Movatterモバイル変換

yangjiagongzi/vulhubPublic

forked fromvulhub/vulhub

NotificationsYou must be signed in to change notification settings
Fork0
Star0

Pre-Built Vulnerable Environments Based on Docker-Compose

vulhub.org

License

MIT license

0 stars 4.6k forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 1,705 Commits
.github		.github
activemq		activemq
apereo-cas/4.1-rce		apereo-cas/4.1-rce
apisix/CVE-2020-13945		apisix/CVE-2020-13945
appweb/CVE-2018-8715		appweb/CVE-2018-8715
aria2/rce		aria2/rce
base		base
bash/shellshock		bash/shellshock
celery/celery3_redis_unauth		celery/celery3_redis_unauth
cgi/httpoxy		cgi/httpoxy
coldfusion		coldfusion
confluence		confluence
couchdb		couchdb
discuz		discuz
django		django
dns/dns-zone-transfer		dns/dns-zone-transfer
docker/unauthorized-rce		docker/unauthorized-rce
drupal		drupal
dubbo/CVE-2019-17564		dubbo/CVE-2019-17564
ecshop		ecshop
elasticsearch		elasticsearch
electron		electron
fastjson		fastjson
ffmpeg		ffmpeg
flask/ssti		flask/ssti
flink		flink
ghostscript		ghostscript
git/CVE-2017-8386		git/CVE-2017-8386
gitea/1.4-rce		gitea/1.4-rce
gitlab		gitlab
gitlist		gitlist
glassfish/4.1.0		glassfish/4.1.0
goahead		goahead
gogs/CVE-2018-18925		gogs/CVE-2018-18925
grafana/CVE-2021-43798		grafana/CVE-2021-43798
h2database/h2-console-unacc		h2database/h2-console-unacc
hadoop/unauthorized-yarn		hadoop/unauthorized-yarn
httpd		httpd
imagemagick		imagemagick
influxdb/unacc		influxdb/unacc
jackson/CVE-2017-7525		jackson/CVE-2017-7525
java		java
jboss		jboss
jenkins		jenkins
jetty		jetty
jira/CVE-2019-11581		jira/CVE-2019-11581
jmeter/CVE-2018-1297		jmeter/CVE-2018-1297
joomla		joomla
jupyter/notebook-rce		jupyter/notebook-rce
kibana		kibana
laravel/CVE-2021-3129		laravel/CVE-2021-3129
libssh/CVE-2018-10933		libssh/CVE-2018-10933
liferay-portal/CVE-2020-7961		liferay-portal/CVE-2020-7961
log4j		log4j
magento/2.2-sqli		magento/2.2-sqli
mini_httpd/CVE-2018-18778		mini_httpd/CVE-2018-18778
mojarra/jsf-viewstate-deserialization		mojarra/jsf-viewstate-deserialization
mongo-express/CVE-2019-10758		mongo-express/CVE-2019-10758
mysql/CVE-2012-2122		mysql/CVE-2012-2122
nacos/CVE-2021-29441		nacos/CVE-2021-29441
neo4j/CVE-2021-34371		neo4j/CVE-2021-34371
nexus		nexus
nginx		nginx
node		node
ntopng/CVE-2021-28073		ntopng/CVE-2021-28073
ofbiz/CVE-2020-9496		ofbiz/CVE-2020-9496
opensmtpd/CVE-2020-7247		opensmtpd/CVE-2020-7247
openssh/CVE-2018-15473		openssh/CVE-2018-15473
openssl/heartbleed		openssl/heartbleed
opentsdb/CVE-2020-35476		opentsdb/CVE-2020-35476
php		php
phpmailer/CVE-2017-5223		phpmailer/CVE-2017-5223
phpmyadmin		phpmyadmin
phpunit/CVE-2017-9841		phpunit/CVE-2017-9841
postgres		postgres
python		python
rails		rails
redis/4-unacc		redis/4-unacc
rocketchat/CVE-2021-22911		rocketchat/CVE-2021-22911
rsync/common		rsync/common
ruby/CVE-2017-17405		ruby/CVE-2017-17405
saltstack		saltstack
samba/CVE-2017-7494		samba/CVE-2017-7494
scrapy/scrapyd-unacc		scrapy/scrapyd-unacc
shiro		shiro
skywalking/8.3.0-sqli		skywalking/8.3.0-sqli
solr		solr
spark/unacc		spark/unacc
spring		spring
struts2		struts2
supervisor/CVE-2017-11610		supervisor/CVE-2017-11610
tests		tests
thinkphp		thinkphp
tikiwiki/CVE-2020-15906		tikiwiki/CVE-2020-15906
tomcat		tomcat
unomi/CVE-2020-13942		unomi/CVE-2020-13942
uwsgi		uwsgi
weblogic		weblogic
webmin/CVE-2019-15107		webmin/CVE-2019-15107
wordpress/pwnscriptum		wordpress/pwnscriptum

Repository files navigation

Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

中文版本(Chinese version)

Installation

Install the docker/docker-compose on Ubuntu 20.04:

# Install pipcurl -s https://bootstrap.pypa.io/get-pip.py| python3# Install the latest version dockercurl -s https://get.docker.com/| sh# Run docker servicesystemctl start docker# Install docker composepip install docker-compose

The installation steps of docker and docker-compose for other operating systems might be slightly different, please refer to thedocker documentation for details.

Usage

# Download projectwget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zipunzip vulhub-master.zipcd vulhub-master# Enter the directory of vulnerability/environmentcd flask/ssti# Compile environmentdocker-compose build# Run environmentdocker-compose up -d

There is aREADME document in each environment directory, please read this file for vulnerability/environment testing and usage.

After the test, delete the environment with the following command.

docker-compose down -v

It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. Theyour-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.

All environments in this project are for testing purposes only and should not be used as a production environment!

Notice

To prevent permission errors, it is best to use the root user to execute the docker and docker-compose commands.
Some docker images do not support running on ARM machines.

Contribution

This project relies on docker. So any error during compilation and running are thrown by docker and related programs. Please find the cause of the error by yourself first. If it is determined that the dockerfile is written incorrectly (or the code is wrong in vulhub), then submit the issue. More details please 👉Common reasons for compilation failure, hope it can help you.

For more question, please contact:

Thanks for the following contributors: