Affected by GO-2024-2993 and 7 other vulnerabilities

GO-2024-2993: Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver

GO-2026-4280: Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver

GO-2026-4445: Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) in github.com/bishopfox/sliver

GO-2026-4466: Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service in github.com/bishopfox/sliver

GO-2026-4548: Sliver has Potential Zip Bomb Denial of Service in GzipEncoder in github.com/bishopfox/sliver

GO-2026-4609: Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers in github.com/bishopfox/sliver

GO-2026-4723: Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver

GO-2026-4899: Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted in github.com/bishopfox/sliver

command

package

v1.5.44 Latest Latest Go to latest Published: Oct 27, 2025 License: GPL-3.0 Imports: 48 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bishopfox/sliver

Links

Open Source Insights

README ¶

Command

This package contains all of the client command implementations that are shared between the client and the server console.

Developers

General guidance on the structure of this package:

One command per file and the name of the file should reflect the command it implements (or there about, trivial commands can go into the same file). This makes it easy to find where a command implementation lives within a package or to search by file name if it is not clear which package implements a given command.
The root command, and reused code should go into the file named after the command
- For example, code shared between the generate and the regenerate command should go in generate.go, and any regenerate specific code should go in regenerate.go
Command entrypoint functions should have the suffix Cmd e.g., GenerateCmd is the entrypoint for generate
- Command entrypoints should always a function signature of func (ctx *grumble.Context, con *console.SliverConsoleClient)
Functions that are only ever exported for other commands to use should go in a helpers.go, if the function is used internally and exported follow the guidance above on shared code.

Documentation ¶

Index ¶

func BindCommands(con *console.SliverConsoleClient)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BindCommands ¶

func BindCommands(con *console.SliverConsoleClient)

BindCommands - Bind commands to a App

Types ¶

This section is empty.

Source Files ¶

View all Source files

commands.go

Directories ¶

Path	Synopsis
alias
armory
backdoor
beacons
builders
completers
cursed
dllhijack
environment
exec
extensions
filesystem
generate
help
hosts
info
jobs
kill
loot
monitor
network
operators
pivots
portfwd
prelude-operator
privilege
processes
reaction
reconfig
registry
rportfwd
screenshot
sessions
settings
shell
shikata-ga-nai
socks
tasks
update
use
websites
wireguard

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL