sliver
Sliver is an open-source adversary emulation and red team framework built in Go, enabling organizations to conduct security testing with dynamically compiled implants and multi-protocol command-and-control (C2) capabilities. It supports multiple deployment platforms (Windows, macOS, Linux) and offers features like process injection, DNS detection evasion, and scriptable automation via Python.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | BishopFox/sliver |
| Owner | BishopFox |
| Primary language | Go |
| License | GPL-3.0 — OSI-approved |
| Stars | 11.5k |
| Forks | 1.5k |
| Open issues | 216 |
| Latest release | v1.7.3 (2026-02-24) |
| Last updated | 2026-06-03 |
| Source | https://github.com/BishopFox/sliver |
What sliver is
Go-based C2 framework with dynamic code generation, compile-time obfuscation, and multi-protocol transport (mTLS, WireGuard, HTTP(S), DNS). Implants support staged/stageless payloads, in-memory .NET assembly execution, COFF/BOF loading, and Windows process manipulation; server and client are cross-platform with multiplayer mode and scriptable control via Python bindings.
Get the sliver source
Clone the repository and explore it locally.
git clone https://github.com/BishopFox/sliver.gitcd sliver# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires isolated, air-gapped or carefully segmented lab environments separate from production networks to prevent accidental compromise or data exfiltration.
- Operators must maintain strict audit logs and monitoring of all Sliver server and implant activities for post-engagement review and compliance.
- Dynamic binary generation and per-binary encryption keys necessitate reliable source code version control and build reproducibility practices.
- Windows process injection and token manipulation features require elevated privileges; plan for privilege escalation testing phases with clear scope boundaries.
- Multi-protocol C2 (DNS, HTTP, mTLS, WireGuard) demands careful firewall and egress filtering configuration to simulate realistic defensive postures.
When to avoid it — and what to weigh
- Unauthorized Access Objectives — Do not use without explicit written authorization. Sliver's capabilities enable unauthorized system access; misuse violates computer fraud laws in virtually all jurisdictions.
- Closed-Source Commercial Product — GPLv3 licensing requires derivative works and modifications to be released under the same license. Cannot be integrated into proprietary closed-source products without careful legal review.
- Managed Hosting/SaaS Environments — Running Sliver as a service on shared infrastructure may expose other tenants to its C2 capabilities. Requires isolated, dedicated environments and strict access controls.
- Zero Operational Security Expertise — Requires advanced understanding of C2 protocols, network isolation, logging, and incident response. Operators unfamiliar with operational security should not deploy.
License & commercial use
Licensed under GPLv3 (GNU General Public License v3.0). This is a strong copyleft license requiring that any modifications or derivative works be released under the same GPLv3 terms. Source code must remain publicly available. Some sub-components may carry separate licenses (requires review of subdirectories).
GPLv3 does not prohibit commercial use, but commercial entities using or modifying Sliver must comply with copyleft obligations: any modifications must be released under GPLv3, and users must have access to source code. Proprietary closed-source integration is not permitted. Consult legal counsel before commercial deployment or modification. Use as-is for authorized testing is generally permissible; custom forks are subject to copyleft requirements.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | High |
| DEV.co fit | Possible |
| Assessment confidence | High |
Sliver is designed as an offensive security tool simulating adversary behavior; it embodies attack patterns and evasion techniques. Key considerations: (1) Confine to isolated environments to prevent accidental deployment of implants; (2) Implant binaries are per-compilation unique with asymmetric encryption—maintain strict key and binary inventory; (3) DNS canaries and C2 traffic may trigger security alerts; coordinate with blue team; (4) Multi-protocol C2 includes legitimate-looking HTTPS and DNS—difficult for defenses to distinguish from benign traffic; test detection gaps intentionally; (5) Windows process injection and token manipulation require privilege assumption and log monitoring; (6) Require formal authorization and scope agreements before any engagement.
Alternatives to consider
Cobalt Strike
Commercial, proprietary C2 framework with similar C2 protocol flexibility, operationally mature, but closed-source and significantly higher cost. Better for organizations prioritizing commercial support and vendor accountability.
Metasploit Framework
Open-source penetration testing framework with C2 and post-exploitation modules (msfvenom, meterpreter). Broader scope but less specialized for adversary emulation; GPL-licensed but more modular.
Empire / PowerShell Empire
Open-source C2 framework focused on PowerShell and .NET; lighter-weight than Sliver but narrower platform support (primarily Windows). Good for Windows-centric engagements.
Build on sliver with DEV.co software developers
Sliver is a powerful open-source C2 framework for red team engagements. Requires strict scope, authorization, and operational security discipline. Our security engineering team can help you design isolated test environments, configure multi-protocol C2 channels, and integrate Sliver into your red team workflows. Contact us to discuss your security testing objectives.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
sliver FAQ
Can I use Sliver for commercial penetration testing?
Does Sliver require a team of operators?
What happens if Sliver implants reach production systems?
Is Sliver detectable by EDR/XDR products?
Custom software development services
Adopting sliver is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.
Ready to Deploy Sliver for Authorized Security Testing?
Sliver is a powerful open-source C2 framework for red team engagements. Requires strict scope, authorization, and operational security discipline. Our security engineering team can help you design isolated test environments, configure multi-protocol C2 channels, and integrate Sliver into your red team workflows. Contact us to discuss your security testing objectives.