Welcome to SliverPy’s documentation!
SliverPy is a Python gRPC client library for Sliver. SliverPy can be used to automate any operator interaction with Sliver and connects to servers using gRPC over Mutual TLS (i.e., multiplayer) using Sliver operator configuration files.
Installation
The easiest way to install SliverPy is using PyPI. SliverPy should work on any platform supported by Python’s gRPC library.
$ python3 -m pip install sliver-py
However, you can also manually install the package by downloading the latest release from GitHub.
$ python3 -m pip install ./sliver-py-VERSION.tar.gz
Getting Started
To get started first download the latest Sliver server release you’ll need v1.5 or later to use SliverPy.
SliverPy connects to the Sliver server using “multiplayer mode” which can be enabled in the server console or using the Sliver server’s command line interface. In order to connect to the server you’ll need to first generate an operator configuration file. Clients connect to the Sliver server using mutual TLS (mTLS) and these operator configuration files contain the per-user TLS certificates (and other metadata) needed to make the connection to the server. These configuration files contain the user’s private key and should be treated as if they were a credential.
In the interactive console, the new-operator command is used to generate an operator configuration file. You’ll need to
subsequently enable multiplayer mode using the multiplayer command to start the multiplayer server listener. See the
--help for each of these commands for more details:
$ ./sliver-server
sliver > new-operator --name zer0cool --lhost localhost --save ./zer0cool.cfg
[*] Generating new client certificate, please wait ...
[*] Saved new client config to: /Users/zer0cool/zer0cool.cfg
sliver > multiplayer
[*] Multiplayer mode enabled!
Alternatively, the command line interface can be used to generate operator configuration files and start the multiplayer listener
without entering into the interactive console. See each subcommand’s --help for more details:
$ ./sliver-server operator --name zer0cool --lhost localhost --save ./zer0cool.cfg
$ ./sliver-server daemon
Now with the server running in the background you can connect to Sliver remotely (or locally) using the .cfg with SliverPy!
Connect Example
SliverPy is implemented using asyncio, if you’re unfamiliar with Python’s asyncio you may want to go read up on it before continuing.
I recommend starting with this presentation by Raymond Hettinger if you’re completely unfamiliar with Python threads/asyncio.
The main class is SliverClient, which when paired with a configuration file, allows you to interact with the Sliver server, sessions, and beacons:
#!/usr/bin/env python3
import os
import asyncio
from sliver import SliverClientConfig, SliverClient
CONFIG_PATH = os.path.join('path', 'to', 'default.cfg')
async def main():
''' Async client connect example '''
config = SliverClientConfig.parse_config_file(CONFIG_PATH)
client = SliverClient(config)
await client.connect()
sessions = await client.sessions()
print('Sessions: %r' % sessions)
if __name__ == '__main__':
asyncio.run(main())
Protobuf / gRPC
Under the hood SliverPy is communicating with the Sliver server using Protobuf and gRPC. While most of the details of these libraries are abstracted for you, it may be useful to familiarize yourself with the library conventions as SliverPy operates largely on Protobuf objects which do not follow Python language conventions.
There are three modules of Protobuf objects:
sliver.commonpb_pb2Contains common Protobuf objects that represent things like files and processes.sliver.client_pb2Contains objects that are specifically passed between the client and server, but not to the implant.sliver.sliver_pb2Contains objects that are passed to the client, server, and implant.
NOTE: Protobuf objects use CapitolCase whereas the SliverPy classes/etc. use snake_case.
These modules contain generated code and are not easy to read. However, the source Protobuf definitions are in the Sliver server repository to find the exact definitions that SliverPy is using see the git submodule in the SliverPy repository.
Interactive Sessions
To interact with a Sliver session we need to create an InteractiveSession object, the easiest way to do this is using the SliverClient’s
.interact_session() method, which takes a session ID and returns an InteractiveSession for that ID:
#!/usr/bin/env python3
import os
import asyncio
from sliver import SliverClientConfig, SliverClient
# Construct path to operator config file
CONFIG_PATH = os.path.join('path', 'to', 'operator.cfg')
async def main():
''' Session interact example '''
config = SliverClientConfig.parse_config_file(CONFIG_PATH)
client = SliverClient(config)
await client.connect()
sessions = await client.sessions() # <-- List Protobuf Session objects
if not len(sessions):
print('No sessions!')
return
session = await client.interact_session(sessions[0].ID) # <-- Create InteractiveSession object
ls = await session.ls() # <-- Returns an Ls Protobuf object
print('Listing directory contents of: %s' % ls.Path)
for fi in ls.Files:
print('FileName: %s (dir: %s, size: %d)' % (fi.Name, fi.IsDir, fi.Size))
if __name__ == '__main__':
asyncio.run(main())
NOTE: There are two “session” related objects the Protobuf client_pb2.Session object, which contains metadata about the sessions such as
the session ID, the active C2 protocol, etc. and the InteractiveSession class, which is used to interact with the session (i.e., execute commands, etc).
Interactive Beacons
To interact with a Sliver beacon we need to create an InteractiveBeacon object, the easiest way to do this is using the SliverClient’s
.interact_beacon() method, which takes a beacon ID and returns an InteractiveBeacon for that ID:
#!/usr/bin/env python3
import os
import asyncio
from sliver import SliverClientConfig, SliverClient
# Construct path to operator config file
CONFIG_PATH = os.path.join('path', 'to', 'operator.cfg')
async def main():
''' Session interact example '''
config = SliverClientConfig.parse_config_file(CONFIG_PATH)
client = SliverClient(config)
await client.connect()
beacons = await client.beacons() # <-- List Protobuf Session objects
if not len(beacons):
print('No beacons!')
return
beacon = await client.interact_beacon(beacons[0].ID) # <-- Create InteractiveSession object
ls_task = await beacon.ls() # <-- Creates a beacon task Future
print('Created beacon task: %s' % ls_task)
print('Waiting for beacon task to complete ...')
ls = await ls_task
# Beacon Task has completed (Future was resolved)
print('Listing directory contents of: %s' % ls.Path)
for fi in ls.Files:
print('FileName: %s (dir: %s, size: %d)' % (fi.Name, fi.IsDir, fi.Size))
if __name__ == '__main__':
asyncio.run(main())
NOTE: The main difference between interacting with a session vs. a beacon, is that a beacon’s command will return a Future object that eventually resolves to the task result.
Realtime Events
SliverPy also supports realtime events, which are pushed from the server to the client whenever an event occurs. For example, some of the more common events you’ll likely be interested in are when a new session is created or when a job starts/stops.
The SliverClient implements these real time events using asyncio.
Events are identified by an “event type,” which is just a string set by the producer of the event. This loose form
allows events to be very dynamic, however this also means there is no central authority for every event type. I
recommend always filtering on expected event types. The data included in an event also depends on whatever produced
the event, so you should always check that an attribute exists before accessing that attribute (with the exception of
event.EventType which must exist).
Here is a non exhaustive list of event types:
Event Type |
Description |
||
|
An existing session was lost |
||
|
An existing session was renamed / updated |
||
|
A job was started on the server |
||
|
A job stopped (due to error or user action) |
||
|
A new client connected to the server |
||
|
A client disconnected from the server |
||
|
A canary was burned / triggered / etc. |
||
|
A modification was made to implant builds |
||
|
An implant build completed (in success or failure) |
||
|
A modification was made to implant profiles |
||
|
A modification was made to website(s) |
||
|
A new beacon connected to the server |
||
|
A beacon task completed |
||
Automatically Interact With New Sessions
The SliverClient’s .on() method returns an async generator, which can be iterated over. .on() accepts a string or a list of strings to filter events.
Additionally, .events() can be used to obtain a generator that will yield all events.
