DEV.co
Open-Source Security · BishopFox

sliver

Sliver is an open-source adversary emulation and red team framework built in Go, enabling organizations to conduct security testing with dynamically compiled implants and multi-protocol command-and-control (C2) capabilities. It supports multiple deployment platforms (Windows, macOS, Linux) and offers features like process injection, DNS detection evasion, and scriptable automation via Python.

Source: GitHub — github.com/BishopFox/sliver
11.5k
GitHub stars
1.5k
Forks
Go
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryBishopFox/sliver
OwnerBishopFox
Primary languageGo
LicenseGPL-3.0 — OSI-approved
Stars11.5k
Forks1.5k
Open issues216
Latest releasev1.7.3 (2026-02-24)
Last updated2026-06-03
Sourcehttps://github.com/BishopFox/sliver

What sliver is

Go-based C2 framework with dynamic code generation, compile-time obfuscation, and multi-protocol transport (mTLS, WireGuard, HTTP(S), DNS). Implants support staged/stageless payloads, in-memory .NET assembly execution, COFF/BOF loading, and Windows process manipulation; server and client are cross-platform with multiplayer mode and scriptable control via Python bindings.

Quickstart

Get the sliver source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/BishopFox/sliver.gitcd sliver# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized Red Team Engagements

Organizations conducting authorized adversary emulation and penetration testing to validate detection and response capabilities in realistic attack scenarios.

Security Research and Education

Academic institutions and security research teams studying C2 mechanisms, evasion techniques, and attack methodologies in controlled environments.

Blue Team Detection Testing

Security operations teams testing their detection tools and incident response procedures against realistic C2 traffic patterns and implant behaviors.

Implementation considerations

  • Requires isolated, air-gapped or carefully segmented lab environments separate from production networks to prevent accidental compromise or data exfiltration.
  • Operators must maintain strict audit logs and monitoring of all Sliver server and implant activities for post-engagement review and compliance.
  • Dynamic binary generation and per-binary encryption keys necessitate reliable source code version control and build reproducibility practices.
  • Windows process injection and token manipulation features require elevated privileges; plan for privilege escalation testing phases with clear scope boundaries.
  • Multi-protocol C2 (DNS, HTTP, mTLS, WireGuard) demands careful firewall and egress filtering configuration to simulate realistic defensive postures.

When to avoid it — and what to weigh

  • Unauthorized Access Objectives — Do not use without explicit written authorization. Sliver's capabilities enable unauthorized system access; misuse violates computer fraud laws in virtually all jurisdictions.
  • Closed-Source Commercial Product — GPLv3 licensing requires derivative works and modifications to be released under the same license. Cannot be integrated into proprietary closed-source products without careful legal review.
  • Managed Hosting/SaaS Environments — Running Sliver as a service on shared infrastructure may expose other tenants to its C2 capabilities. Requires isolated, dedicated environments and strict access controls.
  • Zero Operational Security Expertise — Requires advanced understanding of C2 protocols, network isolation, logging, and incident response. Operators unfamiliar with operational security should not deploy.

License & commercial use

Licensed under GPLv3 (GNU General Public License v3.0). This is a strong copyleft license requiring that any modifications or derivative works be released under the same GPLv3 terms. Source code must remain publicly available. Some sub-components may carry separate licenses (requires review of subdirectories).

GPLv3 does not prohibit commercial use, but commercial entities using or modifying Sliver must comply with copyleft obligations: any modifications must be released under GPLv3, and users must have access to source code. Proprietary closed-source integration is not permitted. Consult legal counsel before commercial deployment or modification. Use as-is for authorized testing is generally permissible; custom forks are subject to copyleft requirements.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityHigh
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Sliver is designed as an offensive security tool simulating adversary behavior; it embodies attack patterns and evasion techniques. Key considerations: (1) Confine to isolated environments to prevent accidental deployment of implants; (2) Implant binaries are per-compilation unique with asymmetric encryption—maintain strict key and binary inventory; (3) DNS canaries and C2 traffic may trigger security alerts; coordinate with blue team; (4) Multi-protocol C2 includes legitimate-looking HTTPS and DNS—difficult for defenses to distinguish from benign traffic; test detection gaps intentionally; (5) Windows process injection and token manipulation require privilege assumption and log monitoring; (6) Require formal authorization and scope agreements before any engagement.

Alternatives to consider

Cobalt Strike

Commercial, proprietary C2 framework with similar C2 protocol flexibility, operationally mature, but closed-source and significantly higher cost. Better for organizations prioritizing commercial support and vendor accountability.

Metasploit Framework

Open-source penetration testing framework with C2 and post-exploitation modules (msfvenom, meterpreter). Broader scope but less specialized for adversary emulation; GPL-licensed but more modular.

Empire / PowerShell Empire

Open-source C2 framework focused on PowerShell and .NET; lighter-weight than Sliver but narrower platform support (primarily Windows). Good for Windows-centric engagements.

Software development agency

Build on sliver with DEV.co software developers

Sliver is a powerful open-source C2 framework for red team engagements. Requires strict scope, authorization, and operational security discipline. Our security engineering team can help you design isolated test environments, configure multi-protocol C2 channels, and integrate Sliver into your red team workflows. Contact us to discuss your security testing objectives.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

sliver FAQ

Can I use Sliver for commercial penetration testing?
Yes, if you are authorized and comply with GPLv3. If you modify Sliver, you must release modifications under GPLv3 and provide source to users. If using unmodified releases, commercial use (with authorization) is permissible. Consult legal counsel for your specific business model.
Does Sliver require a team of operators?
Multiplayer mode is supported, allowing multiple operators to control implants simultaneously. However, a single operator can use Sliver; multiplayer is optional. Minimum recommended: one operator with advanced red team and operational security knowledge.
What happens if Sliver implants reach production systems?
This is a critical risk; Sliver must run in isolated lab environments. Implants support full process injection, token theft, and lateral movement. Scope boundaries and network isolation are mandatory. Accidental production infection would be a serious incident.
Is Sliver detectable by EDR/XDR products?
Sliver includes obfuscation and per-binary encryption; detection varies by defensive tools. DNS canaries specifically test blue team detection of C2. The point of security testing is to find gaps—assume modern EDR/XDR can detect known Sliver patterns and test accordingly.

Custom software development services

Adopting sliver is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.

Ready to Deploy Sliver for Authorized Security Testing?

Sliver is a powerful open-source C2 framework for red team engagements. Requires strict scope, authorization, and operational security discipline. Our security engineering team can help you design isolated test environments, configure multi-protocol C2 channels, and integrate Sliver into your red team workflows. Contact us to discuss your security testing objectives.