v1.11 or later
- packr (v1)
go get -u github.com/gobuffalo/packr/packr
- Clone the project into
Build thin server (for development):
$ dep ensure $ ./go-assets.sh $ make
Statically compile and bundle server with all dependencies and assets:
$ dep ensure $ ./go-assets.sh $ make static-macos $ make static-linux $ make static-windows
assets/– Static assets that are embedded into the server binary, generated by
client/– Client code, the majority of this code is also used by the server
protobuf/– Protobuf code
server/– Server-side code
sliver/– Implant code, rendered by the server at runtime
util/– Utility functions that may be shared by the server and client