Here is an example of using .on() to automatically interact with new sessions when they connect:
#!/usr/bin/env python3
import os
import asyncio
from sliver import SliverClientConfig, AsyncSliverClient, client_pb2
CONFIG_DIR = os.path.join(os.path.expanduser("~"), ".sliver-client", "configs")
CONFIG_PATH = os.path.join(CONFIG_DIR, "default.cfg")
async def main():
''' Client connect example '''
config = SliverClientConfig.parse_config_file(CONFIG_PATH)
client = AsyncSliverClient(config)
await client.connect()
async for event in client.on('session-connected'):
print('Automatically interacting with session %s' % event.Session.ID)
interact = await client.interact(event.Session.ID)
exec_result = await interact.execute('whoami', [], True)
print('Exec %r' % exec_result)
if __name__ == '__main__':
loop = asyncio.get_event_loop()
loop.run_until_complete(main())
SliverPy should integrate well with any framework that supports asyncio, but doing so is left
as an exercise for the reader.
API
Beacons
This module is used to connect to beacon gRPC APIs. Users should only need to use the InteractiveBeacon class. The BaseBeacon class is not intended to be used directly but can be inherited by other Beacon classes.
BaseBeacon
- class sliver.beacon.BaseBeacon(beacon, channel, timeout=60)[source]
- property active_c2: str
Active C2
- Return type
str
- property arch: str
Architecture
- Return type
str
- property beacon_id: str
Beacon ID
- Return type
str
- property filename: str
Beacon filename
- Return type
str
- property gid: str
Group ID
- Return type
str
- property hostname: str
Beacon hostname
- Return type
str
- property last_checkin: int
Last check in time
- Return type
int
- property name: str
Beacon name
- Return type
str
- property os: str
Operating system
- Return type
str
- property pid: int
Process ID
- Return type
int
- property reconnect_interval: int
Reconnect interval
- Return type
int
- property remote_address: str
Remote address
- Return type
str
- async taskresult_events()[source]
Monitor task events for results, resolve futures for any results we get back.
- property transport: str
Transport Method
- Return type
str
- property uid: str
User ID
- Return type
str
- property username: str
Username
- Return type
str
- property uuid: str
Beacon UUID
- Return type
str
- property version: str
Version
- Return type
str
InteractiveBeacon
- class sliver.InteractiveBeacon(beacon, channel, timeout=60)[source]
Bases:
BaseBeacon,BaseInteractiveCommandsWrap all commands that can be executed against a beacon mode implant
- async cd(*args, **kwargs)[source]
Change the current working directory of the implant
- Parameters
remote_path (str) – Remote path
- Returns
Protobuf pwd object
- Return type
- async download(*args, **kwargs)[source]
Download a file or directory from the remote file system
- Parameters
remote_path (str) – File to download
recurse (bool) – Download all files in a directory
- Returns
Protobuf Download object
- Return type
sliver_pb2.Download
- async execute(*args, **kwargs)[source]
Execute a command/subprocess on the remote system
- Parameters
exe (str) – Command/subprocess to execute
args (List[str]) – Arguments to the command/subprocess
output (bool) – Enable capturing command/subprocess stdout
- Returns
Protobuf Execute object
- Return type
- async execute_assembly(*args, **kwargs)[source]
Execute a .NET assembly in-memory on the remote system
- Parameters
assembly (bytes) – A buffer of the .NET assembly to execute
arguments (str) – Arguments to the .NET assembly
process (str) – Process to execute assembly
is_dll (bool) – Is assembly a DLL
arch (str) – Assembly architecture
class_name (str) – Class name of the assembly
method (str) – Method to execute
app_domain (str) – AppDomain
- Returns
Protobuf ExecuteAssembly object
- Return type
- async execute_shellcode(*args, **kwargs)[source]
Execute shellcode in-memory
- Parameters
data (bytes) – Shellcode buffer
rwx (bool) – Enable/disable RWX pages
pid (int) – Process ID to inject shellcode into
encoder (str, optional) – Encoder (‘’, ‘gzip’), defaults to ‘’
- Returns
Protobuf Task object
- Return type
- async get_env(*args, **kwargs)[source]
Get an environment variable
- Parameters
name (str) – Name of the variable
- Returns
Protobuf EnvInfo object
- Return type
- async get_system(*args, **kwargs)[source]
Attempt to get SYSTEM (Windows only)
- Parameters
hosting_process (str) – Hosting process to attempt gaining privileges
config (client_pb2.ImplantConfig) – Implant configuration to be injected into the hosting process
- Returns
Protobuf GetSystem object
- Return type
- async ifconfig(*args, **kwargs)[source]
Get network interface configuration information about the remote system
- Returns
Protobuf ifconfig object
- Return type
- async impersonate(*args, **kwargs)[source]
Impersonate a user using tokens (Windows only)
- Parameters
username (str) – User to impersonate
- Returns
Protobuf Impersonate object
- Return type
- async ls(*args, **kwargs)[source]
Get a directory listing from the remote system
- Parameters
remote_path (str) – Remote path
- Returns
Protobuf ls object
- Return type
- async make_token(*args, **kwargs)[source]
Make a Windows user token from a valid login (Windows only)
- Parameters
username (str) – Username
password (str) – Password
domain (str) – Domain
- Returns
Protobuf MakeToken object
- Return type
sliver_pb2.MakeToken
- async migrate(*args, **kwargs)[source]
Migrate implant to another process
- Parameters
pid (int) – Process ID to inject implant into
config (client_pb2.ImplantConfig) – Implant configuration to inject into the remote process
- Returns
Protobuf Migrate object
- Return type
- async mkdir(*args, **kwargs)[source]
Make a directory on the remote file system
- Parameters
remote_path (str) – Directory to create
- Returns
Protobuf Mkdir object
- Return type
- async msf(*args, **kwargs)[source]
Execute Metasploit payload on remote system, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.
- Parameters
payload (str) – Payload to generate
lhost (str) – Metasploit LHOST parameter
lport (int) – Metasploit LPORT parameter
encoder (str) – Metasploit encoder
iterations (int) – Iterations for Metasploit encoder
- Return type
None
- async msf_remote(*args, **kwargs)[source]
Execute Metasploit payload in a remote process, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.
- Parameters
payload (str) – Payload to generate
lhost (str) – Metasploit LHOST parameter
lport (int) – Metasploit LPORT parameter
encoder (str) – Metasploit encoder
iterations (int) – Iterations for Metasploit encoder
pid (int) – Process ID to inject the payload into
- Return type
None
- async netstat(*args, **kwargs)[source]
Get information about network connections on the remote system.
- Parameters
tcp (bool) – Get TCP information
udp (bool) – Get UDP information
ipv4 (bool) – Get IPv4 connection information
ipv6 (bool) – Get IPv6 connection information
listening (bool, optional) – Get listening connection information, defaults to True
- Returns
Protobuf netstat object
- Return type
List[sliver_pb2.SockTabEntry]
- async ping(*args, **kwargs)[source]
Send a round trip message to the implant (does NOT use ICMP)
- Returns
Protobuf ping object
- Return type
- async process_dump(*args, **kwargs)[source]
Dump a remote process’ memory
- Parameters
pid (int) – PID of the process to dump
- Returns
Protobuf ProcessDump object
- Return type
- async ps(*args, **kwargs)[source]
List the processes of the remote system
- Returns
Ps protobuf object
- Return type
List[common_pb2.Process]
- async pwd(*args, **kwargs)[source]
Get the implant’s current working directory
- Returns
Protobuf pwd object
- Return type
- async registry_create_key(*args, **kwargs)[source]
Create a registry key on the remote system (Windows only)
- Parameters
hive (str) – Registry hive to create key in
reg_path (str) – Registry path to create key in
key (str) – Key name
hostname (str) – Hostname
- Returns
Protobuf RegistryCreateKey object
- Return type
- async registry_read(*args, **kwargs)[source]
Read a value from the remote system’s registry (Windows only)
- Parameters
hive (str) – Registry hive to read value from
reg_path (str) – Path to registry key to read
key (str) – Key name to read
hostname (str) – Hostname
- Returns
Protobuf RegistryRead object
- Return type
- async registry_write(*args, **kwargs)[source]
Write a value to the remote system’s registry (Windows only)
- Parameters
hive (str) – Registry hive to write the key/value to
reg_path (str) – Registry path to write to
key (str) – Registry key to write to
hostname (str) – Hostname
string_value (str) – String value to write (ignored for non-string key)
byte_value (bytes) – Byte value to write (ignored for non-byte key)
dword_value (int) – DWORD value to write (ignored for non-DWORD key)
qword_value (int) – QWORD value to write (ignored for non-QWORD key)
reg_type (sliver_pb2.RegistryType) – Type of registry key to write
- Returns
Protobuf RegistryWrite object
- Return type
- async revert_to_self(*args, **kwargs)[source]
Revert to self from impersonation context
- Returns
Protobuf RevToSelf object
- Return type
- async rm(*args, **kwargs)[source]
Remove a directory or file(s)
- Parameters
remote_path (str) – Remote path
recursive (bool, optional) – Recursively remove file(s), defaults to False
force (bool, optional) – Forcefully remove the file(s), defaults to False
- Returns
Protobuf rm object
- Return type
- async run_as(*args, **kwargs)[source]
Run a command as another user on the remote system
- Parameters
username (str) – User to run process as
process_name (str) – Process to execute
args (str) – Arguments to process
- Returns
Protobuf RunAs object
- Return type
- async screenshot(*args, **kwargs)[source]
Take a screenshot of the remote system, screenshot data is PNG formatted
- Returns
Protobuf Screenshot object
- Return type
- async set_env(*args, **kwargs)[source]
Set an environment variable
- Parameters
name (str) – Name of the environment variable
value (str) – Value of the environment variable
- Returns
Protobuf SetEnv object
- Return type
- async sideload(*args, **kwargs)[source]
Sideload a shared library into a remote process using a platform specific in-memory loader (Windows, MacOS, Linux only)
- Parameters
data (bytes) – Shared library raw bytes
process_name (str) – Process name to sideload library into
arguments (str) – Arguments to the shared library
entry_point (str) – Entrypoint of the shared library
kill (bool) – Kill normal execution of the process when side loading the shared library
- Returns
Protobuf Sideload object
- Return type
- async spawn_dll(*args, **kwargs)[source]
Spawn a DLL on the remote system from memory (Windows only)
- Parameters
data (bytes) – DLL raw bytes
process_name (str) – Process name to spawn DLL into
arguments (str) – Arguments to the DLL
entry_point (str) – Entrypoint of the DLL
kill (bool) – Kill normal execution of the remote process when spawing the DLL
- Returns
Protobuf SpawnDll object
- Return type
- async terminate(*args, **kwargs)[source]
Terminate a remote process
- Parameters
pid (int) – The process ID to terminate.
force (bool, optional) – Force termination of the process, defaults to False
- Returns
Protobuf terminate object
- Return type
Clients
This module is used to connect to client gRPC APIs. Users should only need to use the SliverClient class. The BaseClient class is not intended to be directly but can be inherited by other Client classes.
BaseClient
SliverClient
- class sliver.SliverClient(config)[source]
Bases:
BaseClientAsyncio client implementation
- async add_website_content(name, web_path, content_type, content, timeout=60)[source]
Add content to a specific website
- Parameters
name (str) – Name of the website to add the content to
web_path (str) – Bind content to web path
content_type (str) – Specify the Content-type response HTTP header
content (bytes) – The raw response content
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Website object
- Return type
- async beacon_by_id(beacon_id, timeout=60)[source]
Get the beacon information from a beacon ID
- Parameters
beacon_id (str) – Beacon ID
timeout – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Beacon object
- Return type
Union[client_pb2.Beacon, None]
- beacon_event_types = ['beacon-registered']
- async beacon_task_content(task_id, timeout=60)[source]
Get a list of tasks for a beacon
- Parameters
task_id (sts) – Task ID get contents for
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of protobuf Task objects
- Return type
List[client_pb2.Task]
- async beacon_tasks(beacon_id, timeout=60)[source]
Get a list of tasks for a beacon
- Parameters
beacon_id (str) – Beacon ID to get tasks for
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of protobuf Task objects
- Return type
List[client_pb2.Task]
- async beacons(timeout=60)[source]
Get a list of active beacons
- Parameters
timeout – gRPC timeout, defaults to 60 seconds
- Return type
List[client_pb2.Beacon]
- async canaries(timeout=60)[source]
Get a list of canaries that have been generated during implant builds, includes metadata about those canaries
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of Protobuf DNSCanary objects
- Return type
List[client_pb2.DNSCanary]
- canary_event_types = ['canary']
- async connect()[source]
Establish a connection to the Sliver server
- Returns
Protobuf Version object, containing the server’s version information
- Return type
- async delete_implant_build(implant_name, timeout=60)[source]
Delete a historical implant build from the server by name
- Parameters
implant_name (str) – The name of the implant build to delete
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Return type
None
- async delete_implant_profile(profile_name, timeout=60)[source]
Delete an implant configuration profile by name
- Parameters
profile_name (str) – Name of the profile to delete
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Return type
None
- async generate_implant(config, timeout=360)[source]
Generate a new implant using a given configuration
- Parameters
config (client_pb2.ImplantConfig) – Protobuf ImplantConfig object
timeout (int, optional) – gRPC timeout, defaults to 360
- Returns
Protobuf Generate object containing the generated implant
- Return type
- async generate_msf_stager(arch, format, host, port, os, protocol, badchars, timeout=60)[source]
Create a Metasploit stager (if available on the server)
- Parameters
arch (str) – CPU architecture
format (str) – Binary format (MSF)
host (str) – LHOST (MSF)
port (int) – LPORT (MSF)
os (str) – Operating System (MSF)
protocol (client_pb2.StageProtocol) – Stager protocol (Protobuf StageProtocol object)
badchars (list, optional) – Bad characters, defaults to []
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf MsfStager object
- Return type
- async generate_wg_client_config(timeout=60)[source]
Generate a new WireGuard client configuration files
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf WGClientConfig object
- Return type
- async generate_wg_ip(timeout=60)[source]
Generate a unique IP address for use with WireGuard
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf UniqueWGIP object
- Return type
- async implant_builds(timeout=60)[source]
Get information about historical implant builds
- Returns
Protobuf Map object, the keys are implant names the values are implant configs
- Return type
Dict[str, client_pb2.ImplantConfig]
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- async implant_profiles(timeout=60)[source]
Get a list of all implant configuration profiles on the server
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of Protobuf ImplantProfile objects
- Return type
- async interact_beacon(beacon_id, timeout=60)[source]
Interact with a beacon, returns an
InteractiveBeacon- Parameters
beacon_id (str) – Beacon ID
timeout – gRPC timeout, defaults to 60 seconds
- Returns
An interactive beacon
- Return type
Optional[AsyncInteractiveBeacon]
- async interact_session(session_id, timeout=60)[source]
Interact with a session, returns an
InteractiveSession- Parameters
session_id (str) – Session ID
timeout – gRPC timeout, defaults to 60 seconds
- Returns
An interactive session
- Return type
Optional[InteractiveSession]
- async job_by_id(job_id, timeout=60)[source]
Get job by id
- Parameters
job_id (str) – Beacon ID to get tasks for
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of protobuf Job objects
- Return type
List[client_pb2.Job]
- async job_by_port(job_port, timeout=60)[source]
Get job by port
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of protobuf Job objects
- Return type
List[client_pb2.Job]
- job_event_types = ['job-started', 'job-stopped']
- async jobs(timeout=60)[source]
Get a list of active jobs
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of protobuf Job objects
- Return type
List[client_pb2.Job]
- async kill_beacon(beacon_id, timeout=60)[source]
Kill a beacon
