首次提交

BodgeIt/Dockerfile

@@ -0,0 +1,11 @@
+# Build via:
+# docker build --no-cache -t psiinon/bodgeit -f Dockerfile .
+# Run via:
+# docker run --rm -p 8080:8080 -i -t psiinon/bodgeit
+
+FROM tomcat:8.0
+MAINTAINER Simon Bennetts "psiinon@gmail.com"
+
+RUN curl -s -L https://github.com/psiinon/bodgeit/releases/download/1.4.0/bodgeit.war > bodgeit.war && \
+	mv bodgeit.war /usr/local/tomcat/webapps
+

BodgeIt/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '2'
+services:
+ web:
+  #build: .
+  image: psiinon/bodgeit:latest
+  ports:
+   - "80:8080"
+ 

DSVW/Dockerfile

@@ -0,0 +1,12 @@
+FROM python:2.7-jessie
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+RUN pip install lxml && \
+    mkdir /app && \
+    cd /app && \
+    wget https://github.com/stamparm/DSVW/raw/master/dsvw.py
+WORKDIR /app/
+
+EXPOSE 65412
+CMD python dsvw.py

DSVW/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+  web:
+    #build: .
+    image: c0ny1/dsvw:v0.1m
+    ports:
+      -  "80:65412"

DVWA/Dockerfile

@@ -0,0 +1,22 @@
+FROM tutum/lamp:latest
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+ADD . /tmp/
+RUN apt-get update && \
+    apt-get install -y libgd-dev && \
+    apt-get install -y php5-gd && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN rm /app/* && \
+    cd /tmp/ && \
+    cp php.ini /etc/php5/apache2/php.ini && \
+    cp php.ini /etc/php5/cli/php.ini && \
+    wget https://github.com/ethicalhack3r/DVWA/archive/v1.9.tar.gz && \
+    tar xvf v1.9.tar.gz && \
+    mv ./DVWA-1.9/* /app/ && \
+    chown www-data:www-data -R /app/ && \
+    chmod +x run.sh && \
+    ./run.sh && \
+    rm -rf /tmp/* && \
+

DVWA/docker-compose.yml

@@ -0,0 +1,14 @@
+version: '2'
+services:
+ web:
+  #build: .
+  image: dvwa1.9:0.1
+  links:
+   - db:db
+  ports:
+   - "80:80"
+
+ db:
+  image: mysql:5
+  environment: 
+   - MYSQL_ROOT_PASSWORD=root

