The project aims is to automatize the creation process of docker-compose for an exploit present in ExploitDB. Currently are supported only exploit related to:
- WordPress: Plugin, Theme or Core
- Joomla: Component
- PHP WebApps
For WordPress and Joomla there is always the same configuration, that is user/password = test
, project title = test, email = test@test.test. So the tool takes care of the initialization of the
project and also the possible installation of the plugin, theme or component associated with it.
For MySQL the root password is simple root. The access for PhpMyAdmin is user: root pass: root.
See consideration section for more info for which exploit is capable of generating.
You need to have:
- Java (11): the program is built with the framework Spring Boot and Maven.
- Docker
- Docker-compose
Run with the following command to build:
mvn package -DskipTests
Now you can use the software present in target folder.
If you are interested in generating a configuration for one particular exploit, you only need the EdbID:
java -jar edb2docker.jar -id 12345
You can also generate multiple configurations at the same time:
java -jar edb2docker.jar -id 12345 6789 87652
If the generation success, you can find it in exploits/{edbid}
where you just need to launch the command docker-compose up.
You can also generate a series of configurations based on different criteria (no one is mandatory):
java -jar edb2docker.jar -a -s 2020-01-01 -e 2020-12-31 -r true -t wordpress
Where:
-e,--end-date <yyyy-MM-dd> Date (included) before which the
exploit has been published
-r,--remove-config <true/false> If true remove the container after it
has been tested, with the volumes
associated to it. Default: false
-s,--start-date <yyyy-MM-dd> Date (included) after which the exploit
has been published
-t,--type-exploit <type> [REQUIRED] The exploit types:
wordpress, joomla or php
At the end of this process, the program generates a CSV with the name result.csv with the result of all
configuration.
Please note that this command removes all docker networks (every 10 configurations) created to free space.
There are some considerations to do for the automation process.
Not for all exploits present in exploitDB is possible to create a configuration, only for those who meet the following requirements:
- if related to a Component/Plugin has a vulnerable app associated with and is compatible wih Joomla 3.9.x, otherwise if is related to Core there is a official Joomla image for that version;
The situation for WordPress is better since there is an official cli and also an official SVN where plugins and themes are saved. The configuration can be generated only for the exploit that meets the following requirements:
- has a clear distinction in the title that is related to a PLUGIN, THEME or CORE;
- has a version written in the title;
- if is a plugin/theme is present in SVN (the project and the specific version, since there are some cases where the developer has deleted that version) or has a vulnerable app to download; instead if is related to core, there is an official WordPress image for that version in docker hub, so for versions before 4.1.0 is not possibile to proceed.
For the PHP webapps, the automatization process is more complicated. Currently, are supported only the exploit that has:
- a software link* related to sourcecodester or phpgurukul.
In most cases, there is a DB dump that must import, so the system also automatically find it and import it. Please note* the non-automatable step is to modify the php file to connect to the database.
If you find this code useful in your research, please, consider citing our paper:
@inproceedings{Caturano2022,
doi = {10.1109/icecet55527.2022.9872859},
year = {2022},
month = jul,
publisher = {{IEEE}},
author = {Francesco Caturano and Nicola d{\textquotesingle}Ambrosio and Gaetano Perrone and Luigi Previdente and Simon Pietro Romano},
title = {{ExploitWP}2Docker: a Platform for Automating the Generation of Vulnerable {WordPress} Environments for Cyber Ranges},
booktitle = {2022 International Conference on Electrical, Computer and Energy Technologies ({ICECET})}
}