- Parameters
beacon_id (str) – Numeric beacon ID to remove
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Return type
None
- async kill_job(job_id, timeout=60)[source]
Kill a job
- Parameters
job_id (int) – Numeric job ID to kill
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf KillJob object
- Return type
- async kill_session(session_id, force=False, timeout=60)[source]
Kill a session
- Parameters
session_id (str) – Session ID to kill
force (bool, optional) – Force kill the session, defaults to False
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Return type
None
- async on(event_types)[source]
Iterate on a specific event or list of events
- Parameters
event_types (Union[str, List[str]]) – An event type or list of event types
- Yield
A stream of events of the given type(s)
- Return type
- async operators(timeout=60)[source]
Get a list of operators and their online status
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of protobuf Operator objects
- Return type
List[client_pb2.Operator]
- async regenerate_implant(implant_name, timeout=60)[source]
Regenerate an implant binary given the implants “name”
- Parameters
implant_name (str) – The name of the implant to regenerate
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Generate object
- Return type
- async remove_website(name, timeout=60)[source]
Remove an entire website and its content
- Parameters
name (str) – The name of the website to remove
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Return type
None
- async remove_website_content(name, paths, timeout=60)[source]
Remove content from a specific website
- Parameters
name (str) – The name of the website from which to remove the content
paths (List[str]) – A list of paths to content that should be removed from the website
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Website object
- Return type
- async rename_beacon(beacon_id, name, timeout=60)[source]
Rename a beacon
- Parameters
beacon_id (str) – Beacon ID to update
name (str) – Rename beacon to this value
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
None
- Return type
None
- async rename_session(session_id, name, timeout=60)[source]
Rename a session
- Parameters
session_id (str) – Session ID to update
name (str) – Rename session to this value
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
None
- Return type
None
- async save_implant_profile(profile, timeout=60)[source]
Save an implant configuration profile to the server
- Parameters
profile (client_pb2.ImplantProfile) – An implant configuration profile (a Protobuf ImplantProfile object)
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf ImplantProfile object
- Return type
- async session_by_id(session_id, timeout=60)[source]
Get the session information from a session ID
- Parameters
session_id (str) – Session ID
timeout – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Session object
- Return type
Optional[client_pb2.Session]
- session_event_types = ['session-connected', 'session-disconnected']
- async sessions(timeout=60)[source]
Get a list of active sessions
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of protobuf Session objects
- Return type
List[client_pb2.Session]
- async shellcode(data, function_name, arguments='', timeout=60)[source]
Generate Donut shellcode
- Parameters
data (bytes) – The DLL file to wrap in a shellcode loader
function_name (str) – Function to call on the DLL
arguments (str) – Arguments to the function called
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf ShellcodeRDI object
- Return type
- async start_dns_listener(domains, host='0.0.0.0', port=53, canaries=True, persistent=False, enforce_otp=True, timeout=60)[source]
Start a DNS C2 listener
- Parameters
domains (List[str]) – C2 domains to listen for
canaries (bool) – Enable/disable DNS canaries
host (str) – Host interface to bind the listener to, an empty string will bind to all interfaces
port (int) – TCP port number to start listener on
persistent (bool, optional) – Register the listener as a persistent job (automatically start with server), defaults to False
enforce_otp (bool, optional) – Enforce OTP auth for DNS C2, defaults to True
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf DNSListener object
- Return type
- async start_http_listener(host='0.0.0.0', port=80, website='', domain='', persistent=False, timeout=60)[source]
Start an HTTP C2 listener
- Parameters
host (str) – Host interface to bind the listener to, an empty string will bind to all interfaces
port (int) – TCP port number to start listener on
website (str) – Name of the “website” to host on listener
domain (str) – Domain name for HTTP server (one domain per listener)
persistent (bool, optional) – Register the listener as a persistent job (automatically start with server), defaults to False
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf HTTPListener object (NOTE: HTTP/HTTPS both return HTTPListener objects)
- Return type
- async start_http_stager_listener(host, port, data, timeout=60)[source]
Start an HTTP stager listener
- Parameters
host (str) – Host interface to bind the listener to, an empty string will bind to all interfaces
port (int) – TCP port number to start listener on
data (bytes) – Binary data of stage to host on listener
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf StagerListener object
- Return type
- async start_https_listener(host='0.0.0.0', port=443, website='', domain='', cert=b'', key=b'', acme=False, persistent=False, enforce_otp=True, randomize_jarm=True, long_poll_timeout=1, long_poll_jitter=2, timeout=60)[source]
Start an HTTPS C2 listener
- Parameters
domain (str) – Domain name for HTTPS server (one domain per listener)
host (str) – Host interface to bind the listener to, an empty string will bind to all interfaces
port (int) – TCP port number to start listener on
website (str) – Name of the “website” to host on listener
cert (bytes) – TLS certificate (leave blank to generate self-signed certificate)
key (bytes) – TLS private key (leave blank to generate self-signed certificate)
acme (bool) – Automatically provision TLS certificate using ACME (i.e., Let’s Encrypt)
persistent (bool, optional) – Register the listener as a persistent job (automatically start with server), defaults to False
enforce_otp (bool, optional) – Enforce OTP auth for HTTPS C2, defaults to True
randomize_jarm (bool, optional) – Randomize JARM fingerprint for HTTPS C2, defaults to True
long_poll_timeout (int, optional) – Long poll timeout for HTTPS C2, defaults to 1
long_poll_jitter (int, optional) – Long poll jitter for HTTPS C2, defaults to 2
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf HTTPListener object (NOTE: HTTP/HTTPS both return HTTPListener objects)
- Return type
- async start_https_stager_listener(host, port, data, cert, key, acme, timeout=60)[source]
Start an HTTPS stager listener
- Parameters
host (str) – Host interface to bind the listener to, an empty string will bind to all interfaces
port (int) – TCP port number to start listener on
data (bytes) – Binary data of stage to host on listener
cert (bytes) – TLS certificate, leave blank to start listener as HTTP
key (bytes) – TLS key, leave blank to start listener as HTTP
acme (bool) – Automatically provision TLS certificate using ACME (i.e., Let’s Encrypt)
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf StagerListener object
- Return type
- async start_mtls_listener(host='0.0.0.0', port=8888, persistent=False, timeout=60)[source]
Start a mutual TLS (mTLS) C2 listener
- Parameters
host (str) – Host interface to bind the listener to, an empty string will bind to all interfaces
port (int) – TCP port number to start listener on
persistent (bool, optional) – Register the listener as a persistent job (automatically start with server), defaults to False
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf MTLSListener object
- Return type
- async start_tcp_stager_listener(host, port, data, timeout=60)[source]
Start a TCP stager listener
- Parameters
host (str) – Host interface to bind the listener to, an empty string will bind to all interfaces
port (int) – TCP port number to start listener on
data (bytes) – Binary data of stage to host on listener
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf StagerListener object
- Return type
- async start_wg_listener(tun_ip=None, host='0.0.0.0', port=53, n_port=8888, key_port=1337, persistent=False, timeout=60)[source]
Start a WireGuard (wg) C2 listener
- Parameters
tun_ip (str) – Virtual TUN IP listen address
port (int) – TCP port number to start listener on
port – UDP port to start listener on
n_port (int) – Virtual TUN port number
key_port (int) – Virtual TUN port number for key exchanges
persistent (bool, optional) – Register the listener as a persistent job (automatically start with server), defaults to False
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf WGListener object
- Return type
- async update_website(website, timeout=60)[source]
Update an entire website object on the server
- Parameters
website (client_pb2.Website) – The updated Protobuf Website object
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Website object
- Return type
- async update_website_content(name, web_path, content_type, content, timeout=60)[source]
Update content on a specific website / web path
- Parameters
name (str) – Name of the website to add the content to
web_path (str) – Bind content to web path
content_type (str) – Specify the Content-type response HTTP header
content (bytes) – The raw response content
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Website object
- Return type
- async version(timeout=60)[source]
Get server version information
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
Protobuf Version object
- Return type
- async websites(timeout=60)[source]
Get a list of websites
- Parameters
timeout (int, optional) – gRPC timeout, defaults to 60 seconds
- Returns
List of Protobuf Website objects
- Return type
List[client_pb2.Website]
Commands
This module contains the commands that can be used by interactive classes. Users should not need to implement this themselves, as the commands are called by InteractiveBeacon and InteractiveSession.