DVWA/php.ini

@@ -0,0 +1,172 @@
+[PHP]
+engine = On
+short_open_tag = Off
+asp_tags = Off
+precision = 14
+output_buffering = 4096
+zlib.output_compression = Off
+implicit_flush = Off
+unserialize_callback_func =
+serialize_precision = 17
+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
+disable_classes =
+zend.enable_gc = On
+expose_php = Off
+max_execution_time = 30
+max_input_time = 60
+memory_limit = 128M
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+display_errors = Off
+display_startup_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+track_errors = Off
+html_errors = On
+variables_order = "GPCS"
+request_order = "GP"
+register_argc_argv = Off
+auto_globals_jit = On
+post_max_size = 8M
+auto_prepend_file =
+auto_append_file =
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+doc_root =
+user_dir =
+enable_dl = Off
+file_uploads = On
+upload_max_filesize = 2M
+max_file_uploads = 20
+allow_url_fopen = On
+allow_url_include = On
+default_socket_timeout = 60
+[CLI Server]
+cli_server.color = On
+[Date]
+[filter]
+[iconv]
+[intl]
+[sqlite3]
+[Pcre]
+[Pdo]
+[Pdo_mysql]
+pdo_mysql.cache_size = 2000
+pdo_mysql.default_socket=
+[Phar]
+[mail function]
+SMTP = localhost
+smtp_port = 25
+mail.add_x_header = On
+[SQL]
+sql.safe_mode = Off
+[ODBC]
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+[Interbase]
+ibase.allow_persistent = 1
+ibase.max_persistent = -1
+ibase.max_links = -1
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+ibase.dateformat = "%Y-%m-%d"
+ibase.timeformat = "%H:%M:%S"
+[MySQL]
+mysql.allow_local_infile = On
+mysql.allow_persistent = On
+mysql.cache_size = 2000
+mysql.max_persistent = -1
+mysql.max_links = -1
+mysql.default_port =
+mysql.default_socket =
+mysql.default_host =
+mysql.default_user =
+mysql.default_password =
+mysql.connect_timeout = 60
+mysql.trace_mode = Off
+[MySQLi]
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.cache_size = 2000
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+[OCI8]
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+[Sybase-CT]
+sybct.allow_persistent = On
+sybct.max_persistent = -1
+sybct.max_links = -1
+sybct.min_server_severity = 10
+sybct.min_client_severity = 10
+[bcmath]
+bcmath.scale = 0
+[browscap]
+[Session]
+session.save_handler = files
+session.use_strict_mode = 0
+session.use_cookies = 1
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.serialize_handler = php
+session.gc_probability = 0
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.hash_function = 0
+session.hash_bits_per_character = 5
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+[MSSQL]
+mssql.allow_persistent = On
+mssql.max_persistent = -1
+mssql.max_links = -1
+mssql.min_error_severity = 10
+mssql.min_message_severity = 10
+mssql.compatibility_mode = Off
+mssql.secure_connection = Off
+[Assertion]
+[COM]
+[mbstring]
+[gd]
+[exif]
+[Tidy]
+tidy.clean_output = Off
+[soap]
+soap.wsdl_cache_enabled=1
+soap.wsdl_cache_dir="/tmp"
+soap.wsdl_cache_ttl=86400
+soap.wsdl_cache_limit = 5
+[sysvshm]
+[ldap]
+ldap.max_links = -1
+[mcrypt]
+[dba]
+[opcache]
+[curl]
+[openssl]

DVWA/run.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+sed -i "s/p@ssw0rd//g" /app/config/config.inc.php && \
+sed -i "s/$_DVWA[ 'recaptcha_private_key' ] = ''/$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'/g" /app/config/config.inc.php && \
+sed -i "s/$_DVWA[ 'recaptcha_public_key' ] = ''/$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ'/g" /app/config/config.inc.php

Hackademic/Dockerfile

@@ -0,0 +1,12 @@
+FROM tutum/lamp:latest
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+#COPY . /tmp/
+RUN cd /tmp/ && \
+    git clone -b master https://github.com/Hackademic/hackademic.git
+
+RUN rm -rf /app/*  && \
+    cp -r /tmp/hackademic/* /app/ && \
+    chown www-data:www-data -R /app/ && \
+    rm -rf /tmp/hackademic

Hackademic/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+  web:
+    #build: .
+    image: c0ny1/hackademic:master
+    ports:
+      - "80:80"

MCIR/Dockerfile

@@ -0,0 +1,31 @@
+FROM php:5.6.13-apache
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+RUN apt-get update && \
+    apt-get install -y php5-xsl && \
+    apt-get install -y php5-mcrypt && \
+    apt-get install -y libmcrypt-dev && \
+    apt-get install -y libxslt1-dev && \
+    apt-get install -y git && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN docker-php-ext-install mcrypt && \
+    docker-php-ext-install xsl && \
+    docker-php-ext-install mysql
+
+RUN cd /tmp/ && \
+    git clone https://github.com/SpiderLabs/MCIR.git && \
+    cd MCIR &&\
+    git checkout 8ca70207b692ceaf72d5a60653f6d1d83cce88ef && \
+    rm -rf /var/www/html/* && \
+    mv * /var/www/html/ && \
+    cd /var/www/html/ && \
+    sed -i "s/default_mcir_db_password/mcirpass00112233/" sqlol/includes/database.config.php && \
+    sed -i "s/default_mcir_db_password/mcirpass00112233/" cryptomg/includes/db.inc.php && \
+    sed -i "s/localhost/mysqldb/" sqlol/includes/database.config.php && \
+    sed -i "s/localhost/mysqldb/" cryptomg/includes/db.inc.php && \
+    chmod 666 xssmh/pxss.html && \
+    rm -rf /var/lib/apt/lists/* && \
+    rm -rf /tmp/MCIR

