Disclaimer: This image is just a quick lazy hack. It is yet to be battle-tested (write me about your experience in the discussions!)! If you do decide to use this container I only take responsibility for your successes and not for your failures or any damages that occur while using this container!
This is a very simple Docker container based off of warhorse/docker-sliver and the build container from github.com/BishopFox/sliver.
This container basically automates the recommended installation process without recompiling everything:
- Install apt dependencies
- Install Metasploit nightly (following the official documentation)
- Install sliver with code ripped from the official Linux install script
The Github package is automatically rebuild every week, so it should in theory automatically update to the latest sliver version.
I've also attached a docker compose file for even quicker and lazier deployments!
The sliver applications run as uid 10000 within the container. Make sure that any volumes that you want to mount are also accessible by the sliver user within the container (chown'ed or chmod'ed on the outside!)
Of course,Pull Requests are always welcome.
Pull the image from the Github registry:
docker pull ghcr.io/cyb3rn00dl3s/container-sliver:latest
..or build the image yourself:
git clone https://github.com/cyb3rn00dl3s/container-sliver.git
cd container-sliver
docker build -t sliver .
Run sliver as daemon (with multiplayer port):
docker run --name sliver_server -p 53:53 -p 80:80 -p 443:443 -p 31337:31337 --security-opt="no-new-privileges:true" --cap-drop=ALL --cap-add=SETFCAP --cap-add=NET_BIND_SERVICE --cap-add=NET_RAW -d sliver daemon
Run sliver as daemon; attach volumes for different files:
docker run --name sliver_server p 53:53 -p 80:80 -p 443:443 -p 31337:31337 \
-v $(pwd)/configs:/configs \
-v $(pwd)/phishlets:/phishlets \
-v $(pwd)/payloads:/payloads \
-v $(pwd)/misc:/misc \
--cap-drop=ALL \
--cap-add=SETFCAP \
--cap-add=NET_BIND_SERVICE \
--cap-add=NET_RAW
--security-opt="no-new-privileges:true" \
-d sliver daemon
Connect with a client in an already running container:
docker exec -it sliver_server sliver
Run a temporary server without additional security measures interactively:
docker run --rm -p 53:53 -p 80:80 -p 443:443 -it sliver
- Why?
- Yes
- What is this gigantic block of base64 in the middle of your dockerfile?
- Super short explanation: Click Here
- Short explanation: A lot of bashisms that bash (see what I did there?) with the docker RUN instruction since it runs commands with /bin/sh -c. The commands are directly
rippedleveraged from lines 102-117 from the official install script
- Find out why generating a new implant can sometimes end in a rpc error?
- Write commands (or build instructions) for server and operator configurations
- Add questions to FAQ if there are any
- Add more TODOs