Affected by GO-2024-2993 and 1 other vulnerabilities

GO-2024-2993: Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver

GO-2026-4280: Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver

sgn

package

v1.6.3 Latest Latest Go to latest Published: Jan 14, 2026 License: GPL-3.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bishopfox/sliver

Links

Open Source Insights

README ¶

server/sgn

Overview

SGN (Shikata Ga Nai) coordination and helpers. Implements SGN enrollment, messaging, and policy logic.

Go Files

sgn.go – Implements SGN coordination logic and message handling, including the Shikata Ga Nai encoder helpers.
sgn_test.go – Unit tests covering SGN configuration wiring and helper utilities.

SGN Encoder Helpers

The server helper wraps the github.com/moloch--/sgn encoder and exposes a simple SGNConfig with the following knobs:

Architecture – 386/amd64 (case-insensitive) selection passed to sgn.NewEncoder.
Iterations – number of encode passes mapped to Encoder.EncodingCount.
MaxObfuscation – byte budget forwarded to Encoder.ObfuscationLimit.
PlainDecoder – keep the decoder stub in clear text.
Safe – enable register preservation via Encoder.SaveRegisters.
BadChars / Asci – optional post-processing filters that brute force new seeds until constraints pass.

These options mirror the upstream CLI flags so server-side tasks can reuse the same behavior.

Test Fixtures

Shellcode fixtures used by the unit tests live under testdata/ with a .bin extension. They are produced via msfvenom using a dedicated Go generator:

go generate ./server/sgn

The generator invokes msfvenom three times (reverse TCP/HTTP stagers and an exec payload) and writes raw shellcode into the testdata directory. Ensure the Metasploit framework is installed and msfvenom is on $PATH before running the generation step.

Testing

The log subsystem expects a writable Sliver root directory. Point it to a temporary location when running tests:

export SLIVER_ROOT_DIR=$(pwd)/.tmp-sliver
export GOCACHE=$(pwd)/.tmp-gocache
mkdir -p "$SLIVER_ROOT_DIR" "$GOCACHE"
go test ./server/sgn

The test suite focuses on option wiring and constraint helpers rather than the full stochastic encoding pipeline.

Documentation ¶

Index ¶

Variables
func EncodeShellcode(shellcode []byte, arch string, iterations int, badChars []byte) ([]byte, error)
func EncodeShellcodeWithConfig(shellcode []byte, cfg SGNConfig) ([]byte, error)
type SGNConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrFailedToEncode = errors.New("failed to encode shellcode")
)

Functions ¶

func EncodeShellcode ¶

func EncodeShellcode(shellcode []byte, arch string, iterations int, badChars []byte) ([]byte, error)

EncodeShellcode - Encode a shellcode

func EncodeShellcodeWithConfig ¶ added in v1.6.0

func EncodeShellcodeWithConfig(shellcode []byte, cfg SGNConfig) ([]byte, error)

EncodeShellcodeWithConfig encodes a shellcode payload using the supplied SGNConfig.

Types ¶

type SGNConfig ¶

type SGNConfig struct {
	AppDir string

	Architecture   string // Binary architecture (32/64) (default 32)
	Asci           bool   // Generates a full ASCI printable payload (takes very long time to bruteforce)
	BadChars       []byte // Don't use specified bad characters given in hex format (\x00\x01\x02...)
	Iterations     int    // Number of times to encode the binary (increases overall size) (default 1)
	MaxObfuscation int    // Maximum number of bytes for obfuscation (default 20)
	PlainDecoder   bool   // Do not encode the decoder stub
	Safe           bool   // Do not modify any register values

	Verbose bool

	Output string
	Input  string
}

SGNConfig - Configuration for sgn

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
generate

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL