dnrops
/
vulstudy
mirror of https://github.com/c0ny1/vulstudy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

首次提交

This commit is contained in:
c0ny1 2018-05-16 01:18:48 +08:00
parent b267b1258b
commit 42a7c2b9cd
39 changed files with 962 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
BodgeIt/Dockerfile Normal file
View File

@ -0,0 +1,11 @@
# Build via:
# docker build --no-cache -t psiinon/bodgeit -f Dockerfile .
# Run via:
# docker run --rm -p 8080:8080 -i -t psiinon/bodgeit
FROM tomcat:8.0
MAINTAINER Simon Bennetts "psiinon@gmail.com"
RUN curl -s -L https://github.com/psiinon/bodgeit/releases/download/1.4.0/bodgeit.war > bodgeit.war && \
mv bodgeit.war /usr/local/tomcat/webapps

8
BodgeIt/docker-compose.yml Normal file
View File

@ -0,0 +1,8 @@
version: '2'
services:
web:
#build: .
image: psiinon/bodgeit:latest
ports:
- "80:8080"

12
DSVW/Dockerfile Normal file
View File

@ -0,0 +1,12 @@
FROM python:2.7-jessie
MAINTAINER c0ny1 <root@gv7.me>
RUN pip install lxml && \
mkdir /app && \
cd /app && \
wget https://github.com/stamparm/DSVW/raw/master/dsvw.py
WORKDIR /app/
EXPOSE 65412
CMD python dsvw.py

7
DSVW/docker-compose.yml Normal file
View File

@ -0,0 +1,7 @@
version: '2'
services:
web:
#build: .
image: c0ny1/dsvw:v0.1m
ports:
- "80:65412"

22
DVWA/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
FROM tutum/lamp:latest
MAINTAINER c0ny1 <root@gv7.me>
ADD . /tmp/
RUN apt-get update && \
apt-get install -y libgd-dev && \
apt-get install -y php5-gd && \
rm -rf /var/lib/apt/lists/*
RUN rm /app/* && \
cd /tmp/ && \
cp php.ini /etc/php5/apache2/php.ini && \
cp php.ini /etc/php5/cli/php.ini && \
wget https://github.com/ethicalhack3r/DVWA/archive/v1.9.tar.gz && \
tar xvf v1.9.tar.gz && \
mv ./DVWA-1.9/* /app/ && \
chown www-data:www-data -R /app/ && \
chmod +x run.sh && \
./run.sh && \
rm -rf /tmp/* && \

14
DVWA/docker-compose.yml Normal file
View File

@ -0,0 +1,14 @@
version: '2'
services:
web:
#build: .
image: dvwa1.9:0.1
links:
- db:db
ports:
- "80:80"
db:
image: mysql:5
environment:
- MYSQL_ROOT_PASSWORD=root

172
DVWA/php.ini Normal file
View File

@ -0,0 +1,172 @@
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = On
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]

5
DVWA/run.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
sed -i "s/p@ssw0rd//g" /app/config/config.inc.php && \
sed -i "s/$_DVWA[ 'recaptcha_private_key' ] = ''/$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'/g" /app/config/config.inc.php && \
sed -i "s/$_DVWA[ 'recaptcha_public_key' ] = ''/$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ'/g" /app/config/config.inc.php

12
Hackademic/Dockerfile Normal file
View File

@ -0,0 +1,12 @@
FROM tutum/lamp:latest
MAINTAINER c0ny1 <root@gv7.me>
#COPY . /tmp/
RUN cd /tmp/ && \
git clone -b master https://github.com/Hackademic/hackademic.git
RUN rm -rf /app/* && \
cp -r /tmp/hackademic/* /app/ && \
chown www-data:www-data -R /app/ && \
rm -rf /tmp/hackademic

7
Hackademic/docker-compose.yml Normal file
View File

@ -0,0 +1,7 @@
version: '2'
services:
web:
#build: .
image: c0ny1/hackademic:master
ports:
- "80:80"

31
MCIR/Dockerfile Normal file
View File

@ -0,0 +1,31 @@
FROM php:5.6.13-apache
MAINTAINER c0ny1 <root@gv7.me>
RUN apt-get update && \
apt-get install -y php5-xsl && \
apt-get install -y php5-mcrypt && \
apt-get install -y libmcrypt-dev && \
apt-get install -y libxslt1-dev && \
apt-get install -y git && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN docker-php-ext-install mcrypt && \
docker-php-ext-install xsl && \
docker-php-ext-install mysql
RUN cd /tmp/ && \
git clone https://github.com/SpiderLabs/MCIR.git && \
cd MCIR &&\
git checkout 8ca70207b692ceaf72d5a60653f6d1d83cce88ef && \
rm -rf /var/www/html/* && \
mv * /var/www/html/ && \
cd /var/www/html/ && \
sed -i "s/default_mcir_db_password/mcirpass00112233/" sqlol/includes/database.config.php && \
sed -i "s/default_mcir_db_password/mcirpass00112233/" cryptomg/includes/db.inc.php && \
sed -i "s/localhost/mysqldb/" sqlol/includes/database.config.php && \
sed -i "s/localhost/mysqldb/" cryptomg/includes/db.inc.php && \
chmod 666 xssmh/pxss.html && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/MCIR

19
MCIR/docker-compose.yml Normal file
View File

@ -0,0 +1,19 @@
version: '2'
services:
mysqldb:
image: mysql
environment:
- MYSQL_ROOT_PASSWORD=mcirpass00112233
- MYSQL_DATABASE=sqlol
mcir:
#build: .
image: andresriancho/mcir:latest
ports:
- "8090:80"
links:
- mysqldb
environment:
- APACHE_RUN_USER=www-data
- APACHE_RUN_GROUP=www-data
- APACHE_LOG_DIR=/var/log/apache2/

62
README.md
View File

@ -1,2 +1,62 @@
# vulstudy
使用docker快速搭建各大漏洞学习平台目前已经收集12个平台。
vulstudy是专门收集当下流行的漏洞学习平台并将其制作成docker镜像方便大家快速搭建环境节省搭建时间专注于的漏洞学习上。目前`vulstudy`包含以下漏洞学习平台:
|序号|漏洞平台|包含漏洞|作者|语言|
|:---:|:---:|:----:|:---:|:---:|
|1|[DVWA](http://www.dvwa.co.uk)|暴力破解XSSCSRFSQL注入命令执行|未知|php|
|2|[bwapp](https://sourceforge.net/projects/bwapp/)|综合|未知|php|
|3|[sqli-labs](https://github.com/Audi-1/sqli-labs)|SQL注入|[Audi](https://github.com/Audi-1)|php|
|4|[mutillidae](http://sourceforge.net/projects/mutillidae)|综合|OWASP|php|
|5|[BodgeIt](https://github.com/psiinon/bodgeit)|综合|[psiinon](https://github.com/psiinon/bodgeit)|java|
|6|[WackoPicko](https://github.com/adamdoupe/WackoPicko)|综合|[adamdoupe](https://github.com/adamdoupe)|php|
|7|[WebGoat](https://github.com/WebGoat/WebGoat)|综合|OWASP|java|
|8|[Hackademic](https://github.com/Hackademic/hackademic)|综合|[northdpole](https://github.com/northdpole)|php|
|9|[XSSed](https://github.com/aj00200/xssed)|XSS|AJ00200|php|
|10|[DSVW](https://github.com/stamparm/DSVW)|综合|Miroslav Stampar|python|
|11|[vulnerable-node](https://github.com/cr0hn/vulnerable-node)|综合|[cr0hn](https://github.com/cr0hn)|NodeJS|
|12|[MCIR](https://github.com/SpiderLabs/MCIR)|综合|[Spider Labs](https://github.com/SpiderLabs)|php|
## 0x01 安装
```
# 安装docker
apt-get install docker.io
# 安装docker-compose
pip install docker-compose
# 下载vulstudy项目
git clone https://github.com/c0ny1/vulstudy.git
```
## 0x02 使用
使用主要分两种:单独运行一个漏洞平台,同时运行多个漏洞平台。
#### 1.单独运行一个漏洞平台
cd到要运行的漏洞平台下运行以下命令
```
cd vulstudy/dvwa
docer-compose up -d #启动
docker-compose stop #停止
```
#### 2.同时运行所有漏洞平台
在项目根目录下运行以下命令
```
cd vulstudy
docker-compose up -d
```
![演示二](show2.gif)
## 0x3 FAQ
**1.第一次bWAPP容器访问主页会报错**
Connection failed: Unknown database 'bWAPP'
**解决:**第一次创建应事先访问/install.php来创建数据库
## 0x4 声明
该项目只是收集了当下比较流行的漏洞学习平台若有侵权请联系我同时欢迎大家提交更多有意思的漏洞学习平台让我们一起把它们放到docker上方便更多人的工作和学习

24
WackoPicko/Dockerfile Normal file
View File

@ -0,0 +1,24 @@
FROM tutum/lamp:latest
MAINTAINER c0ny1 <c0ny1>
RUN apt-get update && \
apt-get install -y libgd-dev && \
apt-get install -y php5-gd && \
apt-get clean && \
cd /tmp/ && \
git clone https://github.com/adamdoupe/WackoPicko.git && \
cd WackoPicko && \
git checkout 065cb92aceb6f76138786e94959034014e733b99 && \
rm -rf /app/* && \
mv -f /tmp/WackoPicko/website/* /app/ && \
chmod 777 /app/upload && \
cp current.sql / && \
cp create_mysql_admin_user.sh / && \
cp php.ini /etc/php5/apache2/php.ini && \
cp php.ini /etc/php5/cli/php.ini && \
chmod 755 /*.sh && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/WackoPicko
CMD ["/run.sh"]

8
WackoPicko/docker-compose.yml Normal file
View File

@ -0,0 +1,8 @@
version: '2'
services:
web:
#build: .
image: adamdoupe/wackopicko:latest
ports:
- "80:80"

17
WebGoat/docker-compose.yml Normal file
View File

@ -0,0 +1,17 @@
version: '2.0'
services:
webgoat:
#build: webgoat-server/
image: c0ny1/webgoat-server:v8.0.0.M14
command: "sh /home/webgoat/start.sh"
ports:
- "8080:8080"
webwolf:
#build: webwolf/
image: c0ny1/webwolf:v8.0.0.M14
command: "sh /home/webwolf/start.sh"
depends_on:
- webgoat
ports:
- "8081:8081"

17
WebGoat/webgoat-server/Dockerfile Normal file
View File

@ -0,0 +1,17 @@
FROM openjdk:8-jre-slim
MAINTAINER c0ny1 <root@gv7.me>
RUN useradd --home-dir /home/webgoat --create-home -U webgoat && \
apt-get update && \
apt-get install curl -y && \
apt-get install wget && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
COPY start.sh /home/webgoat/start.sh
RUN chmod +x /home/webgoat/start.sh
USER webgoat
RUN cd /home/webgoat/ && \
mkdir -p .webgoat && \
wget -O webgoat.jar https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M14/webgoat-server-8.0.0.M14.jar

3
WebGoat/webgoat-server/start.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
java -jar -Djava.security.egd=file:/dev/./urandom /home/webgoat/webgoat.jar --server.address=0.0.0.0 --server.port=8080

16
WebGoat/webwolf/Dockerfile Normal file
View File

@ -0,0 +1,16 @@
FROM openjdk:8-jre-slim
MAINTAINER c0ny1 <root@gv7.me>
RUN useradd --home-dir /home/webwolf --create-home -U webwolf && \
apt-get update && \
apt-get install curl -y && \
apt-get install wget && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
COPY start.sh /home/webwolf/start.sh
RUN chmod +x /home/webwolf/start.sh
USER webwolf
RUN cd /home/webwolf && \
wget -O webwolf.jar https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M14/webwolf-8.0.0.M14.jar

3
WebGoat/webwolf/start.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
java -jar -Djava.security.egd=file:/dev/./urandom /home/webwolf/webwolf.jar --server.address=0.0.0.0 --server.port=8081

16
XSSed/Dockerfile Normal file
View File

@ -0,0 +1,16 @@
FROM php:5.5-apache
MAINTAINER c0ny1 <root@gv7.me>
# set DirectoryIndex:index.htm
COPY docker-php.conf /etc/apache2/conf-enabled/
RUN apt-get update && \
apt-get install -y git && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
cd /tmp/ && \
git clone https://github.com/aj00200/xssed.git && \
cd xssed && \
mv * /var/www/html/ && \
rm -rf /tmp/xssed

7
XSSed/docker-compose.yml Normal file
View File

@ -0,0 +1,7 @@
version: '2'
services:
web:
#build: .
image: c0ny1/xssed:latest
ports:
- "80:80"

12
XSSed/docker-php.conf Normal file
View File

@ -0,0 +1,12 @@
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
DirectoryIndex disabled
DirectoryIndex index.php index.html index.htm
<Directory /var/www/>
Options -Indexes
AllowOverride All
</Directory>

16
bWAPP/Dockerfile Normal file
View File

@ -0,0 +1,16 @@
FROM tutum/lamp:latest
MAINTAINER c0ny1 <root@gv7.me>
RUN apt-get update && \
apt-get install -y wget zip && \
apt-get clean && \
rm /app/* && \
cd /tmp && \
wget https://jaist.dl.sourceforge.net/project/bwapp/bWAPP/bWAPPv2.2/bWAPPv2.2.zip &&\
unzip ./bWAPPv2.2.zip && \
mv ./bWAPP/* /app/ && \
rm -rf /tmp/* && \
rm -rf /var/lib/apt/lists/*
CMD ["/run.sh"]

8
bWAPP/docker-compose.yml Normal file
View File

@ -0,0 +1,8 @@
version: '2'
services:
web:
#build: .
image: c0ny1/bwapp:v2.2
ports:
- "80:80"

98
docker-compose.yml Normal file
View File

@ -0,0 +1,98 @@
version: '2'
services:
web_gui:
build: ./www/
ports:
- "80:80"
dvwa:
image: c0ny1/dvwa:v1.9
ports:
- "81:80"
bwapp:
image: c0ny1/bwapp:v2.2
ports:
- "82:80"
sqli-labs:
image: c0ny1/sqli-labs:0.1
ports:
- "83:80"
mutillidae:
image: c0ny1/mutillidae:v2.6.62
ports:
- "84:80"
bodgelt:
image: psiinon/bodgeit:latest
ports:
- "85:80"
wackopicko:
image: adamdoupe/wackopicko:latest
ports:
- "86:80"
webgoat:
image: c0ny1/webgoat-server:v8.0.0.M14
command: "sh /home/webgoat/start.sh"
ports:
- "8080:8080"
webwolf:
image: c0ny1/webwolf:v8.0.0.M14
command: "sh /home/webwolf/start.sh"
depends_on:
- webgoat
ports:
- "8081:8081"
Hackademic:
image: c0ny1/hackademic:master
ports:
- "87:80"
XSSed:
image: c0ny1/xssed:latest
ports:
- "88:80"
dsvw:
image: c0ny1/dsvw:v0.1m
ports:
- "65412:65412"
#########################################
vulnerable_node:
restart: always
image: c0ny1/vulnerable-node:latest
ports:
- "3000:3000"
depends_on:
- postgres_db
postgres_db:
restart: always
build: ./vulnerable-node/postgresql/
ports:
- "5432:5432"
#########################################
mcir:
image: andresriancho/mcir:latest
ports:
- "8090:80"
links:
- mysqldb
environment:
- APACHE_RUN_USER=www-data
- APACHE_RUN_GROUP=www-data
- APACHE_LOG_DIR=/var/log/apache2/
mysqldb:
image: mysql
environment:
- MYSQL_ROOT_PASSWORD=mcirpass00112233
- MYSQL_DATABASE=sqlol
#########################################

23
mutillidae/Dockerfile Normal file
View File

@ -0,0 +1,23 @@
FROM tutum/lamp:latest
ENV DEBIAN_FRONTEND noninteractive
# Preparation
RUN rm -fr /app/* && \
apt-get update && apt-get install -yqq wget unzip php5-curl dnsutils && \
rm -rf /var/lib/apt/lists/*
# Deploy Mutillidae
RUN \
wget -O /mutillidae.zip https://jaist.dl.sourceforge.net/project/mutillidae/mutillidae-project/LATEST-mutillidae-2.6.62.zip && \
unzip /mutillidae.zip && \
rm -rf /app/* && \
cp -r /mutillidae/* /app && \
rm -rf /mutillidae && \
sed -i 's/DirectoryIndex index.html.*/DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm/g' /etc/apache2/mods-enabled/dir.conf&& \
sed -i 's/static public \$mMySQLDatabaseUsername =.*/static public \$mMySQLDatabaseUsername = "admin";/g' /app/classes/MySQLHandler.php && \
echo "sed -i 's/static public \$mMySQLDatabasePassword =.*/static public \$mMySQLDatabasePassword = \\\"'\$PASS'\\\";/g' /app/classes/MySQLHandler.php" >> /create_mysql_admin_user.sh && \
echo 'session.save_path = "/tmp"' >> /etc/php5/apache2/php.ini
EXPOSE 80 3306
CMD ["/run.sh"]

7
mutillidae/docker-compose.yml Normal file
View File

@ -0,0 +1,7 @@
version: '2'
services:
web:
#build: .
image: c0ny1/mutillidae:v2.6.62
ports:
- "80:80"

14
sqli-labs/Dockerfile Normal file
View File

@ -0,0 +1,14 @@
FROM tutum/lamp:latest
MAINTAINER c0ny1 <root@gv7.me>
RUN cd /tmp/ &&\
git clone https://github.com/Audi-1/sqli-labs.git && \
cd sqli-labs && \
git checkout e96f21776372c8613a7e565106e62bc01a59355e && \
rm -rf /app/* && \
mv -f /tmp/sqli-labs/* /app/ && \
chown www-data:www-data -R /app && \
rm -rf /tmp/sqli-labs
EXPOSE 80 3306

7
sqli-labs/docker-compose.yml Normal file
View File

@ -0,0 +1,7 @@
version: '2'
services:
web:
#build: .
image: c0ny1/sqli-labs:0.1
ports:
- "80:80"

30
vulnerable-node/Dockerfile Normal file
View File

@ -0,0 +1,30 @@
FROM ubuntu:xenial
MAINTAINER c0ny1 <root@gv7.me>
ENV STAGE "DOCKER"
RUN apt-get update && apt-get -y upgrade && \
apt-get install -y nodejs && \
apt-get install -y npm && \
apt-get install -y netcat && \
apt-get install -y git && \
apt-get clean && \
ln -s /usr/bin/nodejs /usr/bin/node && \
cd /tmp/ && \
git clone https://github.com/cr0hn/vulnerable-node.git && \
cd ./vulnerable-node && \
git checkout 8937dfbc012b4a76b99fb41ce14e29e95862fafb && \
mkdir /app && \
mv package.json /app/ && \
cd /app && \
npm install && \
mv /tmp/vulnerable-node/* ./ && \
chmod +x /app/start.sh && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /tmp/vulnerable-node
WORKDIR /app
EXPOSE 3000
CMD [ "/app/start.sh" ]

18
vulnerable-node/docker-compose.yml Normal file
View File

@ -0,0 +1,18 @@
version: '2'
services:
vulnerable_node:
restart: always
#build: .
image: c0ny1/vulnerable-node:latest
ports:
- "3000:3000"
# links:
# - postgres_db:postgres_db
depends_on:
- postgres_db
postgres_db:
restart: always
build: ./postgresql
ports:
- "5432:5432"

5
vulnerable-node/postgresql/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
FROM library/postgres
MAINTAINER "Daniel Garcia aka (cr0hn)" <cr0hn@cr0hn.com>
ADD init.sql /docker-entrypoint-initdb.d/

2
vulnerable-node/postgresql/init.sql Normal file
View File

@ -0,0 +1,2 @@
CREATE DATABASE vulnerablenode;
GRANT ALL PRIVILEGES ON DATABASE vulnerablenode TO postgres;

8
www/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM tutum/lamp:latest
MAINTAINER c0ny1 <root@gv7.me>
RUN rm -rf /app/*
ADD . /app/
CMD ["/run.sh"]

6
www/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

BIN
www/favicon.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

70
www/index.css Normal file
View File

@ -0,0 +1,70 @@
html, body {
width : 100%;
height : 100%;
margin : 0;
}
th{
text-align: center;border-bottom:1px solid #f6f6f6;
}
td{
text-align: center;border-bottom:1px solid #f6f6f6;
}
.table-hover > tbody > tr:hover > td,
.table-hover > tbody > tr:hover > th {
background-color: #ce7b0b;
}
.center {
display : block;
margin-left : auto;
margin-right : auto;
}
#Wrapper {
margin-top: 60px;
font-family : "Roboto", sans-serif;
text-align : center;
}
#Box {
max-width : 800px;
max-height : 600px;
background-color : rgba(255, 255, 255, .7);
margin-left : auto;
margin-right : auto;
padding : 10px;
left : 0;
right : 0;
border-radius : 10px;
-webkit-box-shadow : 0 8px 17px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);
-moz-box-shadow : 0 8px 17px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);
box-shadow : 0 8px 17px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);
}
#Box h1 {
font-weight : 300;
font-size : 40px;
}
#Box h1 span { font-weight : 400; }
#Box h2 {
font-weight : 300;
font-size : 30px;
}
#Box .code-preview {
width : 330px;
font-size : 15px;
}
#Box .effects {
width : 180px;
height : 50px;
font-size : 25px;
outline : none;
margin : 30px auto;
opacity : .7;
border-radius : 5px;
}

146
www/index.html Normal file
View File

@ -0,0 +1,146 @@
<!DOCTYPE html>
<html lang="zh">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" href="favicon.jpg" type="image/x-icon">
<title>vulstudy</title>
<link rel="stylesheet" type="text/css" href="index.css">
<link rel="stylesheet" href="bootstrap.min.css">
</head>
<body style="background-color: #2e3030;">
<div style="width:240px;height:50px;margin: 0 auto;border: 0px solid #000000;">
<a href="http://github.com/c0ny1/vulstudy" style="text-decoration:none;" target="view_window"><h1 style="color: #fbcc04;font-size: 60px;">vulstudy</h1></a>
</div>
<div id="Wrapper">
<div id="Box">
<table class="table table-hover" style="width: 90%;margin: 0 auto;font-size: 18px;">
<thead>
<tr>
<th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">序号</th>
<th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">漏洞平台</th>
<th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">包含漏洞</th>
<th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">作者</th>
<th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">语言</th>
</tr>
</thead>
<tbody>
<tr onClick="openURL(':81/')">
<th scope="row" style="text-align: center;">1</th>
<td>DVWA</td>
<td>综合</td>
<td>未知</td>
<td>php</td>
</tr>
<tr onClick="openURL(':82/')">
<th scope="row" style="text-align: center;">2</th>
<td>bWAPP</td>
<td>综合</td>
<td>未知</td>
<td>php</td>
</tr>
<tr onClick="openURL(':83/')">
<th scope="row" style="text-align: center;">3</th>
<td>sqli-labs</td>
<td>SQL注入</td>
<td>Audi</td>
<td>php</td>
</tr>
<tr onClick="openURL(':84/')">
<th scope="row" style="text-align: center;">4</th>
<td>mutillidae</td>
<td>综合</td>
<td>OWASP</td>
<td>php</td>
</tr>
<tr onClick="openURL(':85/')">
<th scope="row" style="text-align: center;">5</th>
<td>BodgeIt</td>
<td>综合</td>
<td>psiinon</td>
<td>java</td>
</tr>
<tr onClick="openURL(':86/')">
<th scope="row" style="text-align: center;">6</th>
<td>WackoPicko</td>
<td>综合</td>
<td>adamdoupe</td>
<td>php</td>
</tr>
<tr onClick="openURL(':8080/WebGoat/')">
<th scope="row" style="text-align: center;">7</th>
<td>WebGoat</td>
<td>综合</td>
<td>OWASP</td>
<td>java</td>
</tr>
<tr onClick="openURL(':87/')">
<th scope="row" style="text-align: center;">8</th>
<td>Hackademic</td>
<td>综合</td>
<td>northdpole</td>
<td>php</td>
</tr>
<tr onClick="openURL(':88/')">
<th scope="row" style="text-align: center;">9</th>
<td>XSSed</td>
<td>XSS</td>
<td>AJ00200</td>
<td>php</td>
</tr>
<tr onClick="openURL(':65412/')">
<th scope="row" style="text-align: center;">10</th>
<td>DSVW</td>
<td>综合</td>
<td>Miroslav Stampar</td>
<td>python</td>
</tr>
<tr onClick="openURL(':3000/')">
<th scope="row" style="text-align: center;">11</th>
<td>vulnerable-node</td>
<td>综合</td>
<td>cr0hn</td>
<td>NodeJS</td>
</tr>
<tr onClick="openURL(':8090/')">
<th scope="row" style="text-align: center;">12</th>
<td>MCIR</td>
<td>综合</td>
<td>Spider Labs</td>
<td>php</td>
</tr>
</tbody>
</table>
</div>
</div>
<div style="height:60px;margin-top: 30px; bottom:0px;width:100%; clear:both;border: 0px solid #000000;">
<div style="width: 250px;height: 25px;border: 0px solid #000000;margin: 0 auto;">
<span style="color: #808080;font-size: 17px;">Copyright&nbsp;@&nbsp;2018&nbsp;by&nbsp;<a href="http://gv7.me">c0ny1</a></span>
</div>
</div>
<script type="text/javascript">
function openURL(path){
var domain = document.domain;
var url = "http://" + domain + path;
window.open(url);
}
</script>
</body>
</html>