Affected by GO-2025-4079 and 3 other vulnerabilities

GO-2025-4079: Silver has unrestricted traffic between Wireguard clients in github.com/bishopfox/sliver

GO-2026-4445: Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) in github.com/bishopfox/sliver

GO-2026-4466: Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service in github.com/bishopfox/sliver

GO-2026-4548: Sliver has Potential Zip Bomb Denial of Service in GzipEncoder in github.com/bishopfox/sliver

server

command

v1.4.15 Latest Latest Go to latest Published: May 30, 2021 License: GPL-3.0 Imports: 1 Imported by: 0

Details

This directory contains the Sliver server implementation, and is structured as follows:

assets/ - Static assets embedded in the server binary, and methods for manipulating these assets.
c2/ - The server-side command and control implementations
certs/ - X509 certificate generation and management code
cli - The command line arg parser
configs/ - Configuration file parsers
console/ - Server specific console code, the majority of the Sliver console code is in /client/console
core/ - Data structures and methods that manage connection state from implants, clients, etc.
cryptography/ - Cryptography code and wrappers around a few of Go's standard crypto APIs
daemon/ - Method for starting the server as a daemon
db/ - Database client, helper functions, and ORM models
generate/ - This package generates the implant executables and shared libraries
gobfuscate/ - Compile-time obfuscation library
gogo/ - Go wrappers around the Go compiler tool chain
handlers/ - Methods invoke-able by implants without user interaction
log/ - Wrappers around Logrus
msf/ - Metasploit helper functions
rpc/ - Remote procedure call implementations, generally called by the /client/ code
transport/ - Code that wires the server to the /client
website/ - Code that manages static content to host on HTTP(S) C2 domains
main.go - Entrypoint

There is no documentation for this package.