BaseInteractiveCommands
- class sliver.interactive.BaseInteractiveCommands[source]
- async call_extension(name, export, ext_args)[source]
Call an extension
- Parameters
name (str) – Extension name
export (str) – Extension entrypoint
ext_args (bytes) – Extension argument buffer
- Returns
Protobuf CallExtension object
- Return type
- async cd(remote_path)[source]
Change the current working directory of the implant
- Parameters
remote_path (str) – Remote path
- Returns
Protobuf pwd object
- Return type
- async download(remote_path, recurse=False)[source]
Download a file or directory from the remote file system
- Parameters
remote_path (str) – File to download
recurse (bool) – Download all files in a directory
- Returns
Protobuf Download object
- Return type
sliver_pb2.Download
- async execute(exe, args, output=True)[source]
Execute a command/subprocess on the remote system
- Parameters
exe (str) – Command/subprocess to execute
args (List[str]) – Arguments to the command/subprocess
output (bool) – Enable capturing command/subprocess stdout
- Returns
Protobuf Execute object
- Return type
- async execute_assembly(assembly, arguments, process, is_dll, arch, class_name, method, app_domain)[source]
Execute a .NET assembly in-memory on the remote system
- Parameters
assembly (bytes) – A buffer of the .NET assembly to execute
arguments (str) – Arguments to the .NET assembly
process (str) – Process to execute assembly
is_dll (bool) – Is assembly a DLL
arch (str) – Assembly architecture
class_name (str) – Class name of the assembly
method (str) – Method to execute
app_domain (str) – AppDomain
- Returns
Protobuf ExecuteAssembly object
- Return type
- async execute_shellcode(data, rwx, pid, encoder='')[source]
Execute shellcode in-memory
- Parameters
data (bytes) – Shellcode buffer
rwx (bool) – Enable/disable RWX pages
pid (int) – Process ID to inject shellcode into
encoder (str, optional) – Encoder (‘’, ‘gzip’), defaults to ‘’
- Returns
Protobuf Task object
- Return type
- async get_env(name)[source]
Get an environment variable
- Parameters
name (str) – Name of the variable
- Returns
Protobuf EnvInfo object
- Return type
- async get_system(hosting_process, config)[source]
Attempt to get SYSTEM (Windows only)
- Parameters
hosting_process (str) – Hosting process to attempt gaining privileges
config (client_pb2.ImplantConfig) – Implant configuration to be injected into the hosting process
- Returns
Protobuf GetSystem object
- Return type
- async ifconfig()[source]
Get network interface configuration information about the remote system
- Returns
Protobuf ifconfig object
- Return type
- async impersonate(username)[source]
Impersonate a user using tokens (Windows only)
- Parameters
username (str) – User to impersonate
- Returns
Protobuf Impersonate object
- Return type
- async ls(remote_path='.')[source]
Get a directory listing from the remote system
- Parameters
remote_path (str) – Remote path
- Returns
Protobuf ls object
- Return type
- async make_token(username, password, domain)[source]
Make a Windows user token from a valid login (Windows only)
- Parameters
username (str) – Username
password (str) – Password
domain (str) – Domain
- Returns
Protobuf MakeToken object
- Return type
sliver_pb2.MakeToken
- async migrate(pid, config)[source]
Migrate implant to another process
- Parameters
pid (int) – Process ID to inject implant into
config (client_pb2.ImplantConfig) – Implant configuration to inject into the remote process
- Returns
Protobuf Migrate object
- Return type
- async mkdir(remote_path)[source]
Make a directory on the remote file system
- Parameters
remote_path (str) – Directory to create
- Returns
Protobuf Mkdir object
- Return type
- async msf(payload, lhost, lport, encoder, iterations)[source]
Execute Metasploit payload on remote system, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.
- Parameters
payload (str) – Payload to generate
lhost (str) – Metasploit LHOST parameter
lport (int) – Metasploit LPORT parameter
encoder (str) – Metasploit encoder
iterations (int) – Iterations for Metasploit encoder
- Return type
None
- async msf_remote(payload, lhost, lport, encoder, iterations, pid)[source]
Execute Metasploit payload in a remote process, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.
- Parameters
payload (str) – Payload to generate
lhost (str) – Metasploit LHOST parameter
lport (int) – Metasploit LPORT parameter
encoder (str) – Metasploit encoder
iterations (int) – Iterations for Metasploit encoder
pid (int) – Process ID to inject the payload into
- Return type
None
- async netstat(tcp, udp, ipv4, ipv6, listening=True)[source]
Get information about network connections on the remote system.
