MyGit

BishopFox/sliver-gui

Fork: 31 Star: 293 (更新于 1970-01-01 00:00:00)

license: NOASSERTION

Language: TypeScript .

A Sliver GUI Client

最后发布版本: v0.0.9 ( 2022-07-19 07:18:38)

GitHub网址

Sliver GUI

Sliver GUI client.

⚠️ THIS PROJECT IS PRE-ALPHA AND FOR DEVELOPERS ONLY ⚠️

  • The GUI client is NOT feature complete, expect bugs and missing features.
  • Not accepting any issues/bug reports at this time, however feel free to submit PRs.
  • There's no documentation or tutorials aside from this readme (and the repo wiki).

Tagged Release License: GPL v3

Install

Download the latest release and connect to a Sliver server using a standard operator profile. See the wiki for more details.

Features

  • You can click on stuff!
  • Sandboxed JavaScript scripting engine (with built-in script editor)
  • i18n Language Support (French, Spanish, Japanese, Chinese)

FAQ

Why Electron!?

Because I value my development time more than your RAM.

Are Electron Apps Secure?

I tried ¯\(ツ)/¯. Having personally written multiple exploits for Electron apps, I like to think I have a fighting chance, and I really did go thru a lot of effort to make the Sliver GUI as secure as possible (the UI code is sandboxed and I even patched all of the evals out of the protobuf code). You can read more about the application architecture here. In short:

  • The renderer process is sandboxed, and preload scripts have context isolation enabled. Methods in the main process can only be called via postMessage(), and all JSON arguments must pass JSON-Schema checks.
  • No content runs in a file:// origin, all content is served from internal Electron protocol handlers (i.e. app://).
  • A strict content content security policy (CSP) is applied to all origins (script-src does not allow unsafe-inline or unsafe-eval).
  • Nearly the entire interface is implemented via Angular data binding; there are zero calls to bypassSecurityTrustHtml().

If you're concerned about security, I also encourage you to audit the code! See the repo security policy for bounties.

Why Not a Web Interface?

Sliver clients connect using gRPC over Mutual TLS (mTLS), which is not available from within a browser. Even sandboxed, Electron also lets us implement other native app integrations that would otherwise not be possible.

Build

From the root of the git repo, to build your local platform:

npm install
cd main/workers/worker && npm install && cd ../../..
sudo npm install -g electron-packager
sudo npm install -g @angular/cli
npm run electron:local

If that works, then you should be able to do platform specific builds (publish:macos will build both x64 and arm64):

npm run publish:macos
npm run publish:windows
npm run publish:linux

You can also use publish:windows_exe to build a portable (i.e., no installer) Windows executable.

To work on i18n/translations, you'll likely need to install the ngx-i18nsupport package:

npm install -g ngx-i18nsupport

最近版本更新:(数据更新于 1970-01-01 00:00:00)

2022-07-19 07:18:38 v0.0.9

2022-07-18 10:51:44 v0.0.8

2022-07-17 07:59:20 v0.0.7

2022-07-17 07:23:34 v0.0.6

2022-07-17 03:50:27 v0.0.5

2022-07-17 02:13:39 v0.0.4

2022-07-16 05:33:14 v0.0.3

2021-02-18 22:40:03 v0.0.2

2021-02-18 09:15:02 v0.0.1

主题(topics):

gui, redteam, security-tools, sliver

BishopFox/sliver-gui同语言 TypeScript最近更新仓库

2024-12-22 15:05:26 elizaOS/eliza

2024-12-21 21:40:12 lobehub/lobe-chat

2024-12-21 12:01:51 siyuan-note/siyuan

2024-12-21 09:15:35 MetaCubeX/metacubexd

2024-12-21 04:50:26 mediar-ai/screenpipe

2024-12-20 19:36:48 vitejs/vite