whatisgithub

What is sliver?

bishopfox/sliver — explained in plain English

Analysis updated 2026-06-24

11,191GoAudience · ops devopsComplexity · 4/5LicenseSetup · moderate

In one sentence

Sliver is an open-source red-team framework by BishopFox that lets authorized security teams simulate real attackers, operators run a control server while a compiled implant communicates back over TLS, WireGuard, HTTPS, or DNS.

Mindmap

mindmap
  root((sliver))
    What it does
      Red team framework
      Adversary emulation
      Authorized attack sim
    Architecture
      Operator server
      Compiled implant
      Multiplayer mode
    C2 protocols
      Mutual TLS
      WireGuard
      HTTPS
      DNS
    Windows capabilities
      Process injection
      Token manipulation
      Staged payloads
    Tech stack
      Go
      Python scripting
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run an authorized red-team engagement where multiple operators share one Sliver server to coordinate simulated attacks.

USE CASE 2

Generate a unique implant for each authorized target system to simulate how real attackers avoid detection.

USE CASE 3

Automate red-team tasks during a penetration test using Sliver's Python scripting interface.

USE CASE 4

Test Windows defenses by simulating process injection and token manipulation techniques in a lab environment.

What is it built with?

GoPythonWireGuardTLS

How does it compare?

bishopfox/slivergoogle/go-githubcloudwego/eino
Stars11,19111,20911,218
LanguageGoGoGo
Setup difficultymoderateeasymoderate
Complexity4/52/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

A one-line installer sets up the server on Linux, use only on systems you have explicit written authorization to test.

You can use and modify this software freely, but any project that includes it must also be released under the GPLv3 license.

So what is it?

Sliver is an open-source framework used by security teams to simulate real-world attacks against computer networks. The practice is called adversary emulation or red teaming: a team of security professionals acts like an attacker, probing a company's defenses to find gaps before a real attacker does. Sliver was created by BishopFox, a cybersecurity consultancy. The framework works in two parts. Operators control sessions from a server and client application that run on macOS, Windows, or Linux. The other part is a small program, called an implant, that gets installed on a target system during an authorized engagement. The implant communicates back to the control server over several network protocols: mutual TLS, WireGuard, HTTPS, and DNS. Because each implant is compiled fresh with unique encryption keys, it looks different every time it is built, which helps simulate how sophisticated real-world attackers avoid detection. Notable features include multiplayer mode (so multiple testers can share one server session), both staged and stageless payloads (staged means the implant downloads additional code after initial access, stageless means it arrives complete), and Python scripting for automation. On Windows there are capabilities for moving between processes, injecting code into running applications, and manipulating user tokens, which are techniques commonly tested in red team exercises. Installation is straightforward: a one-line command downloads and sets up the server on Linux, or you can compile from source. Documentation and tutorials are available at sliver.sh. The code is released under the GPLv3 license.

Copy-paste prompts

Prompt 1
I am running an authorized penetration test. Show me how to install the Sliver server on Linux and generate a stageless implant that communicates over mutual TLS.
Prompt 2
In an authorized red-team lab, how do I enable multiplayer mode in Sliver so two operators can share the same session server?
Prompt 3
For an authorized security engagement, write a Python script using Sliver's scripting API that automatically lists active sessions and runs a command on each one.
Prompt 4
Explain how Sliver's unique-per-build encryption works and why it helps simulate sophisticated attackers during an authorized red-team exercise.

Frequently asked questions

What is sliver?

Sliver is an open-source red-team framework by BishopFox that lets authorized security teams simulate real attackers, operators run a control server while a compiled implant communicates back over TLS, WireGuard, HTTPS, or DNS.

What language is sliver written in?

Mainly Go. The stack also includes Go, Python, WireGuard.

What license does sliver use?

You can use and modify this software freely, but any project that includes it must also be released under the GPLv3 license.

How hard is sliver to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is sliver for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.