- Parameters
tcp (bool) – Get TCP information
udp (bool) – Get UDP information
ipv4 (bool) – Get IPv4 connection information
ipv6 (bool) – Get IPv6 connection information
listening (bool, optional) – Get listening connection information, defaults to True
- Returns
Protobuf netstat object
- Return type
List[sliver_pb2.SockTabEntry]
- async ping()[source]
Send a round trip message to the implant (does NOT use ICMP)
- Returns
Protobuf ping object
- Return type
- async process_dump(pid)[source]
Dump a remote process’ memory
- Parameters
pid (int) – PID of the process to dump
- Returns
Protobuf ProcessDump object
- Return type
- async ps()[source]
List the processes of the remote system
- Returns
Ps protobuf object
- Return type
List[common_pb2.Process]
- async pwd()[source]
Get the implant’s current working directory
- Returns
Protobuf pwd object
- Return type
- async register_extension(name, data, goos, init)[source]
Call an extension
- Parameters
name (str) – Extension name
data (bytes) – Extension binary data
goos (str) – OS
init (str) – Init entrypoint to run
- Returns
Protobuf RegisterExtension object
- Return type
- async registry_create_key(hive, reg_path, key, hostname)[source]
Create a registry key on the remote system (Windows only)
- Parameters
hive (str) – Registry hive to create key in
reg_path (str) – Registry path to create key in
key (str) – Key name
hostname (str) – Hostname
- Returns
Protobuf RegistryCreateKey object
- Return type
- async registry_read(hive, reg_path, key, hostname)[source]
Read a value from the remote system’s registry (Windows only)
- Parameters
hive (str) – Registry hive to read value from
reg_path (str) – Path to registry key to read
key (str) – Key name to read
hostname (str) – Hostname
- Returns
Protobuf RegistryRead object
- Return type
- async registry_write(hive, reg_path, key, hostname, string_value, byte_value, dword_value, qword_value, reg_type)[source]
Write a value to the remote system’s registry (Windows only)
- Parameters
hive (str) – Registry hive to write the key/value to
reg_path (str) – Registry path to write to
key (str) – Registry key to write to
hostname (str) – Hostname
string_value (str) – String value to write (ignored for non-string key)
byte_value (bytes) – Byte value to write (ignored for non-byte key)
dword_value (int) – DWORD value to write (ignored for non-DWORD key)
qword_value (int) – QWORD value to write (ignored for non-QWORD key)
reg_type (sliver_pb2.RegistryType) – Type of registry key to write
- Returns
Protobuf RegistryWrite object
- Return type
- async revert_to_self()[source]
Revert to self from impersonation context
- Returns
Protobuf RevToSelf object
- Return type
- async rm(remote_path, recursive=False, force=False)[source]
Remove a directory or file(s)
- Parameters
remote_path (str) – Remote path
recursive (bool, optional) – Recursively remove file(s), defaults to False
force (bool, optional) – Forcefully remove the file(s), defaults to False
- Returns
Protobuf rm object
- Return type
- async run_as(username, process_name, args)[source]
Run a command as another user on the remote system
- Parameters
username (str) – User to run process as
process_name (str) – Process to execute
args (str) – Arguments to process
- Returns
Protobuf RunAs object
- Return type
- async screenshot()[source]
Take a screenshot of the remote system, screenshot data is PNG formatted
- Returns
Protobuf Screenshot object
- Return type
- async set_env(key, value)[source]
Set an environment variable
- Parameters
name (str) – Name of the environment variable
value (str) – Value of the environment variable
- Returns
Protobuf SetEnv object
- Return type
- async sideload(data, process_name, arguments, entry_point, kill)[source]
Sideload a shared library into a remote process using a platform specific in-memory loader (Windows, MacOS, Linux only)
- Parameters
data (bytes) – Shared library raw bytes
process_name (str) – Process name to sideload library into
arguments (str) – Arguments to the shared library
entry_point (str) – Entrypoint of the shared library
kill (bool) – Kill normal execution of the process when side loading the shared library
- Returns
Protobuf Sideload object
- Return type
- async spawn_dll(data, process_name, arguments, entry_point, kill)[source]
Spawn a DLL on the remote system from memory (Windows only)
- Parameters
data (bytes) – DLL raw bytes
process_name (str) – Process name to spawn DLL into
arguments (str) – Arguments to the DLL
entry_point (str) – Entrypoint of the DLL
kill (bool) – Kill normal execution of the remote process when spawing the DLL
- Returns
Protobuf SpawnDll object
- Return type
- async terminate(pid, force=False)[source]
Terminate a remote process
- Parameters
pid (int) – The process ID to terminate.
force (bool, optional) – Force termination of the process, defaults to False
- Returns
Protobuf terminate object
- Return type
- async unset_env(key)[source]
Unset an environment variable
- Parameters
value (str) – Value of the environment variable
- Returns
Protobuf SetEnv object
- Return type
- async upload(remote_path, data, is_ioc=False)[source]
Write data to specified path on remote file system
- Parameters
remote_path (str) – Remote path
data (bytes) – Data to write
is_ioc (bool, optional) – Data is an indicator of compromise, defaults to False
- Returns
Protobuf Upload object
- Return type
Configuration
- class sliver.config.SliverClientConfig(operator, lhost, lport, ca_certificate, certificate, private_key, token)[source]
This class parses and represents Sliver operator configuration files, typically this class is automatically instantiated using one of the class methods
SliverClientConfig.parse_config()orSliverClientConfig.parse_config_file()but can be directly instantiated too.- Parameters
operator (
str) – Operator name, note that this value is only used by the client and is ignored by the server.lhost (
str) – The listener host to connect to (i.e., the Sliver server host).lhost – The TCP port of the host listener (i.e., the TCP port of the Sliver “multiplayer” service).
ca_certificate (
str) – The Sliver server certificate authority.certificate (
str) – The mTLS client certificate.private_key (
str) – The mTLS private key.token (
str) – The user’s authentication token.
- Raises
ValueError – A parameter contained an invalid value.
- classmethod parse_config(data)[source]
Parses the content of a Sliver operator configuration file and returns the instantiated
SliverClientConfig- Parameters
data (Union[str, bytes]) – The Sliver operator configuration file content.
- Returns
An instantiated
SliverClientConfigobject.- Return type
- classmethod parse_config_file(filepath)[source]
Parse a given file path as a Sliver operator configuration file.
- Parameters
filepath (str) – File system path to an operator configuration file.
- Returns
An instantiated
SliverClientConfigobject.- Return type
Sessions
This module is used to connect to session gRPC APIs. Users should only need to use the InteractiveSession class. The BaseSession class is not intended to be used directly but can be inherited by other Session classes.
BaseSessions
- class sliver.session.BaseSession(session, channel, timeout=60)[source]
Base class for Session objects.
- Parameters
session (client_pb2.Session) – Session protobuf.
channel (grpc.Channel) – A gRPC channel.
timeout (int, optional) – Timeout in seconds
- property active_c2: str
Active C2
- Return type
str
- property arch: str
Architecture
- Return type
str
- property filename: str
Implant filename
- Return type
str
- property gid: str
Group ID
- Return type
str
- property hostname: str
Hostname
- Return type
str
- property is_dead: bool
Is dead
- Return type
bool
- property last_checkin: int
Last check in
- Return type
int
- property name: str
Session name
- Return type
str
- property os: str
Operating system
- Return type
str
- property pid: int
Process ID
- Return type
int
- property proxy_url: str
Proxy URL
- Return type
str
- property reconnect_interval: int
Reconnect interval
- Return type
int
- property remote_address: str
Remote address
- Return type
str
- property session_id: str
Session ID
- Return type
str
- property transport: str
Transport Method
- Return type
str
- property uid: str
User ID
- Return type
str
- property username: str
Username
- Return type
str
- property uuid: str
Session UUID
- Return type
str
- property version: str
Version
- Return type
str
InteractiveSession
- class sliver.InteractiveSession(session, channel, timeout=60)[source]
Bases:
BaseSession,BaseInteractiveCommandsSession only commands
- async backdoor(remote_path, profile_name)[source]
Backdoor a remote binary by injecting a Sliver payload into the executable using a code cave
- Parameters
remote_path (str) – Remote path to an executable to backdoor
profile_name (str) – Implant profile name to inject into the binary
- Returns
Protobuf Backdoor object
- Return type
- async pivot_listeners()[source]
List C2 pivots
- Returns
Protobuf PivotListener list
- Return type
List[sliver_pb2.PivotListener]
- async remove_service(name, hostname)[source]
Remove a Windows service (Windows only)
- Parameters
name (str) – Name of the service
hostname (str) – Hostname
- Returns
Protobuf ServiceInfo object
- Return type
- async start_service(name, description, exe, hostname, arguments)[source]
Create and start a Windows service (Windows only)
- Parameters
name (str) – Name of the service
description (str) – Service description
exe (str) – Path to the service .exe file
hostname (str) – Hostname
arguments (str) – Arguments to start the service with
- Returns
Protobuf ServiceInfo object
- Return type
Protobuf
Common Protobuf
This module contains the common Protobuf definitions, shared across both
client_pb2 and sliver_pb2.
- class sliver.pb.commonpb.common_pb2.EnvVar
- class sliver.pb.commonpb.common_pb2.Empty
- class sliver.pb.commonpb.common_pb2.File
- class sliver.pb.commonpb.common_pb2.Process
- class sliver.pb.commonpb.common_pb2.Request
- class sliver.pb.commonpb.common_pb2.Response
Client Protobuf
This module contains the client Protobuf definitions, client Protobuf messages are only passed between the client and server (and not to the implant).
