agentr14/vulhub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
1,930 commits 1 branch 0 tags 164 MiB
  • Dockerfile 34.5%
  • Python 22.5%
  • Java 16.9%
  • Shell 13.7%
  • PHP 4.6%
  • Other 7.8%
Find a file
Exact
Owen Gong add7f0a860
 Merge pull request #470 from vulhub/confluence-cve-2023-22515 
Added Confluence CVE-2023-22515
2023-10-11 01:03:33 +08:00
.github upgrade hadolint to 2.12.0 2023-09-08 01:42:20 +08:00
activemq upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
adminer Update README.zh-cn.md 2023-07-08 23:50:25 +08:00
airflow upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
apache-druid/CVE-2021-25646 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
apereo-cas/4.1-rce upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
apisix upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
appweb/CVE-2018-8715 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
aria2/rce upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
base finish Confluence CVE-2023-22515 2023-10-11 01:01:01 +08:00
bash/CVE-2014-6271 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
cacti/CVE-2022-46169 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
celery/celery3_redis_unauth upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
cgi/CVE-2016-5385 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
coldfusion upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
confluence finish Confluence CVE-2023-22515 2023-10-11 01:01:01 +08:00
couchdb upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
discuz upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
django improve some manual description 2023-07-29 01:37:24 +08:00
dns/dns-zone-transfer upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
docker/unauthorized-rce upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
drupal upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
dubbo/CVE-2019-17564 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
ecshop upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
elasticsearch fix elasticsearch-head/1.x plugin installation error 2023-06-02 23:46:41 +08:00
electron upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
elfinder/CVE-2021-32682 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
fastjson upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
ffmpeg upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
flask/ssti upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
flink upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
geoserver/CVE-2023-25157 Update README.zh-cn.md 2023-07-23 11:24:58 +08:00
ghostscript upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
git/CVE-2017-8386 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
gitea/1.4-rce upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
gitlab upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
gitlist upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
glassfish/4.1.0 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
goahead upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
gogs/CVE-2018-18925 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
grafana upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
h2database/h2-console-unacc upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
hadoop/unauthorized-yarn upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
httpd upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
imagemagick add Imagemagick tricks 2023-09-22 02:27:20 +08:00
influxdb/CVE-2019-20933 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
jackson/CVE-2017-7525 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
java upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
jboss upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
jenkins upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
jetty upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
jira/CVE-2019-11581 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
jmeter/CVE-2018-1297 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
joomla upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
jumpserver/CVE-2023-42820 added DOMAINS description for manual 2023-10-09 22:39:27 +08:00
jupyter/notebook-rce upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
kafka/CVE-2023-25194 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
kibana upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
laravel/CVE-2021-3129 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
librsvg/CVE-2023-38633 initial librsvg CVE-2023-38633 2023-09-22 23:16:01 +08:00
libssh/CVE-2018-10933 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
liferay-portal/CVE-2020-7961 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
log4j upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
magento/2.2-sqli upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
metabase fixed markdown lint 2023-07-29 01:03:41 +08:00
metersphere/plugin-rce simplify the exploit of MeterSphere plugin RCE 2023-08-18 16:47:41 +08:00
mini_httpd/CVE-2018-18778 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
minio/CVE-2023-28432 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
mojarra/jsf-viewstate-deserialization upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
mongo-express/CVE-2019-10758 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
mysql/CVE-2012-2122 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
nacos/CVE-2021-29441 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
neo4j/CVE-2021-34371 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
nexus upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
nginx upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
node upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
ntopng/CVE-2021-28073 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
ofbiz/CVE-2020-9496 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
openfire/CVE-2023-32315 improve the description 2023-06-18 02:23:26 +08:00
opensmtpd/CVE-2020-7247 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
openssh/CVE-2018-15473 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
openssl upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
opentsdb/CVE-2020-35476 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
php upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
phpmailer/CVE-2017-5223 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
phpmyadmin upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
phpunit/CVE-2017-9841 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
polkit/CVE-2021-4034 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
postgres upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
python upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
rails upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
redis upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
rocketchat/CVE-2021-22911 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
rocketmq/CVE-2023-33246 improve some manual description 2023-07-29 01:37:24 +08:00
rsync/common Update Dockerfile 2023-09-01 21:20:46 +08:00
ruby/CVE-2017-17405 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
saltstack upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
samba/CVE-2017-7494 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
scrapy/scrapyd-unacc upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
shiro upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
skywalking/8.3.0-sqli upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
solr upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
spark/unacc upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
spring upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
struts2 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
supervisor/CVE-2017-11610 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
tests add the script for updating Dockerhub documentation 2023-09-08 01:32:28 +08:00
thinkphp upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
tikiwiki/CVE-2020-15906 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
tomcat upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
unomi/CVE-2020-13942 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
uwsgi upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
v2board/1.6-privilege-escalation upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
weblogic upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
webmin/CVE-2019-15107 upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
wordpress/pwnscriptum fix the lints and upgrade Github Actions 2023-09-08 01:40:17 +08:00
xstream upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
xxl-job/unacc upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
yapi upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
zabbix upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
.gitattributes Jumpserver CVE-2023-42820 (#466) 2023-10-02 01:23:13 +08:00
.gitignore add handbook 2018-04-26 19:36:55 +08:00
.gitmodules add vulhub/java to base images list, now we can use minor java version for vulhub 2018-03-02 09:32:24 +08:00
contributors.md Update contributors.md 2020-10-09 23:28:20 +08:00
contributors.zh-cn.md Merge some translations from GlitchWitchIO/vulhub-en (#59) 2018-09-06 12:09:12 +08:00
environments.toml add librsvg CVE-2023-38633 and jumpserver CVE-2023-42820 into environments.toml 2023-10-02 01:36:05 +08:00
LICENSE more readable 2018-09-03 01:34:32 +08:00
README.md upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00
README.zh-cn.md upgrade docker-compose v1 to docker compose v2 2023-05-28 21:49:22 +08:00

README.md

Vulhub

GitHub Chat on Discord Backers and sponors on Patreon Backers and sponors on Opencollective

Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

中文版本(Chinese version)

Installation

Install Docker on Ubuntu 22.04:

# Install the latest version docker
curl -s https://get.docker.com/ | sh

# Run docker service
systemctl start docker

Note that as of April 2022, docker compose is merged into Docker as a subcommand as Docker Compose V2, the Python version of docker-compose will be deprecated after June 2023. So Vulhub will no longer require the installation of additional docker-compose, and all documentation will be modified to use the docker compose instead.

The installation steps of Docker and Docker Compose for other operating systems might be slightly different, please refer to the docker documentation for details.

Usage

# Download project
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
unzip vulhub-master.zip
cd vulhub-master

# Enter the directory of vulnerability/environment
cd flask/ssti

# Compile environment
docker compose build

# Run environment
docker compose up -d

There is a README document in each environment directory, please read this file for vulnerability/environment testing and usage.

After the test, delete the environment with the following command.

docker compose down -v

It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.

All environments in this project are for testing purposes only and should not be used as a production environment!

Notice

  1. To prevent permission errors, please ensure that the docker container has permission to access all files in the current directory.
  2. Vulhub does not support running on machines with non-x86 architecture such as ARM for now.

Contribution

This project relies on docker. So any error during compilation and running are thrown by docker and related programs. Please find the cause of the error by yourself first. If it is determined that the dockerfile is written incorrectly (or the code is wrong in vulhub), then submit the issue. More details please 👉Common reasons for compilation failure, hope it can help you.

For more question, please contact:

Thanks for the following contributors:

More contributorsContributors List

Partner

Our Partners and users:

Sponsor vulhub on patreon 🙏

Sponsor vulhub on opencollective 🙏

More Donate.

License

Vulhub is licensed under the MIT License. See LICENSE for the full license text.