Shell Dockerfile PHP Java Python Ruby Other
Switch branches/tags
Nothing to show
Clone or download
Latest commit d3bff21 Aug 7, 2018
Permalink
Failed to load latest commit information.
activemq describe more about how to trigger command executing operation Feb 26, 2018
aria2/rce refine description Dec 16, 2017
base add slave mode Aug 1, 2018
bash/shellshock move shellshock to bash directory Mar 18, 2018
cgi/httpoxy move httpoxy to cgi directory Mar 18, 2018
coldfusion add handbook May 5, 2018
couchdb refine description Dec 2, 2017
discuz add handbook Jun 6, 2018
django add readme Aug 7, 2018
dns/dns-zone-transfer change container's name Mar 19, 2018
docker/unauthorized-rce add handbook Mar 27, 2018
drupal/CVE-2018-7600 missing port in example url Apr 18, 2018
elasticsearch fix the title typo Nov 4, 2017
electron/CVE-2018-1000006 refine handbook Jan 25, 2018
fastjson/vuln rollback all war files May 23, 2017
ffmpeg add handbook Jul 4, 2017
flask/ssti change the second url Nov 28, 2017
fpm add hand book Apr 25, 2017
git/CVE-2017-8386 fix url Dec 1, 2017
gitea/1.4-rce add handbook for gitea rce Jul 21, 2018
gitlab/CVE-2016-9086 chang base image to vulhub/ubuntu:trusty May 11, 2017
gitlist/0.6.0-rce update some descriptions Apr 29, 2018
glassfish/4.1.0 remove the trush May 4, 2018
goahead/CVE-2017-17562 fix some bugs in readme Dec 19, 2017
hadoop/unauthorized-yarn update title Mar 23, 2018
httpd name distinguish Apr 1, 2018
imagemagick/imagetragick move imagetragick to imagemagick directory Mar 18, 2018
jboss init jboss cve-2017-7504 and handbook May 8, 2018
jenkins/CVE-2017-1000353 chang base image to vulhub/openjdk May 9, 2017
jmeter/CVE-2018-1297 add hand book for jmeter remote code execution vulnerability (CVE-201… Mar 2, 2018
joomla update title Dec 3, 2017
jupyter/notebook-rce doesn't finished Jan 12, 2018
log4j/CVE-2017-5645 add handbook and docker-compose configuration file Mar 18, 2018
mysql/CVE-2012-2122 add handbook Mar 23, 2018
nginx move nginx_parsing_vulnerability to nginx directory Mar 18, 2018
node add handbook Nov 7, 2017
openssl/heartbleed move heartbleed to openssl directory Mar 18, 2018
php update description Jul 7, 2018
phpmailer/CVE-2017-5223 typo Nov 27, 2017
phpmyadmin realname of CVE-2018-12613 Jun 25, 2018
phpunit/CVE-2017-9841 remove trush Jun 2, 2018
postgres/CVE-2018-1058 change name postgres to PostgreSQL Mar 14, 2018
python fix url Dec 1, 2017
rsync/common add maintainer Jan 21, 2018
ruby/CVE-2017-17405 add handbook Jan 21, 2018
samba/CVE-2017-7494 add handbook Jun 12, 2017
solr/CVE-2017-12629-XXE add handbook Nov 4, 2017
spark/unacc add handbook Aug 3, 2018
spring fix a wrong url Apr 28, 2018
struts2 move vulhub/package to cdn.vulhub.org Jan 20, 2018
supervisor/CVE-2017-11610 add poc Aug 3, 2017
thinkphp/in-sqlinjection set the mysql version Jun 21, 2018
tomcat fail Sep 20, 2017
uwsgi/CVE-2018-7490 add handbook for uwsgi Mar 24, 2018
weblogic fix #42 Jul 20, 2018
wordpress/pwnscriptum refine exploit Dec 7, 2017
zabbix/CVE-2016-10134 add handbook May 2, 2018
.gitattributes remove lfs May 23, 2017
.gitignore add handbook Apr 26, 2018
.gitmodules add vulhub/java to base images list, now we can use minor java versio… Mar 2, 2018
LICENSE add contributors and LICENSE Sep 30, 2017
README.md fix a typo in readme Jul 21, 2018
contributors.md add 2 contributors Mar 23, 2018

README.md

Vulhub - Docker-Compose files for vulnerabilities environment

Vulhub是一个面向大众的开源漏洞靶场,无需docker知识,简单执行两条命令即可编译、运行一个完整的漏洞靶场镜像。

在ubuntu16.04下安装docker/docker-compose:

Installation

# 安装pip
curl -s https://bootstrap.pypa.io/get-pip.py | python3

# 安装最新版docker
curl -s https://get.docker.com/ | sh

# 启动docker服务
service docker start

# 安装compose
pip install docker-compose 

其他操作系统安装docker和docker-compose可能会有些许不同,请阅读Docker文档进行安装。

Usage

# 拉取项目
git clone https://github.com/vulhub/vulhub.git
cd vulhub

# 进入某一个漏洞/环境的目录
cd flask/ssti

# 自动化编译环境
docker-compose build

# 启动整个环境
docker-compose up -d

每个环境目录下都有相应的说明文件,请阅读该文件,进行漏洞/环境测试。

测试完成后,删除整个环境

docker-compose down

本项目每个漏洞环境均附带文档,建议你购买1G内存的vps搭建漏洞测试环境,文档中所说的your-ip均指你的vps的ip地址,如果你是用虚拟机搭建测试环境,是指你的虚拟机IP,而不是docker容器内部的IP,请不要混淆。

本项目中所有环境仅用于测试,不可作为生产环境使用!

Notice

注意事项:

  1. 为防止出现权限错误,最好使用root用户执行docker和docker-compose命令
  2. docker部分镜像不支持在ARM等架构的机器上运行

Contribution

本项目依赖于docker,在编译及运行过程中出现的任意异常都是docker以及相关程序抛出的,请先自行查找错误原因。如果确定是因为Dockerfile编写错误(或vulhub中代码错误)导致的,再提交issue。更多说明请这篇文档,希望可以对你有所帮助。

致谢列表:Contributors List

License

Vulhub is released under the GPL-3.0 license.