- class sliver.pb.clientpb.client_pb2.AllHosts
- class sliver.pb.clientpb.client_pb2.AllLoot
- class sliver.pb.clientpb.client_pb2.Beacon
- class sliver.pb.clientpb.client_pb2.Beacons
- class sliver.pb.clientpb.client_pb2.BeaconTask
- class sliver.pb.clientpb.client_pb2.BeaconTasks
- class sliver.pb.clientpb.client_pb2.Canaries
- class sliver.pb.clientpb.client_pb2.Client
- class sliver.pb.clientpb.client_pb2.CloseTunnelReq
- class sliver.pb.clientpb.client_pb2.Compiler
- class sliver.pb.clientpb.client_pb2.CompilerTarget
- class sliver.pb.clientpb.client_pb2.CreateTunnel
- class sliver.pb.clientpb.client_pb2.CreateTunnelReq
- class sliver.pb.clientpb.client_pb2.Credential
- class sliver.pb.clientpb.client_pb2.CrossCompiler
- class sliver.pb.clientpb.client_pb2.DeleteReq
- class sliver.pb.clientpb.client_pb2.DllHijack
- class sliver.pb.clientpb.client_pb2.DllHijackReq
- class sliver.pb.clientpb.client_pb2.DNSCanary
- class sliver.pb.clientpb.client_pb2.DNSListener
- class sliver.pb.clientpb.client_pb2.DNSListenerReq
- class sliver.pb.clientpb.client_pb2.Event
- class sliver.pb.clientpb.client_pb2.ExtensionData
- class sliver.pb.clientpb.client_pb2.Generate
- class sliver.pb.clientpb.client_pb2.GenerateReq
- class sliver.pb.clientpb.client_pb2.GetSystemReq
- class sliver.pb.clientpb.client_pb2.HTTPListener
- class sliver.pb.clientpb.client_pb2.HTTPListenerReq
- class sliver.pb.clientpb.client_pb2.ImplantC2
- class sliver.pb.clientpb.client_pb2.ImplantConfig
- class sliver.pb.clientpb.client_pb2.ImplantProfile
- class sliver.pb.clientpb.client_pb2.ImplantProfiles
- class sliver.pb.clientpb.client_pb2.IOC
- class sliver.pb.clientpb.client_pb2.Job
- class sliver.pb.clientpb.client_pb2.Jobs
- class sliver.pb.clientpb.client_pb2.KillJob
- class sliver.pb.clientpb.client_pb2.KillJobReq
- class sliver.pb.clientpb.client_pb2.Loot
- class sliver.pb.clientpb.client_pb2.MigrateReq
- class sliver.pb.clientpb.client_pb2.MSFRemoteReq
- class sliver.pb.clientpb.client_pb2.MSFReq
- class sliver.pb.clientpb.client_pb2.MsfStager
- class sliver.pb.clientpb.client_pb2.MsfStagerReq
- class sliver.pb.clientpb.client_pb2.MTLSListener
- class sliver.pb.clientpb.client_pb2.MTLSListenerReq
- class sliver.pb.clientpb.client_pb2.NamedPipes
- class sliver.pb.clientpb.client_pb2.NamedPipesReq
- class sliver.pb.clientpb.client_pb2.Operator
- class sliver.pb.clientpb.client_pb2.Operators
- class sliver.pb.clientpb.client_pb2.PivotGraph
- class sliver.pb.clientpb.client_pb2.PivotGraphEntry
- class sliver.pb.clientpb.client_pb2.RegenerateReq
- class sliver.pb.clientpb.client_pb2.RenameReq
- class sliver.pb.clientpb.client_pb2.Session
- class sliver.pb.clientpb.client_pb2.Sessions
- class sliver.pb.clientpb.client_pb2.ShellcodeEncode
- class sliver.pb.clientpb.client_pb2.ShellcodeEncodeReq
- class sliver.pb.clientpb.client_pb2.ShellcodeRDI
- class sliver.pb.clientpb.client_pb2.ShellcodeRDIReq
- class sliver.pb.clientpb.client_pb2.StagerListener
- class sliver.pb.clientpb.client_pb2.StagerListenerReq
- class sliver.pb.clientpb.client_pb2.TCPPivot
- class sliver.pb.clientpb.client_pb2.TCPPivotReq
- class sliver.pb.clientpb.client_pb2.UniqueWGIP
- class sliver.pb.clientpb.client_pb2.Version
- class sliver.pb.clientpb.client_pb2.WebContent
- class sliver.pb.clientpb.client_pb2.Websites
- class sliver.pb.clientpb.client_pb2.WebsiteRemoveContent
- class sliver.pb.clientpb.client_pb2.WGClientConfig
- class sliver.pb.clientpb.client_pb2.WGListenerReq
- class sliver.pb.clientpb.client_pb2.WGListener
Sliver Protobuf
This module contains the Sliver Protobuf definitions, Sliver Protobuf messages are passed between the client, server, and implant.
- class sliver.pb.sliverpb.sliver_pb2.Backdoor
- class sliver.pb.sliverpb.sliver_pb2.BackdoorReq
- class sliver.pb.sliverpb.sliver_pb2.BeaconRegister
- class sliver.pb.sliverpb.sliver_pb2.BeaconTasks
- class sliver.pb.sliverpb.sliver_pb2.CallExtension
- class sliver.pb.sliverpb.sliver_pb2.CallExtensionReq
- class sliver.pb.sliverpb.sliver_pb2.CdReq
- class sliver.pb.sliverpb.sliver_pb2.CloseSession
- class sliver.pb.sliverpb.sliver_pb2.CurrentTokenOwner
- class sliver.pb.sliverpb.sliver_pb2.CurrentTokenOwnerReq
- class sliver.pb.sliverpb.sliver_pb2.DNSBlockHeader
- class sliver.pb.sliverpb.sliver_pb2.Envelope
- class sliver.pb.sliverpb.sliver_pb2.EnvInfo
- class sliver.pb.sliverpb.sliver_pb2.EnvReq
- class sliver.pb.sliverpb.sliver_pb2.Execute
- class sliver.pb.sliverpb.sliver_pb2.ExecuteAssembly
- class sliver.pb.sliverpb.sliver_pb2.ExecuteAssemblyReq
- class sliver.pb.sliverpb.sliver_pb2.ExecuteReq
- class sliver.pb.sliverpb.sliver_pb2.ExecuteWindowsReq
- class sliver.pb.sliverpb.sliver_pb2.FileInfo
- class sliver.pb.sliverpb.sliver_pb2.GetPrivs
- class sliver.pb.sliverpb.sliver_pb2.GetPrivsReq
- class sliver.pb.sliverpb.sliver_pb2.GetSystem
- class sliver.pb.sliverpb.sliver_pb2.HTTPSessionInit
- class sliver.pb.sliverpb.sliver_pb2.Ifconfig
- class sliver.pb.sliverpb.sliver_pb2.IfconfigReq
- class sliver.pb.sliverpb.sliver_pb2.Impersonate
- class sliver.pb.sliverpb.sliver_pb2.ImpersonateReq
- class sliver.pb.sliverpb.sliver_pb2.InvokeExecuteAssemblyReq
- class sliver.pb.sliverpb.sliver_pb2.InvokeGetSystemReq
- class sliver.pb.sliverpb.sliver_pb2.InvokeInProcExecuteAssemblyReq
- class sliver.pb.sliverpb.sliver_pb2.InvokeMigrateReq