MCIR/docker-compose.yml

@@ -0,0 +1,19 @@
+version: '2'
+services:
+ mysqldb:
+   image: mysql
+   environment:
+     - MYSQL_ROOT_PASSWORD=mcirpass00112233
+     - MYSQL_DATABASE=sqlol
+
+ mcir:
+   #build: .
+   image: andresriancho/mcir:latest
+   ports:
+     - "8090:80"
+   links:
+     - mysqldb
+   environment:
+     - APACHE_RUN_USER=www-data
+     - APACHE_RUN_GROUP=www-data
+     - APACHE_LOG_DIR=/var/log/apache2/

README.md

@@ -1,2 +1,62 @@
 # vulstudy
-使用docker快速搭建各大漏洞学习平台，目前已经收集12个平台。
+
+vulstudy是专门收集当下流行的漏洞学习平台，并将其制作成docker镜像，方便大家快速搭建环境，节省搭建时间，专注于的漏洞学习上。目前`vulstudy`包含以下漏洞学习平台：
+
+|序号|漏洞平台|包含漏洞|作者|语言|
+|:---:|:---:|:----:|:---:|:---:|
+|1|[DVWA](http://www.dvwa.co.uk)|暴力破解，XSS，CSRF，SQL注入，命令执行|未知|php|
+|2|[bwapp](https://sourceforge.net/projects/bwapp/)|综合|未知|php|
+|3|[sqli-labs](https://github.com/Audi-1/sqli-labs)|SQL注入|[Audi](https://github.com/Audi-1)|php|
+|4|[mutillidae](http://sourceforge.net/projects/mutillidae)|综合|OWASP|php|
+|5|[BodgeIt](https://github.com/psiinon/bodgeit)|综合|[psiinon](https://github.com/psiinon/bodgeit)|java|
+|6|[WackoPicko](https://github.com/adamdoupe/WackoPicko)|综合|[adamdoupe](https://github.com/adamdoupe)|php|
+|7|[WebGoat](https://github.com/WebGoat/WebGoat)|综合|OWASP|java|
+|8|[Hackademic](https://github.com/Hackademic/hackademic)|综合|[northdpole](https://github.com/northdpole)|php|
+|9|[XSSed](https://github.com/aj00200/xssed)|XSS|AJ00200|php|
+|10|[DSVW](https://github.com/stamparm/DSVW)|综合|Miroslav Stampar|python|
+|11|[vulnerable-node](https://github.com/cr0hn/vulnerable-node)|综合|[cr0hn](https://github.com/cr0hn)|NodeJS|
+|12|[MCIR](https://github.com/SpiderLabs/MCIR)|综合|[Spider Labs](https://github.com/SpiderLabs)|php|
+
+## 0x01 安装
+
+```
+# 安装docker
+apt-get install docker.io
+# 安装docker-compose
+pip install docker-compose
+# 下载vulstudy项目 
+git clone https://github.com/c0ny1/vulstudy.git
+```
+
+## 0x02 使用
+使用主要分两种：单独运行一个漏洞平台，同时运行多个漏洞平台。
+
+#### 1.单独运行一个漏洞平台
+
+cd到要运行的漏洞平台下运行以下命令
+
+```
+cd vulstudy/dvwa
+docer-compose up -d #启动
+docker-compose stop #停止
+```
+
+#### 2.同时运行所有漏洞平台
+
+在项目根目录下运行以下命令
+
+```
+cd vulstudy
+docker-compose up -d
+```
+![演示二](show2.gif)
+
+## 0x3 FAQ
+**1.第一次bWAPP容器访问主页会报错**
+
+Connection failed: Unknown database 'bWAPP'
+
+**解决：**第一次创建应事先访问/install.php来创建数据库！
+
+## 0x4 声明
+该项目只是收集了当下比较流行的漏洞学习平台，若有侵权，请联系我！同时欢迎大家提交更多有意思的漏洞学习平台，让我们一起把它们放到docker上，方便更多人的工作和学习！

WackoPicko/Dockerfile

@@ -0,0 +1,24 @@
+FROM tutum/lamp:latest
+
+MAINTAINER c0ny1 <c0ny1>
+
+RUN apt-get update && \
+    apt-get install -y libgd-dev && \
+    apt-get install -y php5-gd && \
+    apt-get clean && \
+    cd /tmp/ && \
+    git clone https://github.com/adamdoupe/WackoPicko.git && \
+    cd WackoPicko && \
+    git checkout 065cb92aceb6f76138786e94959034014e733b99 && \
+    rm -rf /app/* && \
+    mv -f /tmp/WackoPicko/website/* /app/ && \
+    chmod 777 /app/upload && \
+    cp current.sql / && \
+    cp create_mysql_admin_user.sh / && \
+    cp php.ini /etc/php5/apache2/php.ini && \
+    cp php.ini /etc/php5/cli/php.ini && \
+    chmod 755 /*.sh && \
+    rm -rf /var/lib/apt/lists/* && \
+    rm -rf /tmp/WackoPicko
+
+CMD ["/run.sh"]

WackoPicko/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '2'
+services: 
+ web:
+  #build: .
+  image: adamdoupe/wackopicko:latest
+  ports:
+   - "80:80"
+

WebGoat/docker-compose.yml

@@ -0,0 +1,17 @@
+version: '2.0'
+
+services:
+  webgoat:
+    #build: webgoat-server/
+    image: c0ny1/webgoat-server:v8.0.0.M14
+    command: "sh /home/webgoat/start.sh"
+    ports:
+      - "8080:8080"
+  webwolf:
+    #build: webwolf/
+    image: c0ny1/webwolf:v8.0.0.M14
+    command: "sh /home/webwolf/start.sh"
+    depends_on:
+      - webgoat
+    ports:
+      - "8081:8081"

WebGoat/webgoat-server/Dockerfile

@@ -0,0 +1,17 @@
+FROM openjdk:8-jre-slim
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+RUN useradd --home-dir /home/webgoat --create-home -U webgoat && \
+    apt-get update && \
+    apt-get install curl -y && \
+    apt-get install wget && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY start.sh /home/webgoat/start.sh
+RUN chmod +x /home/webgoat/start.sh
+USER webgoat
+RUN cd /home/webgoat/ && \
+    mkdir -p .webgoat && \
+    wget -O webgoat.jar https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M14/webgoat-server-8.0.0.M14.jar

WebGoat/webgoat-server/start.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+java -jar -Djava.security.egd=file:/dev/./urandom /home/webgoat/webgoat.jar --server.address=0.0.0.0 --server.port=8080

WebGoat/webwolf/Dockerfile

@@ -0,0 +1,16 @@
+FROM openjdk:8-jre-slim
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+RUN useradd --home-dir /home/webwolf --create-home -U webwolf && \
+    apt-get update && \
+    apt-get install curl -y && \
+    apt-get install wget && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY start.sh /home/webwolf/start.sh
+RUN chmod +x /home/webwolf/start.sh
+USER webwolf
+RUN cd /home/webwolf && \
+    wget -O webwolf.jar https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M14/webwolf-8.0.0.M14.jar

WebGoat/webwolf/start.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+java -jar -Djava.security.egd=file:/dev/./urandom /home/webwolf/webwolf.jar --server.address=0.0.0.0 --server.port=8081 

XSSed/Dockerfile

@@ -0,0 +1,16 @@
+FROM php:5.5-apache
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+# set DirectoryIndex:index.htm
+COPY docker-php.conf /etc/apache2/conf-enabled/
+
+RUN apt-get update && \
+    apt-get install -y git && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    cd /tmp/ && \
+    git clone https://github.com/aj00200/xssed.git && \
+    cd xssed && \
+    mv * /var/www/html/ && \
+    rm -rf /tmp/xssed

XSSed/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+ web:
+   #build: .
+   image: c0ny1/xssed:latest
+   ports:
+     - "80:80"

XSSed/docker-php.conf

@@ -0,0 +1,12 @@
+<FilesMatch \.php$>
+        SetHandler application/x-httpd-php
+</FilesMatch>
+
+DirectoryIndex disabled
+DirectoryIndex index.php index.html index.htm
+
+<Directory /var/www/>
+        Options -Indexes
+        AllowOverride All
+</Directory>
+

bWAPP/Dockerfile

@@ -0,0 +1,16 @@
+FROM tutum/lamp:latest
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+RUN apt-get update && \
+    apt-get install -y wget zip && \
+    apt-get clean && \
+    rm /app/* && \
+    cd /tmp && \
+    wget https://jaist.dl.sourceforge.net/project/bwapp/bWAPP/bWAPPv2.2/bWAPPv2.2.zip &&\
+    unzip ./bWAPPv2.2.zip && \
+    mv ./bWAPP/* /app/ && \
+    rm -rf /tmp/* && \
+    rm -rf /var/lib/apt/lists/*
+
+CMD ["/run.sh"]

bWAPP/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '2'
+services: 
+ web:
+  #build: .
+  image: c0ny1/bwapp:v2.2
+  ports:
+   - "80:80"
+

docker-compose.yml

@@ -0,0 +1,98 @@
+version: '2'
+services:
+ web_gui:
+  build: ./www/
+  ports:
+   - "80:80"
+ 
+ dvwa:
+  image: c0ny1/dvwa:v1.9
+  ports:
+   - "81:80"
+
+ bwapp:
+  image: c0ny1/bwapp:v2.2
+  ports:
+   - "82:80"
+
+ sqli-labs:
+  image: c0ny1/sqli-labs:0.1
+  ports:
+   - "83:80"
+
+ mutillidae:
+  image: c0ny1/mutillidae:v2.6.62
+  ports:
+   - "84:80"
+ 
+ bodgelt:
+  image: psiinon/bodgeit:latest
+  ports:
+   - "85:80"
+
+ wackopicko:
+  image: adamdoupe/wackopicko:latest
+  ports:
+   - "86:80"
+
+ webgoat:
+  image: c0ny1/webgoat-server:v8.0.0.M14
+  command: "sh /home/webgoat/start.sh"
+  ports:
+   - "8080:8080"
+
+ webwolf:
+  image: c0ny1/webwolf:v8.0.0.M14
+  command: "sh /home/webwolf/start.sh"
+  depends_on:
+   - webgoat
+  ports:
+   - "8081:8081"
+
+ Hackademic:
+  image: c0ny1/hackademic:master
+  ports:
+    - "87:80"
+
+ XSSed:
+  image: c0ny1/xssed:latest
+  ports:
+   - "88:80"
+
+ dsvw:
+  image: c0ny1/dsvw:v0.1m
+  ports:
+   - "65412:65412"
+
+ #########################################
+ vulnerable_node:
+  restart: always
+  image: c0ny1/vulnerable-node:latest
+  ports:
+   - "3000:3000"
+  depends_on:
+   - postgres_db
+
+ postgres_db:
+  restart: always
+  build: ./vulnerable-node/postgresql/
+  ports:
+   - "5432:5432"
+ 
+ #########################################
+ mcir:
+  image: andresriancho/mcir:latest
+  ports:
+   - "8090:80"
+  links:
+   - mysqldb
+  environment:
+   - APACHE_RUN_USER=www-data
+   - APACHE_RUN_GROUP=www-data
+   - APACHE_LOG_DIR=/var/log/apache2/
+ mysqldb:
+  image: mysql
+  environment:
+   - MYSQL_ROOT_PASSWORD=mcirpass00112233
+   - MYSQL_DATABASE=sqlol
+ #########################################

