Releases: BishopFox/sliver
Releases · BishopFox/sliver
v1.6.2
What's Changed
- Implement --rc for scripting initial inputs by @moloch-- in #2091
- Fix interactive prompt cancellation handling by @AnvithLobo in #2090
- Bump golang.org/x/mod from 0.30.0 to 0.31.0 by @dependabot[bot] in #2096
- Bump github.com/miekg/dns from 1.1.68 to 1.1.69 by @dependabot[bot] in #2093
- Bump github.com/ncruces/go-sqlite3 from 0.29.1 to 0.30.4 by @dependabot[bot] in #2095
- Bump filippo.io/age from 1.2.1 to 1.3.1 by @dependabot[bot] in #2092
- Fix DNS beacon closing immediately after registering by @13621 in #2102
- Bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by @dependabot[bot] in #2094
- Fix rportfwd by @rkervella in #2103
- Flush output on exit by @moloch-- in #2104
New Contributors
Full Changelog: v1.6.1...v1.6.2
Contributors
moloch--, dependabot, and 3 other contributors
Assets 34
- 32.2 MB
2026-01-08T21:11:09Z - 322 Bytes
2026-01-08T21:11:09Z - 30.1 MB
2026-01-08T21:11:09Z - 322 Bytes
2026-01-08T21:11:09Z - 30.1 MB
2026-01-08T21:11:09Z - 318 Bytes
2026-01-08T21:11:10Z - 32.2 MB
2026-01-08T21:11:10Z - 320 Bytes
2026-01-08T21:11:11Z - 30.1 MB
2026-01-08T21:11:11Z - 320 Bytes
2026-01-08T21:11:11Z -
2026-01-08T20:56:45Z -
2026-01-08T20:56:45Z - Loading
v1.6.1
What's Changed
- Improve gRPC Error Codes by @moloch-- in #2081
- Experiamental MCP Support by @moloch-- in #2083
- Improvements to Implant Build Layout by @moloch-- in #2084
- Bump github.com/klauspost/compress from 1.18.0 to 1.18.1 by @dependabot[bot] in #2029
- Fix beacon panic race condition by @AnvithLobo in #2086
- New command: add command aliases (aka) by @carterburn in #2032
- Rename implant/sliver imports by @moloch-- in #2087
- Reduce flickering text in readline by @moloch-- in #2088
New Contributors
- @AnvithLobo made their first contribution in #2086
- @carterburn made their first contribution in #2032
Full Changelog: v1.6.0...v1.6.1
Contributors
moloch--, carterburn, and 2 other contributors
Assets 34
v1.6.0
What's Changed
- Verbose error when msfvenom fails in
generate stargerby @rkervella in #1239 - Bump gorm.io/gorm from 1.25.0 to 1.25.1 by @dependabot[bot] in #1234
- Check for nil session when using
session -kby @rkervella in #1242 - Added memory file feature by @rwincey in #1238
- Fix msg type errors in tasks fetch command by @xl4sh in #1243
- Bump gorm.io/driver/sqlite from 1.5.0 to 1.5.1 by @dependabot[bot] in #1249
- Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 by @dependabot[bot] in #1245
- Bump gorm.io/driver/postgres from 1.5.0 to 1.5.2 by @dependabot[bot] in #1247
- Bump gorm.io/driver/mysql from 1.5.0 to 1.5.1 by @dependabot[bot] in #1246
- More information from the jobs command about stage listeners by @RafBishopFox in #1251
- Update autorelease action by @moloch-- in #1255
- Customization of the LURI for MSF Stager Payloads by @RafBishopFox in #1257
- C2/serversign by @moloch-- in #1258
- New CLI system by @maxlandon in #1261
- Client Side Error for Invalid / Unsupported TLS Certs for HTTPS listener by @RafBishopFox in #1267
- Add back server admin commands by @maxlandon in #1264
- Adding validation for advanced C2 options by @RafBishopFox in #1266
- Experimental console logging with golang.org/x/exp/slog by @maxlandon in #1269
- V1.6.0/rpclogger by @moloch-- in #1271
- Rotate and compress server-side console logs by @moloch-- in #1272
- Add console session asciicast recorder by @maxlandon in #1274
- Fixing new line issue for shell commands with windows sliver client by @kernelpanic-bf in #1273
- Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 by @dependabot[bot] in #1275
- Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot[bot] in #1278
- Bump github.com/klauspost/compress from 1.15.12 to 1.16.5 by @dependabot[bot] in #1276
- Bump github.com/glebarez/sqlite from 1.7.0 to 1.8.0 by @dependabot[bot] in #1279
- Bump github.com/ncruces/go-sqlite3 from 0.5.3 to 0.7.0 by @dependabot[bot] in #1277
- MSF Stager Advanced Options by @RafBishopFox in #1281
- Add wasm output in beacon mode by @moloch-- in #1283
- Bump modernc.org/sqlite from 1.22.1 to 1.23.1 by @dependabot[bot] in #1291