- class sliver.pb.sliverpb.sliver_pb2.InvokeSpawnDllReq
- class sliver.pb.sliverpb.sliver_pb2.KillReq
- class sliver.pb.sliverpb.sliver_pb2.ListExtensions
- class sliver.pb.sliverpb.sliver_pb2.ListExtensionsReq
- class sliver.pb.sliverpb.sliver_pb2.Ls
- class sliver.pb.sliverpb.sliver_pb2.LsReq
- class sliver.pb.sliverpb.sliver_pb2.MakeTokenReq
- class sliver.pb.sliverpb.sliver_pb2.Migrate
- class sliver.pb.sliverpb.sliver_pb2.Mkdir
- class sliver.pb.sliverpb.sliver_pb2.MkdirReq
- class sliver.pb.sliverpb.sliver_pb2.Mv
- class sliver.pb.sliverpb.sliver_pb2.MvReq
- class sliver.pb.sliverpb.sliver_pb2.NetConnPivot
- class sliver.pb.sliverpb.sliver_pb2.NetInterface
- class sliver.pb.sliverpb.sliver_pb2.Netstat
- class sliver.pb.sliverpb.sliver_pb2.NetstatReq
- class sliver.pb.sliverpb.sliver_pb2.OpenSession
- class sliver.pb.sliverpb.sliver_pb2.Ping
- class sliver.pb.sliverpb.sliver_pb2.PivotHello
- class sliver.pb.sliverpb.sliver_pb2.PivotListener
- class sliver.pb.sliverpb.sliver_pb2.PivotListeners
- class sliver.pb.sliverpb.sliver_pb2.PivotListenersReq
- class sliver.pb.sliverpb.sliver_pb2.PivotPeer
- class sliver.pb.sliverpb.sliver_pb2.PivotPeerEnvelope
- class sliver.pb.sliverpb.sliver_pb2.PivotPeerFailure
- class sliver.pb.sliverpb.sliver_pb2.PivotPing
- class sliver.pb.sliverpb.sliver_pb2.PivotServerKeyExchange
- class sliver.pb.sliverpb.sliver_pb2.PivotStartListenerReq
- class sliver.pb.sliverpb.sliver_pb2.PivotStopListenerReq
- class sliver.pb.sliverpb.sliver_pb2.PollInterval
- class sliver.pb.sliverpb.sliver_pb2.PollIntervalReq
- class sliver.pb.sliverpb.sliver_pb2.Portfwd
- class sliver.pb.sliverpb.sliver_pb2.PortfwdReq
- class sliver.pb.sliverpb.sliver_pb2.ProcessDump
- class sliver.pb.sliverpb.sliver_pb2.ProcessDumpReq
- class sliver.pb.sliverpb.sliver_pb2.Ps
- class sliver.pb.sliverpb.sliver_pb2.PsReq
- class sliver.pb.sliverpb.sliver_pb2.Pwd
- class sliver.pb.sliverpb.sliver_pb2.PwdReq
- class sliver.pb.sliverpb.sliver_pb2.Reconfigure
- class sliver.pb.sliverpb.sliver_pb2.ReconfigureReq
- class sliver.pb.sliverpb.sliver_pb2.Register
- class sliver.pb.sliverpb.sliver_pb2.RegisterExtension
- class sliver.pb.sliverpb.sliver_pb2.RegisterExtensionReq
- class sliver.pb.sliverpb.sliver_pb2.RegistryCreateKey
- class sliver.pb.sliverpb.sliver_pb2.RegistryCreateKeyReq
- class sliver.pb.sliverpb.sliver_pb2.RegistryDeleteKey
- class sliver.pb.sliverpb.sliver_pb2.RegistryDeleteKeyReq
- class sliver.pb.sliverpb.sliver_pb2.RegistryListValuesReq
- class sliver.pb.sliverpb.sliver_pb2.RegistryRead
- class sliver.pb.sliverpb.sliver_pb2.RegistryReadReq
- class sliver.pb.sliverpb.sliver_pb2.RegistrySubKeyList
- class sliver.pb.sliverpb.sliver_pb2.RegistrySubKeyListReq
- class sliver.pb.sliverpb.sliver_pb2.RegistryValuesList
- class sliver.pb.sliverpb.sliver_pb2.RegistryWrite
- class sliver.pb.sliverpb.sliver_pb2.RegistryWriteReq
- class sliver.pb.sliverpb.sliver_pb2.RemoveServiceReq
- class sliver.pb.sliverpb.sliver_pb2.RevToSelf
- class sliver.pb.sliverpb.sliver_pb2.RevToSelfReq
- class sliver.pb.sliverpb.sliver_pb2.Rm
- class sliver.pb.sliverpb.sliver_pb2.RmReq
- class sliver.pb.sliverpb.sliver_pb2.RunAs
- class sliver.pb.sliverpb.sliver_pb2.RunAsReq
- class sliver.pb.sliverpb.sliver_pb2.Screenshot
- class sliver.pb.sliverpb.sliver_pb2.ScreenshotReq
- class sliver.pb.sliverpb.sliver_pb2.ServiceInfo
- class sliver.pb.sliverpb.sliver_pb2.ServiceInfoReq
- class sliver.pb.sliverpb.sliver_pb2.SessionRegister
- class sliver.pb.sliverpb.sliver_pb2.SetEnv
- class sliver.pb.sliverpb.sliver_pb2.SetEnvReq
- class sliver.pb.sliverpb.sliver_pb2.Shell
- class sliver.pb.sliverpb.sliver_pb2.ShellReq
- class sliver.pb.sliverpb.sliver_pb2.Sideload
- class sliver.pb.sliverpb.sliver_pb2.SideloadReq
- class sliver.pb.sliverpb.sliver_pb2.Socks
- class sliver.pb.sliverpb.sliver_pb2.SocksData
- class sliver.pb.sliverpb.sliver_pb2.SpawnDll
- class sliver.pb.sliverpb.sliver_pb2.SpawnDllReq
- class sliver.pb.sliverpb.sliver_pb2.SSHCommand
- class sliver.pb.sliverpb.sliver_pb2.SSHCommandReq
- class sliver.pb.sliverpb.sliver_pb2.StartServiceReq
- class sliver.pb.sliverpb.sliver_pb2.StopServiceReq
- class sliver.pb.sliverpb.sliver_pb2.Task
- class sliver.pb.sliverpb.sliver_pb2.TaskReq
- class sliver.pb.sliverpb.sliver_pb2.Terminate
- class sliver.pb.sliverpb.sliver_pb2.TerminateReq
- class sliver.pb.sliverpb.sliver_pb2.Tunnel
- class sliver.pb.sliverpb.sliver_pb2.TunnelData
- class sliver.pb.sliverpb.sliver_pb2.UnsetEnv
- class sliver.pb.sliverpb.sliver_pb2.UnsetEnvReq
- class sliver.pb.sliverpb.sliver_pb2.Upload
- class sliver.pb.sliverpb.sliver_pb2.UploadReq
- class sliver.pb.sliverpb.sliver_pb2.WGPortForward
- class sliver.pb.sliverpb.sliver_pb2.WGPortForwardStartReq
- class sliver.pb.sliverpb.sliver_pb2.WGPortForwardStopReq
- class sliver.pb.sliverpb.sliver_pb2.WGSocks
- class sliver.pb.sliverpb.sliver_pb2.WGSocksServer
- class sliver.pb.sliverpb.sliver_pb2.WGSocksServers
- class sliver.pb.sliverpb.sliver_pb2.WGSocksServersReq
- class sliver.pb.sliverpb.sliver_pb2.WGSocksStartReq
- class sliver.pb.sliverpb.sliver_pb2.WGSocksStopReq
- class sliver.pb.sliverpb.sliver_pb2.WGTCPForwarder
- class sliver.pb.sliverpb.sliver_pb2.WGTCPForwarders
- class sliver.pb.sliverpb.sliver_pb2.WGTCPForwardersReq
- class sliver.pb.sliverpb.sliver_pb2.WindowsPrivilegeEntry