c0ny1 / Vulstudy
使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。
Stars: ✭ 1,245
Programming Languages
shell
77523 projects
Labels
Projects that are alternatives of or similar to Vulstudy
Vulnwhisperer
Create actionable data from your Vulnerability Scans
Stars: ✭ 1,102 (-11.49%)
Mutual labels: vulnerability
Awesome Baseband Research
A curated list of awesome baseband research resources
Stars: ✭ 70 (-94.38%)
Mutual labels: vulnerability
Slowloris
Asynchronous Python implementation of SlowLoris DoS attack
Stars: ✭ 51 (-95.9%)
Mutual labels: vulnerability
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (-31.97%)
Mutual labels: vulnerability
Unjailme
A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)
Stars: ✭ 73 (-94.14%)
Mutual labels: vulnerability
Shellshockhunter
It's a simple tool for test vulnerability shellshock
Stars: ✭ 52 (-95.82%)
Mutual labels: vulnerability
Vulnerability Data Archive
With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools
Stars: ✭ 63 (-94.94%)
Mutual labels: vulnerability
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (-18.96%)
Mutual labels: vulnerability
Openvas Scanner
Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (-15.18%)
Mutual labels: vulnerability
Sap exploit
Here you can get full exploit for SAP NetWeaver AS JAVA
Stars: ✭ 60 (-95.18%)
Mutual labels: vulnerability
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (-28.76%)
Mutual labels: vulnerability
Ossf Cve Benchmark
The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.
Stars: ✭ 71 (-94.3%)
Mutual labels: vulnerability
Bitp0wn
Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.
Stars: ✭ 59 (-95.26%)
Mutual labels: vulnerability
Cve 2018 20555
Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555
Stars: ✭ 78 (-93.73%)
Mutual labels: vulnerability
Hacker ezines
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (-94.22%)
Mutual labels: vulnerability
Attack Surface Detector Burp
The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
Stars: ✭ 63 (-94.94%)
Mutual labels: vulnerability
vulstudy
vulstudy是专门收集当下流行的漏洞学习平台,并将其制作成docker镜像,方便大家快速搭建环境,节省搭建时间,专注于的漏洞学习上。目前vulstudy
包含以下漏洞学习平台:
序号 | 漏洞平台 | 包含漏洞 | 作者 | 语言 |
---|---|---|---|---|
1 | DVWA | 综合 | 未知 | php |
2 | bWAPP | 综合 | 未知 | php |
3 | sqli-labs | SQL注入 | Audi | php |
4 | mutillidae | 综合 | OWASP | php |
5 | BodgeIt | 综合 | psiinon | java |
6 | WackoPicko | 综合 | adamdoupe | php |
7 | WebGoat | 综合 | OWASP | java |
8 | Hackademic | 综合 | northdpole | php |
9 | XSSed | XSS | AJ00200 | php |
10 | DSVW | 综合 | Miroslav Stampar | python |
11 | vulnerable-node | 综合 | cr0hn | NodeJS |
12 | MCIR | 综合 | Spider Labs | php |
13 | XSS挑战之旅 | XSS | 未知 | php |
0x01 安装
# 安装docker
apt-get install docker.io
# 安装docker-compose
pip install docker-compose
# 下载vulstudy项目
git clone https://github.com/c0ny1/vulstudy.git
0x02 使用
使用主要分两种:单独运行一个漏洞平台,同时运行多个漏洞平台。
1.单独运行一个漏洞平台
cd到要运行的漏洞平台下运行以下命令
cd vulstudy/DVWA
docker-compose up -d #启动容器
docker-compose stop #停止容器
2.同时运行所有漏洞平台
在项目根目录下运行以下命令
cd vulstudy
docker-compose up -d #启动容器
docker-compose stop #停止容器
0x3 FAQ
1.第一次启动bWAPP容器访问其主页会报错如下:
Connection failed: Unknown database 'bWAPP'
解决: 第一次创建应事先访问/install.php来创建数据库!
2.第一次搭建DVWA,在苹果系统下的safari浏览器下无法初始化数据库,并提示如下:
CSRF token is incorrect
解决: 使用苹果系统下的其他浏览器即可,比如Chrome。
0x4 声明
该项目只是收集了当下比较流行的漏洞学习平台,若有侵权,请联系我!同时欢迎大家提交更多有意思的漏洞学习平台,让我们一起把它们放到docker上,方便更多人的工作和学习!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].