BishopFox/sliver-gui
Fork: 31 Star: 293 (更新于 1970-01-01 00:00:00)
license: NOASSERTION
Language: TypeScript .
A Sliver GUI Client
最后发布版本: v0.0.9 ( 2022-07-19 07:18:38)
Sliver GUI
Sliver GUI client.
⚠️ THIS PROJECT IS PRE-ALPHA AND FOR DEVELOPERS ONLY ⚠️
- The GUI client is NOT feature complete, expect bugs and missing features.
- Not accepting any issues/bug reports at this time, however feel free to submit PRs.
- There's no documentation or tutorials aside from this readme (and the repo wiki).
Install
Download the latest release and connect to a Sliver server using a standard operator profile. See the wiki for more details.
Features
- You can click on stuff!
- Sandboxed JavaScript scripting engine (with built-in script editor)
- i18n Language Support (French, Spanish, Japanese, Chinese)
FAQ
Why Electron!?
Because I value my development time more than your RAM.
Are Electron Apps Secure?
I tried ¯\(ツ)/¯. Having personally written multiple exploits for Electron apps, I like to think I have a fighting chance, and I really did go thru a lot of effort to make the Sliver GUI as secure as possible (the UI code is sandboxed and I even patched all of the eval
s out of the protobuf code). You can read more about the application architecture here. In short:
- The renderer process is sandboxed, and preload scripts have context isolation enabled. Methods in the main process can only be called via
postMessage()
, and all JSON arguments must pass JSON-Schema checks. - No content runs in a
file://
origin, all content is served from internal Electron protocol handlers (i.e.app://
). - A strict content content security policy (CSP) is applied to all origins (
script-src
does not allowunsafe-inline
orunsafe-eval
). - Nearly the entire interface is implemented via Angular data binding; there are zero calls to
bypassSecurityTrustHtml()
.
If you're concerned about security, I also encourage you to audit the code! See the repo security policy for bounties.
Why Not a Web Interface?
Sliver clients connect using gRPC over Mutual TLS (mTLS), which is not available from within a browser. Even sandboxed, Electron also lets us implement other native app integrations that would otherwise not be possible.
Build
From the root of the git repo, to build your local platform:
npm install
cd main/workers/worker && npm install && cd ../../..
sudo npm install -g electron-packager
sudo npm install -g @angular/cli
npm run electron:local
If that works, then you should be able to do platform specific builds (publish:macos
will build both x64 and arm64):
npm run publish:macos
npm run publish:windows
npm run publish:linux
You can also use publish:windows_exe
to build a portable (i.e., no installer) Windows executable.
To work on i18n/translations, you'll likely need to install the ngx-i18nsupport
package:
npm install -g ngx-i18nsupport
最近版本更新:(数据更新于 1970-01-01 00:00:00)
2022-07-19 07:18:38 v0.0.9
2022-07-18 10:51:44 v0.0.8
2022-07-17 07:59:20 v0.0.7
2022-07-17 07:23:34 v0.0.6
2022-07-17 03:50:27 v0.0.5
2022-07-17 02:13:39 v0.0.4
2022-07-16 05:33:14 v0.0.3
2021-02-18 22:40:03 v0.0.2
2021-02-18 09:15:02 v0.0.1
主题(topics):
gui, redteam, security-tools, sliver
BishopFox/sliver-gui同语言 TypeScript最近更新仓库
2024-12-22 15:05:26 elizaOS/eliza
2024-12-21 21:40:12 lobehub/lobe-chat
2024-12-21 12:01:51 siyuan-note/siyuan
2024-12-21 09:15:35 MetaCubeX/metacubexd
2024-12-21 04:50:26 mediar-ai/screenpipe
2024-12-20 19:36:48 vitejs/vite