mutillidae/Dockerfile

@@ -0,0 +1,23 @@
+FROM tutum/lamp:latest
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Preparation
+RUN rm -fr /app/* && \
+  apt-get update && apt-get install -yqq wget unzip php5-curl dnsutils && \
+  rm -rf /var/lib/apt/lists/*
+
+# Deploy Mutillidae
+RUN \
+  wget -O /mutillidae.zip https://jaist.dl.sourceforge.net/project/mutillidae/mutillidae-project/LATEST-mutillidae-2.6.62.zip && \
+  unzip /mutillidae.zip && \
+  rm -rf /app/* && \
+  cp -r /mutillidae/* /app  && \
+  rm -rf /mutillidae  && \
+  sed -i 's/DirectoryIndex index.html.*/DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm/g' /etc/apache2/mods-enabled/dir.conf&& \
+  sed -i 's/static public \$mMySQLDatabaseUsername =.*/static public \$mMySQLDatabaseUsername = "admin";/g' /app/classes/MySQLHandler.php && \
+  echo "sed -i 's/static public \$mMySQLDatabasePassword =.*/static public \$mMySQLDatabasePassword = \\\"'\$PASS'\\\";/g' /app/classes/MySQLHandler.php" >> /create_mysql_admin_user.sh && \
+  echo 'session.save_path = "/tmp"' >> /etc/php5/apache2/php.ini 
+
+EXPOSE 80 3306
+CMD ["/run.sh"]

mutillidae/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+ web:
+  #build: .
+  image: c0ny1/mutillidae:v2.6.62
+  ports:
+   - "80:80"

sqli-labs/Dockerfile

@@ -0,0 +1,14 @@
+FROM tutum/lamp:latest
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+RUN cd /tmp/ &&\
+    git clone https://github.com/Audi-1/sqli-labs.git && \
+    cd sqli-labs && \
+    git checkout e96f21776372c8613a7e565106e62bc01a59355e && \
+    rm -rf /app/* && \
+    mv -f /tmp/sqli-labs/* /app/ && \
+    chown www-data:www-data -R /app && \
+    rm -rf /tmp/sqli-labs
+
+EXPOSE 80 3306

sqli-labs/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+ web:
+  #build: .
+  image: c0ny1/sqli-labs:0.1
+  ports:
+   - "80:80"

vulnerable-node/Dockerfile

@@ -0,0 +1,30 @@
+FROM ubuntu:xenial
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+ENV STAGE "DOCKER"
+
+RUN apt-get update && apt-get -y upgrade && \
+    apt-get install -y nodejs && \
+    apt-get install -y npm && \
+    apt-get install -y netcat && \
+    apt-get install -y git && \
+    apt-get clean && \
+    ln -s /usr/bin/nodejs /usr/bin/node && \
+    cd /tmp/ && \
+    git clone https://github.com/cr0hn/vulnerable-node.git && \
+    cd ./vulnerable-node && \
+    git checkout 8937dfbc012b4a76b99fb41ce14e29e95862fafb && \
+    mkdir /app && \
+    mv package.json /app/ && \
+    cd /app && \
+    npm install && \
+    mv /tmp/vulnerable-node/* ./ && \
+    chmod +x /app/start.sh && \
+    rm -rf /var/lib/apt/lists/* && \
+    rm -rf /tmp/vulnerable-node
+
+WORKDIR /app
+
+EXPOSE 3000
+CMD [ "/app/start.sh" ]

