sliver

Control the Sliver C2 server via its API. All commands use type: sliver.

Note

For developers: The sliver and sliver-session command families use a legacy type + cmd discrimination pattern and should not be replicated. New commands must define a unique type literal and handle sub-behavior branching via cmd in the executor. See Adding a New Command for details.

start_https_listener

Start an HTTPS listener on the Sliver server.

commands:
  - type: sliver
    cmd: start_https_listener
    host: 0.0.0.0
    port: 443

host

Network interface to bind the listener to.

Type:: str
Default:: 0.0.0.0

port

TCP port to listen on.

Type:: int
Default:: 443

domain

Limit responses to specific domain.

Type:: str
Default:: `` ``

website

Website name to associate with this listener.

Type:: str
Default:: `` ``

acme

Attempt to provision a let’s encrypt certificate.

Type:: bool
Default:: False

persistent

Keep the listener running across Sliver server restarts.

Type:: bool
Default:: False

enforce_otp

Require OTP authentication for connecting implants.

Type:: bool
Default:: True

randomize_jarm

Enable randomized JARM fingerprints.

Type:: bool
Default:: True

long_poll_timeout

Server-side long poll timeout(in seconds).

Type:: int
Default:: 1

long_poll_jitter

Server-side long poll jitter(in seconds)

Type:: int
Default:: 2

timeout

Command timeout in seconds.

Type:: int
Default:: 60

generate_implant

Generates a new sliver binary and saves the implant to a given path or to /tmp/<name>. The path to the implant is saved and can be retrieved from the builtin variable $LAST_SLIVER_IMPLANT.

commands:
  - type: sliver
    cmd: generate_implant
    c2url: "https://myC2url.com"
    name: "linux_implant"
    target: linux/amd64
    filepath: /path/to/implant/my_implant

target

Target operating system and architecture. Supported values:

darwin/amd64
darwin/arm64
linux/386
linux/amd64
windows/386
windows/amd64

Type:: str
Default:: linux/amd64

c2url

URL which is used by the implant to reach the C2 server.

Type:: str
Required:: True

format

Output format for the implant binary. One of:

EXECUTABLE
SERVICE
SHARED_LIB
SHELLCODE

Type:: str
Default:: EXECUTABLE

name

Name of the implant. This name is the session identifier used by sliver-session commands.

Type:: str
Required:: True

filepath

The local filepath to save the implant to. If omitted, the implant is saved to /tmp. The filename will be randomly genrated and have the format ^tmp[a-z0-9]{8}$.

Type:: str
Default:: /tmp/<name>

IsBeacon

Generate a beacon-mode implant instead of a session-mode implant.

Type:: bool
Default:: False

RunAtLoad

Run the implant entrypoint from DllMain/Constructor (shared library only).

Type:: bool
Default:: False

Evasion

Enable evasion features such as overwriting user space hooks.

Type:: bool
Default:: False