https://github.com/vulhub/vulhub Skip to content Toggle navigation Sign up * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code + Explore + All features + Documentation + GitHub Skills + Changelog * Solutions + By Plan + Enterprise + Teams + Compare all + By Solution + CI/CD & Automation + DevOps + DevSecOps + Case Studies + Customer Stories + Resources * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles + Repositories + Topics + Trending + Collections * Pricing [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} vulhub / vulhub Public * * Notifications * Fork 3.8k * Star 12.3k Pre-Built Vulnerable Environments Based on Docker-Compose vulhub.org License MIT license 12.3k stars 3.8k forks Star Notifications * Code * Issues 11 * Pull requests 14 * Actions * Projects 2 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights vulhub/vulhub This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. master Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 69 branches 0 tags Code * Clone HTTPS GitHub CLI [https://github.com/v] Use Git or checkout with SVN using the web URL. [gh repo clone vulhub] Work fast with our official CLI. Learn more. * Open with GitHub Desktop * Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching Xcode If nothing happens, download Xcode and try again. Launching Visual Studio Code Your codespace will open once ready. There was a problem preparing your codespace, please try again. Latest commit @phith0n phith0n Merge pull request #373 from MrBeanc/master ... 76b636d Sep 8, 2022 Merge pull request #373 from MrBeanc/master Update docker-compose.yml 76b636d Git stats * 1,786 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github activemq airflow apereo-cas/4.1-rce apisix/CVE-2020-13945 appweb/CVE-2018-8715 aria2/rce base bash/CVE-2014-6271 celery/celery3_redis_unauth cgi/CVE-2016-5385 coldfusion confluence couchdb discuz django dns/dns-zone-transfer docker/unauthorized-rce drupal dubbo/CVE-2019-17564 ecshop elasticsearch electron elfinder/CVE-2021-32682 fastjson ffmpeg flask/ssti flink ghostscript git/CVE-2017-8386 gitea/1.4-rce gitlab gitlist glassfish/4.1.0 goahead gogs/CVE-2018-18925 grafana h2database/h2-console-unacc hadoop/unauthorized-yarn httpd imagemagick influxdb/unacc jackson/CVE-2017-7525 java jboss jenkins jetty jira/CVE-2019-11581 jmeter/CVE-2018-1297 joomla jupyter/notebook-rce kibana laravel/CVE-2021-3129 libssh/CVE-2018-10933 liferay-portal/CVE-2020-7961 log4j magento/2.2-sqli metabase/CVE-2021-41277 mini_httpd/CVE-2018-18778 mojarra/jsf-viewstate-deserialization mongo-express/CVE-2019-10758 mysql/CVE-2012-2122 nacos/CVE-2021-29441 neo4j/CVE-2021-34371 nexus nginx node ntopng/CVE-2021-28073 ofbiz/CVE-2020-9496 opensmtpd/CVE-2020-7247 openssh/CVE-2018-15473 openssl opentsdb/CVE-2020-35476 php phpmailer/CVE-2017-5223 phpmyadmin phpunit/CVE-2017-9841 polkit/CVE-2021-4034 postgres python rails redis rocketchat/CVE-2021-22911 rsync/common ruby/CVE-2017-17405 saltstack samba/CVE-2017-7494 scrapy/scrapyd-unacc shiro skywalking/8.3.0-sqli solr spark/unacc spring struts2 supervisor/CVE-2017-11610 tests thinkphp tikiwiki/CVE-2020-15906 tomcat unomi/CVE-2020-13942 uwsgi weblogic webmin/CVE-2019-15107 wordpress/pwnscriptum xstream xxl-job/unacc yapi/unacc zabbix .gitattributes .gitignore .gitmodules LICENSE README.md README.zh-cn.md contributors.md contributors.zh-cn.md View code Installation Usage Notice Contribution Partner License README.md Vulhub GitHub Official Community Chat on Discord Backers and sponors on Patreon Backers and sponors on Opencollective Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment. Zhong Wen Ban Ben (Chinese version) Installation Install the docker/docker-compose on Ubuntu 20.04: # Install pip curl -s https://bootstrap.pypa.io/get-pip.py | python3 # Install the latest version docker curl -s https://get.docker.com/ | sh # Run docker service systemctl start docker # Install docker compose pip install docker-compose The installation steps of docker and docker-compose for other operating systems might be slightly different, please refer to the docker documentation for details. Usage # Download project wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip unzip vulhub-master.zip cd vulhub-master # Enter the directory of vulnerability/environment cd flask/ssti # Compile environment docker-compose build # Run environment docker-compose up -d There is a README document in each environment directory, please read this file for vulnerability/environment testing and usage. After the test, delete the environment with the following command. docker-compose down -v It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container. All environments in this project are for testing purposes only and should not be used as a production environment! Notice 1. To prevent permission errors, it is best to use the root user to execute the docker and docker-compose commands. 2. Some docker images do not support running on ARM machines. Contribution This project relies on docker. So any error during compilation and running are thrown by docker and related programs. Please find the cause of the error by yourself first. If it is determined that the dockerfile is written incorrectly (or the code is wrong in vulhub), then submit the issue. More details please Common reasons for compilation failure, hope it can help you. For more question, please contact: * Chinese Community * Discord * Twitter Thanks for the following contributors: [6874747073] More contributors:Contributors List Partner Our Partners and users: [68747470733a2f2f76756c68756] [68747470733a2f2f76756c68756] [68747470733a2f2f76756c68756] [68747470733a2f2f76756c68756] [68747470733a2f2f76756c68756] Sponsor vulhub on patreon [68747470733a2f2f7675] Sponsor vulhub on opencollective [6874747073] [6874747073] More Donate. License Vulhub is licensed under the MIT License. See LICENSE for the full license text. About Pre-Built Vulnerable Environments Based on Docker-Compose vulhub.org Topics docker dockerfile docker-compose vulnerability-environment vulhub Resources Readme License MIT license Stars 12.3k stars Watchers 563 watching Forks 3.8k forks Sponsor this project Sponsor Learn more about GitHub Sponsors Contributors 46 * @phith0n * @JrDw0 * @monburan * @CatAndCoffee * @ldqsmile * @wh1t3p1g * @shafr * @christasa * @baijunyao * @b1ngz * @yuhang-lin + 35 contributors Languages * Dockerfile 33.9% * Python 20.2% * Java 18.9% * Shell 14.4% * PHP 5.0% * HTML 4.7% * Other 2.9% Footer (c) 2022 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.