vulnerable-node/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '2'
+services:
+  vulnerable_node:
+    restart: always
+    #build: .
+    image: c0ny1/vulnerable-node:latest
+    ports:
+      - "3000:3000"
+#    links:
+#      - postgres_db:postgres_db
+    depends_on:
+      - postgres_db
+
+  postgres_db:
+    restart: always
+    build: ./postgresql
+    ports:
+      - "5432:5432"

vulnerable-node/postgresql/Dockerfile

@@ -0,0 +1,5 @@
+FROM library/postgres
+
+MAINTAINER "Daniel Garcia aka (cr0hn)" <cr0hn@cr0hn.com>
+
+ADD init.sql /docker-entrypoint-initdb.d/

vulnerable-node/postgresql/init.sql

@@ -0,0 +1,2 @@
+CREATE DATABASE vulnerablenode;
+GRANT ALL PRIVILEGES ON DATABASE vulnerablenode TO postgres;

www/Dockerfile

@@ -0,0 +1,8 @@
+FROM tutum/lamp:latest
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+RUN rm -rf /app/*
+ADD . /app/
+
+CMD ["/run.sh"]

www/index.css

@@ -0,0 +1,70 @@
+html, body {
+  width    : 100%;
+  height   : 100%;
+  margin   : 0;
+}
+
+th{
+	text-align: center;border-bottom:1px solid #f6f6f6;
+}
+td{
+	text-align: center;border-bottom:1px solid #f6f6f6;
+}
+.table-hover > tbody > tr:hover > td,
+.table-hover > tbody > tr:hover > th {
+  background-color: #ce7b0b;
+}
+
+.center {
+  display      : block;
+  margin-left  : auto;
+  margin-right : auto;
+}
+
+#Wrapper {
+  margin-top: 60px;
+  font-family : "Roboto", sans-serif;
+  text-align  : center;
+}
+
+#Box {
+  max-width          : 800px;
+  max-height         : 600px;
+  background-color   : rgba(255, 255, 255, .7);
+  margin-left        : auto;
+  margin-right       : auto;
+  padding            : 10px; 
+  left               : 0;
+  right              : 0;
+  border-radius      : 10px;
+  -webkit-box-shadow : 0 8px 17px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);
+  -moz-box-shadow    : 0 8px 17px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);
+  box-shadow         : 0 8px 17px 0 rgba(0,0,0,0.2),0 6px 20px 0 rgba(0,0,0,0.19);
+}
+
+#Box h1 {
+  font-weight : 300;
+  font-size   : 40px;
+}
+
+#Box h1 span { font-weight : 400; }
+
+#Box h2 {
+  font-weight : 300;
+  font-size   : 30px;
+}
+
+#Box .code-preview {
+  width     : 330px;
+  font-size : 15px;
+}
+
+#Box .effects {
+  width         : 180px;
+  height        : 50px;
+  font-size     : 25px;
+  outline       : none;
+  margin        : 30px auto;
+  opacity       : .7;
+  border-radius : 5px;
+}

