Affected by GO-2024-2993
and 5 other vulnerabilities
GO-2024-2993: Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver
GO-2026-4280: Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver
GO-2026-4466: Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service in github.com/bishopfox/sliver
GO-2026-4609: Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers in github.com/bishopfox/sliver
GO-2026-4723: Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver
GO-2026-4899: Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted in github.com/bishopfox/sliver
Defines the Cobra root command and CLI initialization for the Sliver client binary. Sets up persistent flags, environment bootstrapping, and command wiring. Core logic addresses console, implant, import, and version within the cli package.
Go Files
cli.go – Builds the root Cobra command, wires global flags, and starts the console UI.
config.go – Parses CLI configuration files and environment variables used during startup.
console.go – Launches the interactive console mode and handles profile selection.
implant.go – Implements CLI entry points for implant-specific operations without launching the console.
import.go – Provides import routines for bringing external state into the client (e.g., implants or loot).
version.go – Prints version/build information for the CLI binary.
Affected by 
README
¶
Documentation
Source Files