sliver

Sliver is an open-source framework used by security teams to simulate real-world attacks against computer networks. The practice is called adversary emulation or red teaming: a team of security professionals acts like an attacker, probing a company's defenses to find gaps before a real attacker does. Sliver was created by BishopFox, a cybersecurity consultancy.

The framework works in two parts. Operators control sessions from a server and client application that run on macOS, Windows, or Linux. The other part is a small program, called an implant, that gets installed on a target system during an authorized engagement. The implant communicates back to the control server over several network protocols: mutual TLS, WireGuard, HTTPS, and DNS. Because each implant is compiled fresh with unique encryption keys, it looks different every time it is built, which helps simulate how sophisticated real-world attackers avoid detection.

Notable features include multiplayer mode (so multiple testers can share one server session), both staged and stageless payloads (staged means the implant downloads additional code after initial access; stageless means it arrives complete), and Python scripting for automation. On Windows there are capabilities for moving between processes, injecting code into running applications, and manipulating user tokens, which are techniques commonly tested in red team exercises.

Installation is straightforward: a one-line command downloads and sets up the server on Linux, or you can compile from source. Documentation and tutorials are available at sliver.sh.

The code is released under the GPLv3 license.