Skip to content
Pre-Built Vulnerable Environments Based on Docker-Compose
Shell Dockerfile Python Java Ruby PHP Other
Branch: master
Clone or download
Pull request Compare This branch is 14 commits behind vulhub:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
activemq
appweb/CVE-2018-8715
aria2/rce
base
bash/shellshock
cgi/httpoxy
coldfusion
confluence/CVE-2019-3396
couchdb
discuz
django
dns/dns-zone-transfer
docker/unauthorized-rce
drupal
ecshop/xianzhi-2017-02-82239600
elasticsearch
electron
fastjson
ffmpeg
flask/ssti
fpm
ghostscript
git/CVE-2017-8386
gitea/1.4-rce
gitlab/CVE-2016-9086
gitlist/0.6.0-rce
glassfish/4.1.0
goahead/CVE-2017-17562
gogs/CVE-2018-18925
hadoop/unauthorized-yarn
httpd
imagemagick/imagetragick
jackson/CVE-2017-7525
jboss
jenkins
jira/CVE-2019-11581
jmeter/CVE-2018-1297
joomla
jupyter/notebook-rce
libssh/CVE-2018-10933
log4j/CVE-2017-5645
magento/2.2-sqli
mini_httpd/CVE-2018-18778
mysql/CVE-2012-2122
nexus/CVE-2019-7238
nginx
node
openssh/CVE-2018-15473
openssl/heartbleed
php
phpmailer/CVE-2017-5223
phpmyadmin
phpunit/CVE-2017-9841
postgres
python
rails
redis/4-unacc
rsync/common
ruby/CVE-2017-17405
samba/CVE-2017-7494
solr
spark/unacc
spring
struts2
supervisor/CVE-2017-11610
thinkphp
tomcat
uwsgi
weblogic
webmin/CVE-2019-15107
wordpress/pwnscriptum
zabbix/CVE-2016-10134
.gitattributes
.gitignore
.gitmodules
LICENSE
README.md
README.zh-cn.md
contributors.md
contributors.zh-cn.md

README.md

Vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose

Docker Stars GitHub Chat on Discord Backers and sponors on Patreon Backers and sponors on Opencollective

中文版本(Chinese version)

Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

Installation

Install the docker/docker-compose on Ubuntu 16.04:

# Install pip
curl -s https://bootstrap.pypa.io/get-pip.py | python3

# Install the latest version docker
curl -s https://get.docker.com/ | sh

# Run docker service
service docker start

# Install docker compose
pip install docker-compose

The installation steps of docker and docker-compose for others operating system might be slightly different, please refer to the docker documentation for details.

Usage

# Download project
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
unzip vulhub-master.zip
cd vulhub-master

# Enter the directory of vulnerability/environment
cd flask/ssti

# Compile environment
docker-compose build

# Run environment
docker-compose up -d

There is a README document in each environment directory, please read this file for vulnerability/environment testing and usage.

After the test, delete the environment with the following command.

docker-compose down -v

It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.

All environments in this project are for testing purposes only and should not be used as a production environment!

Notice

  1. To prevent permission errors, it is best to use the root user to execute the docker and docker-compose commands.
  2. Some docker images do not support running on ARM machines.

Contribution

This project relies on docker. So any error during compilation and running are thrown by docker and related programs. Please find the cause of the error by yourself first. If it is determined that the dockerfile is written incorrectly (or the code is wrong in vulhub), then submit the issue. More details please 👉Common reasons for compilation failure, hope it can help you.

For more question, please contact:

Thanks for the following contributors:

More contributors:Contributors List

Backer and Sponsor

Sponsor:

Sponsor vulhub on patreon 🙏

Sponsor vulhub on opencollective 🙏

MoreDonate

License

Vulhub is licensed under the MIT License. See LICENSE for the full license text.

You can’t perform that action at this time.