Skip to content
/ vulhub Public
forked from vulhub/vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

vulhub.org

License

MIT license
1 star 4.6k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Qftm/vulhub

150 Branches0 Tags
This branch is 1009 commits behind vulhub/vulhub:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

phith0nphith0n
improve translation of GoAhead RCE(CVE-2017-17562)
Oct 14, 2020
e42de97 · Oct 14, 2020

History

1,446 Commits
.github
.github
Aug 12, 2020
activemq
activemq
Jan 21, 2020
apereo-cas/4.1-rce
apereo-cas/4.1-rce
Jul 17, 2020
appweb/CVE-2018-8715
appweb/CVE-2018-8715
Aug 10, 2020
aria2/rce
aria2/rce
Sep 6, 2018
base
base
Oct 9, 2020
bash/shellshock
bash/shellshock
Sep 6, 2018
cgi/httpoxy
cgi/httpoxy
Jun 9, 2020
coldfusion
coldfusion
Aug 8, 2020
confluence/CVE-2019-3396
confluence/CVE-2019-3396
Apr 10, 2019
couchdb
couchdb
Sep 11, 2018
discuz
discuz
Sep 1, 2018
django
django
Jul 21, 2020
dns/dns-zone-transfer
dns/dns-zone-transfer
Sep 1, 2018
docker/unauthorized-rce
docker/unauthorized-rce
Sep 13, 2018
drupal
drupal
Jul 16, 2019
ecshop/xianzhi-2017-02-82239600
ecshop/xianzhi-2017-02-82239600
Dec 19, 2019
elasticsearch
elasticsearch
Apr 9, 2019
electron
electron
Feb 21, 2019
fastjson
fastjson
Dec 17, 2019
ffmpeg
ffmpeg
Feb 3, 2020
flask/ssti
flask/ssti
Nov 21, 2019
fpm
fpm
Sep 1, 2018
ghostscript
ghostscript
Dec 15, 2019
git/CVE-2017-8386
git/CVE-2017-8386
Sep 1, 2018
gitea/1.4-rce
gitea/1.4-rce
Sep 1, 2018
gitlab/CVE-2016-9086
gitlab/CVE-2016-9086
Sep 1, 2018
gitlist/0.6.0-rce
gitlist/0.6.0-rce
Sep 1, 2018
glassfish/4.1.0
glassfish/4.1.0
Sep 1, 2018
goahead/CVE-2017-17562
goahead/CVE-2017-17562
Oct 14, 2020
gogs/CVE-2018-18925
gogs/CVE-2018-18925
Nov 7, 2018
h2database/h2-console-unacc
h2database/h2-console-unacc
Apr 29, 2020
hadoop/unauthorized-yarn
hadoop/unauthorized-yarn
Mar 23, 2018
httpd
httpd
Aug 12, 2020
imagemagick/imagetragick
imagemagick/imagetragick
Jan 3, 2019
influxdb/unacc
influxdb/unacc
Dec 14, 2019
jackson/CVE-2017-7525
jackson/CVE-2017-7525
Oct 13, 2018
java
java
Mar 17, 2020
jboss
jboss
Jan 14, 2020
jenkins
jenkins
May 10, 2019
jira/CVE-2019-11581
jira/CVE-2019-11581
Jul 16, 2019
jmeter/CVE-2018-1297
jmeter/CVE-2018-1297
Sep 1, 2018
joomla
joomla
May 12, 2019
jupyter/notebook-rce
jupyter/notebook-rce
Sep 1, 2018
kibana
kibana
Jun 30, 2020
libssh/CVE-2018-10933
libssh/CVE-2018-10933
Oct 24, 2018
liferay-portal/CVE-2020-7961
liferay-portal/CVE-2020-7961
Apr 23, 2020
log4j/CVE-2017-5645
log4j/CVE-2017-5645
Jan 14, 2020
magento/2.2-sqli
magento/2.2-sqli
Apr 1, 2019
mini_httpd/CVE-2018-18778
mini_httpd/CVE-2018-18778
Nov 1, 2018
mojarra/jsf-viewstate-deserialization
mojarra/jsf-viewstate-deserialization
Jul 21, 2020
mongo-express/CVE-2019-10758
mongo-express/CVE-2019-10758
Jan 4, 2020
mysql/CVE-2012-2122
mysql/CVE-2012-2122
Sep 1, 2018
nexus
nexus
May 9, 2020
nginx
nginx
Sep 1, 2018
node
node
Sep 1, 2018
ofbiz/CVE-2020-9496
ofbiz/CVE-2020-9496
Oct 13, 2020
openssh/CVE-2018-15473
openssh/CVE-2018-15473
Sep 1, 2018
openssl/heartbleed
openssl/heartbleed
Aug 9, 2020
php
php
Mar 12, 2020
phpmailer/CVE-2017-5223
phpmailer/CVE-2017-5223
Sep 1, 2018
phpmyadmin
phpmyadmin
Feb 21, 2019
phpunit/CVE-2017-9841
phpunit/CVE-2017-9841
Sep 1, 2018
postgres
postgres
Mar 21, 2019
python
python
Aug 12, 2020
rails
rails
Mar 18, 2019
redis/4-unacc
redis/4-unacc
Jul 11, 2019
rsync/common
rsync/common
Sep 1, 2018
ruby/CVE-2017-17405
ruby/CVE-2017-17405
Sep 1, 2018
saltstack
saltstack
May 5, 2020
samba/CVE-2017-7494
samba/CVE-2017-7494
Oct 13, 2020
scrapy/scrapyd-unacc
scrapy/scrapyd-unacc
Sep 19, 2019
shiro/CVE-2016-4437
shiro/CVE-2016-4437
Dec 19, 2019
solr
solr
Jan 21, 2020
spark/unacc
spark/unacc
Sep 1, 2018
spring
spring
Jan 14, 2020
struts2
struts2
Sep 7, 2020
supervisor/CVE-2017-11610
supervisor/CVE-2017-11610
Sep 1, 2018
tests
tests
Aug 12, 2020
thinkphp
thinkphp
Dec 20, 2019
tomcat
tomcat
Feb 20, 2020
uwsgi
uwsgi
Dec 18, 2018
weblogic
weblogic
Jun 7, 2020
webmin/CVE-2019-15107
webmin/CVE-2019-15107
Aug 19, 2019
wordpress/pwnscriptum
wordpress/pwnscriptum
Nov 12, 2019
zabbix/CVE-2016-10134
zabbix/CVE-2016-10134
Sep 1, 2018
.gitattributes
.gitattributes
May 23, 2017
.gitignore
.gitignore
Apr 26, 2018
.gitmodules
.gitmodules
Mar 2, 2018
LICENSE
LICENSE
Sep 2, 2018
README.md
README.md
Sep 3, 2020
README.zh-cn.md
README.zh-cn.md
Jul 2, 2020
contributors.md
contributors.md
Oct 9, 2020
contributors.zh-cn.md
contributors.zh-cn.md
Sep 6, 2018

Repository files navigation

Vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose

GitHub Official Community Chat on Discord Backers and sponors on Patreon Backers and sponors on Opencollective

中文版本(Chinese version)

Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

Installation

Install the docker/docker-compose on Ubuntu 16.04:

# Install pip
curl -s https://bootstrap.pypa.io/get-pip.py | python3

# Install the latest version docker
curl -s https://get.docker.com/ | sh

# Run docker service
service docker start

# Install docker compose
pip install docker-compose

The installation steps of docker and docker-compose for other operating systems might be slightly different, please refer to the docker documentation for details.

Usage

# Download project
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
unzip vulhub-master.zip
cd vulhub-master

# Enter the directory of vulnerability/environment
cd flask/ssti

# Compile environment
docker-compose build

# Run environment
docker-compose up -d

There is a README document in each environment directory, please read this file for vulnerability/environment testing and usage.

After the test, delete the environment with the following command.

docker-compose down -v

It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.

All environments in this project are for testing purposes only and should not be used as a production environment!

Notice

  1. To prevent permission errors, it is best to use the root user to execute the docker and docker-compose commands.
  2. Some docker images do not support running on ARM machines.

Contribution

This project relies on docker. So any error during compilation and running are thrown by docker and related programs. Please find the cause of the error by yourself first. If it is determined that the dockerfile is written incorrectly (or the code is wrong in vulhub), then submit the issue. More details please 👉Common reasons for compilation failure, hope it can help you.

For more question, please contact:

Thanks for the following contributors:

More contributors:Contributors List

Partner

Our Partners and users:

Sponsor vulhub on patreon 🙏

Sponsor vulhub on opencollective 🙏

More Donate.

License

Vulhub is licensed under the MIT License. See LICENSE for the full license text.

About

Pre-Built Vulnerable Environments Based on Docker-Compose

vulhub.org

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 31.7%
  • Dockerfile 29.1%
  • Python 13.1%
  • Java 11.0%
  • PHP 5.4%
  • Ruby 5.3%
  • Other 4.4%