- Bump gorm.io/driver/sqlite from 1.5.1 to 1.5.2 by @dependabot[bot] in #1292
- Bump github.com/ncruces/go-sqlite3 from 0.7.0 to 0.7.2 by @dependabot[bot] in #1293
- Storing Shikata Ga Nai (SGN) preference with implant profile by @RafBishopFox in #1298
- "profiles info" subcommand and saving poll timeout in profile by @RafBishopFox in #1299
- Hidden windows for Executed Processes on Windows by @RafBishopFox in #1301
- Fix implant exit code. by @rkervella in #1302
- Fallback to Direct Connection when HTTP Proxy Connection Fails by @RafBishopFox in #1295
- Add additional details to audit log by @moloch-- in #1303
- Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot[bot] in #1308
- Bump google.golang.org/grpc from 1.55.0 to 1.56.0 by @dependabot[bot] in #1306
- Bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 by @dependabot[bot] in #1305
- Bump golang.org/x/crypto from 0.9.0 to 0.10.0 by @dependabot[bot] in #1304
- Bump golang.org/x/net from 0.10.0 to 0.11.0 by @dependabot[bot] in #1312
- Bump google.golang.org/grpc from 1.56.0 to 1.56.1 by @dependabot[bot] in #1313
- Add command to task many implants at once by @ActualTrash in #1311
- Bump github.com/AlecAivazis/survey/v2 from 2.3.6 to 2.3.7 by @dependabot[bot] in #1316
- Bump github.com/klauspost/compress from 1.16.5 to 1.16.6 by @dependabot[bot] in #1314
- Fix make token test by @rkervella in #1319
- Multiplayer/Tailscale by @moloch-- in #1322
- Go v1.20.5 by @moloch-- in #1323
- Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot[bot] in #1325
- Bump gorm.io/gorm from 1.25.2-0.20230530020048-26663ab9bf55 to 1.25.2 by @dependabot[bot] in #1324
- Add RC4 support to shellcode stager by @stephenbradshaw in #1332
- Upload command: Changes to remote path specification by @RafBishopFox in #1341
- Fix pstree (v1.6) by @rkervella in #1345
- Added a copy file command by @Paradoxis in #1346
- Add option to disable connect to tcp/80 when tcp/443 not reachable by @xinhuang in #1352
- Enhance the
installscript by @n3rada in #1350 - fix 'gpg: invalid armor header' by @rarFood in #1356
- Fix CP command file occupation by @SpadesA99 in #1368
- Bump golang.org/x/sys from 0.9.0 to 0.10.0 by @dependabot[bot] in #1339
- Go 1.20.7 by @moloch-- in #1372
- Use path.Join for embedded fs instead of filepath.Join by @rkervella in #1373
- Bump golang.org/x/crypto from 0.10.0 to 0.11.0 by @dependabot[bot] in #1335
- Add the ability to generate .exe MSF stagers from Sliver by @TheDuchy in #1377
- Bump github.com/tetratelabs/wazero from 1.2.1 to 1.3.1 by @dependabot[bot] in #1375
- Add basic len check to mtls conn by @moloch-- in #1374
- Notxt dns by @rwincey in #1284
- Added Cybereason ActiveProbe to known processes by @c2biz in #1381
- Go v1.21.0 by @moloch-- in #1382
- Update ps.go by @realalexandergeorgiev in #1398
- Fix the process handle leak when using ps command on Windows by @SpadesA99 in #1399
- Fix filters in the download command by @RafBishopFox in #1409
- Bump github.com/klauspost/compress from 1.16.6 to 1.17.0 by @dependabot[bot] in #1416
- client/console: fix dropped error by @alrs in #1430
- Update install by @4nt11 in #1420
- Go 1.21.3 by @moloch-- in #1432
- Bump golang.org/x/net from 0.11.0 to 0.17.0 by @dependabot[bot] in #1431
- Adding the grep command by @RafBishopFox in #1422
- chore: remove refs to deprecated io/ioutil by @testwill in #1437
- client/command/filesystem: fix dropped error by @alrs in #1440
- Head and Tail commands by @RafBishopFox in #1407
- Bump tailscale.com from 1.44.0 to 1.50.1 by @dependabot[bot] in #1425
- Bump google.golang.org/grpc from 1.56.1 to 1.59.0 by @dependabot[bot] in #1443
- Fixed min_path and max_path settings on http profile customization by @draka15 in #1446
- Fixing issue with User Agent in Implant Generation by @RafBishopFox in #1445
- client/command/info: fix dropped errors by @alrs in #1447
- Fix: removed implant macos and generic proxy logs when debug is disabled by @D00Movenok in #1453
- V1.6.0/http c2 by @TimBF in #1454
- Go/v1.21.4 by @moloch-- in #1455
- allow profile updates by @TimBF in #1456
- Allow selective staging by @TimBF in #1457
- Bump actions/chec...
