BishopFox

BishopFox / sliver-wasm-stager

Public

A stager and implant that executes remote Web Assembly

37
7
69% credibility
Found Feb 09, 2026 at 20 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

A WebAssembly-based stager and implant compatible with the Sliver command-and-control framework, designed to evade endpoint detection tools during security testing.

How It Works

1
πŸ” Discover the evasion tool

You learn about a smart security testing kit that hides remote access inside web code to slip past defenses.

2
πŸ“ Plan your test setup

You jot down your test command post's address and ready a spot to share the hidden access piece.

3
πŸ”¨ Craft the starter piece

You create a tiny starter program tailored to grab the real access tool from your chosen spot.

4
🌐 Share the hidden tool

You place the main access program online so the starter can fetch it easily.

5
πŸ’» Launch on test computer

On the machine you're checking, you run the starter, and it quietly pulls in the full tool.

6
πŸ”— Secure connection forms

The tool links back to your command post, letting you send commands without raising alarms.

βœ… Control and verify evasion

You explore the test machine with full remote access, confirming your defenses were bypassed successfully.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 20 to 37 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is sliver-wasm-stager?

This Rust project delivers a stager that downloads and executes a remote WebAssembly (WASM) implant over HTTP, using WASI for full system access. The implant provides Sliver-compatible remote shell access, file operations like ls/cd/upload/download, environment queries, and SOCKS proxy tunneling. It solves EDR/AV detection by hiding implant logic inside a WASM runtime, enabling cross-platform (Windows/Unix) remote access without native binaries.

Why is it gaining traction?

WASM's sandboxed execution evades traditional scanners that miss non-native payloads, while Sliver integration lets users leverage existing C2 infrastructure. Developers get quick builds via Just recipes, configurable mTLS callbacks, and drive mounting for seamless file ops. The HTTP stager simplifies deployment compared to fat binaries.

Who should use this?

Red teamers testing EDR bypass in enterprise environments, pentesters needing lightweight Sliver implants for air-gapped or monitored networks. Suited for security researchers prototyping WASM-based evasion or running remote assembly execution without triggering heuristics.

Verdict

Grab it for proof-of-concept evasion testsβ€”20 stars and 0.7% credibility score signal early maturity with basic docs and no tests, but solid Sliver hooks make it worth forking. Polish the build cert handling for production red ops.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.