Vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose

Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

Installation

Install the docker/docker-compose on Ubuntu 16.04:

# Install pip
curl -s https://bootstrap.pypa.io/get-pip.py | python3

# Install the latest version docker
curl -s https://get.docker.com/ | sh

# Run docker service
service docker start

# Install docker compose
pip install docker-compose

The installation steps of docker and docker-compose for other operating systems might be slightly different, please refer to the docker documentation for details.

Usage

# Download project
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
unzip vulhub-master.zip
cd vulhub-master

# Enter the directory of vulnerability/environment
cd flask/ssti

# Compile environment
docker-compose build

# Run environment
docker-compose up -d

There is a README document in each environment directory, please read this file for vulnerability/environment testing and usage.

After the test, delete the environment with the following command.

docker-compose down -v

It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.

All environments in this project are for testing purposes only and should not be used as a production environment!

Notice

To prevent permission errors, it is best to use the root user to execute the docker and docker-compose commands.
Some docker images do not support running on ARM machines.

Contribution

This project relies on docker. So any error during compilation and running are thrown by docker and related programs. Please find the cause of the error by yourself first. If it is determined that the dockerfile is written incorrectly (or the code is wrong in vulhub), then submit the issue. More details please 👉Common reasons for compilation failure, hope it can help you.

For more question, please contact:

Thanks for the following contributors:

More contributors：Contributors List

Backer and Sponsor

Sponsor:

Sponsor vulhub on patreon 🙏

Sponsor vulhub on opencollective 🙏

More Donate.

License

Vulhub is licensed under the MIT License. See LICENSE for the full license text.

Name		Name	Last commit message	Last commit date
Latest commit History 1,398 Commits
.github		.github
activemq		activemq
apereo-cas/4.1-rce		apereo-cas/4.1-rce
appweb/CVE-2018-8715		appweb/CVE-2018-8715
aria2/rce		aria2/rce
base		base
bash/shellshock		bash/shellshock
cgi/httpoxy		cgi/httpoxy
coldfusion		coldfusion
confluence/CVE-2019-3396		confluence/CVE-2019-3396
couchdb		couchdb
discuz		discuz
django		django
dns/dns-zone-transfer		dns/dns-zone-transfer
docker/unauthorized-rce		docker/unauthorized-rce
drupal		drupal
ecshop/xianzhi-2017-02-82239600		ecshop/xianzhi-2017-02-82239600
elasticsearch		elasticsearch
electron		electron
fastjson		fastjson
ffmpeg		ffmpeg
flask/ssti		flask/ssti
fpm		fpm
ghostscript		ghostscript
git/CVE-2017-8386		git/CVE-2017-8386
gitea/1.4-rce		gitea/1.4-rce
gitlab/CVE-2016-9086		gitlab/CVE-2016-9086
gitlist/0.6.0-rce		gitlist/0.6.0-rce
glassfish/4.1.0		glassfish/4.1.0
goahead/CVE-2017-17562		goahead/CVE-2017-17562
gogs/CVE-2018-18925		gogs/CVE-2018-18925
h2database/h2-console-unacc		h2database/h2-console-unacc
hadoop/unauthorized-yarn		hadoop/unauthorized-yarn
httpd		httpd
imagemagick/imagetragick		imagemagick/imagetragick
influxdb/unacc		influxdb/unacc
jackson/CVE-2017-7525		jackson/CVE-2017-7525
java		java
jboss		jboss
jenkins		jenkins
jira/CVE-2019-11581		jira/CVE-2019-11581
jmeter/CVE-2018-1297		jmeter/CVE-2018-1297
joomla		joomla
jupyter/notebook-rce		jupyter/notebook-rce
kibana		kibana
libssh/CVE-2018-10933		libssh/CVE-2018-10933
liferay-portal/CVE-2020-7961		liferay-portal/CVE-2020-7961
log4j/CVE-2017-5645		log4j/CVE-2017-5645
magento/2.2-sqli		magento/2.2-sqli
mini_httpd/CVE-2018-18778		mini_httpd/CVE-2018-18778
mojarra/jsf-viewstate-deserialization		mojarra/jsf-viewstate-deserialization
mongo-express/CVE-2019-10758		mongo-express/CVE-2019-10758
mysql/CVE-2012-2122		mysql/CVE-2012-2122
nexus		nexus
nginx		nginx
node		node
openssh/CVE-2018-15473		openssh/CVE-2018-15473
openssl/heartbleed		openssl/heartbleed
php		php
phpmailer/CVE-2017-5223		phpmailer/CVE-2017-5223
phpmyadmin		phpmyadmin
phpunit/CVE-2017-9841		phpunit/CVE-2017-9841
postgres		postgres
python		python
rails		rails
redis/4-unacc		redis/4-unacc
rsync/common		rsync/common
ruby/CVE-2017-17405		ruby/CVE-2017-17405
saltstack		saltstack
samba/CVE-2017-7494		samba/CVE-2017-7494
scrapy/scrapyd-unacc		scrapy/scrapyd-unacc
shiro/CVE-2016-4437		shiro/CVE-2016-4437
solr		solr
spark/unacc		spark/unacc
spring		spring
struts2		struts2
supervisor/CVE-2017-11610		supervisor/CVE-2017-11610
thinkphp		thinkphp
tomcat		tomcat
uwsgi		uwsgi
weblogic		weblogic
webmin/CVE-2019-15107		webmin/CVE-2019-15107
wordpress/pwnscriptum		wordpress/pwnscriptum
zabbix/CVE-2016-10134		zabbix/CVE-2016-10134
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
LICENSE		LICENSE
README.md		README.md
README.zh-cn.md		README.zh-cn.md
contributors.md		contributors.md
contributors.zh-cn.md		contributors.zh-cn.md

License

xinxin999/vulhub

Folders and files

Latest commit

History