Contributors
alrs, moloch--, and 48 other contributors
Assets 34
v1.5.44
v1.5.44
v1.5.43
v1.5.43
v1.5.42
Fix for DNS C2, and other small backports. Hoping to have a v1.6 release soon with many more updates!
v1.5.41
v1.5.41
v1.5.40
This release fixes a vulnerability (CVE-2023-34758) in the Sliver Key Encapsulation Mechanism (KEM), where improper use of Nacl Box (libsodium) could allow a MitM attacker with a copy of the implant binary to recover the session key and arbitrarily encrypt/decrypt C2 messages. Note that the Sliver KEM is only used over insecure protocols such as HTTP and DNS, and does not affect mTLS or Wireguard.
The issue was addressed by switching to a combination age for the KEM and HMAC-SHA2-256 to verify the implant.
More details: GHSA-8jxm-xp43-qh3q
Special thanks to Ting-Wei Hsieh from CHT Security Co. Ltd. for reporting the vulnerability.
v1.5.39
Commits
- ad53f90: Bump github.com/miekg/dns from 1.1.53 to 1.1.54 (dependabot[bot]) #1217
- 5b22e6d: Bump modernc.org/sqlite from 1.22.0 to 1.22.1 (dependabot[bot]) #1218
- d921c3c: Add ESET Internet Security to kwnown security processes (smeukinou) #1220
- 2f9c84c: FIX implant generation with locale limit not compiling when not in debug mode (smeukinou) #1221
- b5e611d: FIX windows screenshot when multiple monitors are used, and they are not exactly side-by-side (smeukinou) #1222
- a468ec8: Allow
migrateto use process names (rkervella) #1223 - 64c40ba: Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (dependabot[bot]) #1226
- 27c6e8e: Bump golang.org/x/term from 0.7.0 to 0.8.0 (dependabot[bot]) #1227
- d547708: Go v1.20.4 (moloch--) #1229
- 4690430: update installer to symlink sliver/sliver-client (moloch--)
- 38a740a: Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (dependabot[bot]) #1232
- 52daa1a: Adding support for specifying DNS resolvers through advanced options (Raf) #1235
v1.5.38
Commits
- 57ddb1a: Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (dependabot[bot]) #1199
- 8c06b83: Bump gorm.io/gorm from 1.24.7-0.20230306060331-85eaf9eeda11 to 1.25.0 (dependabot[bot]) #1200
- ef1c034: Bump gorm.io/driver/sqlite from 1.4.4 to 1.5.0 (dependabot[bot]) #1201
- 7479e86: Bump gorm.io/driver/mysql from 1.4.7 to 1.5.0 (dependabot[bot]) #1202
- 77ab598: pull latest beacon or session configuration on info command even if a beacon or session is currently selected to avoid displaying outdated values after a reconfiguration (Tim Makram Ghatas) #1207
- 9e12db9: Bump modernc.org/sqlite from 1.21.1 to 1.22.0 (dependabot[bot]) #1212
- 3599af1: Fixed nil pointer (b0yd) #1213
- fce0221: Add Rapid 7 (cmprmsd) #1214
- 7522a0b: Apply XOR to protobuf raw data (rkervella) #1215
- 7c33022: Apply XOR to dnspb and commonpb too (rkervella) #1215