www/index.html

@@ -0,0 +1,146 @@
+
+
+<!DOCTYPE html> 
+
+<html lang="zh"> 
+
+<head> 
+
+<meta charset="UTF-8"> 
+<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> 
+<meta name="viewport" content="width=device-width, initial-scale=1.0"> 
+<link rel="icon" href="favicon.jpg" type="image/x-icon">
+<title>vulstudy</title> 
+<link rel="stylesheet" type="text/css" href="index.css"> 
+<link rel="stylesheet" href="bootstrap.min.css">
+</head> 
+
+<body style="background-color: #2e3030;"> 
+
+<div style="width:240px;height:50px;margin: 0 auto;border: 0px solid #000000;">
+<a href="http://github.com/c0ny1/vulstudy" style="text-decoration:none;" target="view_window"><h1 style="color: #fbcc04;font-size: 60px;">vulstudy</h1></a>
+</div>
+
+<div id="Wrapper"> 
+
+<div id="Box"> 
+
+
+
+<table class="table table-hover" style="width: 90%;margin: 0 auto;font-size: 18px;">
+      <thead>
+        <tr>
+          <th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">序号</th>
+          <th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">漏洞平台</th>
+          <th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">包含漏洞</th>
+          <th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">作者</th>
+          <th style="text-align: center;color: #7f160e;font-weight: border;font-size: 22px;">语言</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr onClick="openURL(':81/')">
+          <th scope="row" style="text-align: center;">1</th>
+          <td>DVWA</td>
+          <td>综合</td>
+          <td>未知</td>
+          <td>php</td>
+        </tr>
+        <tr onClick="openURL(':82/')">
+          <th scope="row" style="text-align: center;">2</th>
+          <td>bWAPP</td>
+          <td>综合</td>
+          <td>未知</td>
+          <td>php</td>
+        </tr>
+        <tr onClick="openURL(':83/')">
+          <th scope="row" style="text-align: center;">3</th>
+          <td>sqli-labs</td>
+          <td>SQL注入</td>
+          <td>Audi</td>
+          <td>php</td>
+        </tr>
+        <tr onClick="openURL(':84/')">
+          <th scope="row" style="text-align: center;">4</th>
+          <td>mutillidae</td>
+          <td>综合</td>
+          <td>OWASP</td>
+          <td>php</td>
+        </tr>
+        <tr onClick="openURL(':85/')">
+          <th scope="row" style="text-align: center;">5</th>
+          <td>BodgeIt</td>
+          <td>综合</td>
+          <td>psiinon</td>
+          <td>java</td>
+        </tr>
+        <tr onClick="openURL(':86/')">
+          <th scope="row" style="text-align: center;">6</th>
+          <td>WackoPicko</td>
+          <td>综合</td>
+          <td>adamdoupe</td>
+          <td>php</td>
+        </tr>
+        <tr onClick="openURL(':8080/WebGoat/')">
+          <th scope="row" style="text-align: center;">7</th>
+          <td>WebGoat</td>
+          <td>综合</td>
+          <td>OWASP</td>
+          <td>java</td>
+        </tr>
+        <tr onClick="openURL(':87/')">
+          <th scope="row" style="text-align: center;">8</th>
+          <td>Hackademic</td>
+          <td>综合</td>
+          <td>northdpole</td>
+          <td>php</td>
+        </tr>
+        <tr onClick="openURL(':88/')">
+          <th scope="row" style="text-align: center;">9</th>
+          <td>XSSed</td>
+          <td>XSS</td>
+          <td>AJ00200</td>
+          <td>php</td>
+        </tr>
+        <tr onClick="openURL(':65412/')">
+          <th scope="row" style="text-align: center;">10</th>
+          <td>DSVW</td>
+          <td>综合</td>
+          <td>Miroslav Stampar</td>
+          <td>python</td>
+        </tr>
+		<tr onClick="openURL(':3000/')">
+          <th scope="row" style="text-align: center;">11</th>
+          <td>vulnerable-node</td>
+          <td>综合</td>
+          <td>cr0hn</td>
+          <td>NodeJS</td>
+        </tr>
+		<tr onClick="openURL(':8090/')">
+          <th scope="row" style="text-align: center;">12</th>
+          <td>MCIR</td>
+          <td>综合</td>
+          <td>Spider Labs</td>
+          <td>php</td>
+        </tr>
+      </tbody>
+    </table>
+
+</div> 
+
+</div> 
+<div style="height:60px;margin-top: 30px; bottom:0px;width:100%; clear:both;border: 0px solid #000000;">
+    	<div style="width: 250px;height: 25px;border: 0px solid #000000;margin: 0 auto;">
+    		<span style="color: #808080;font-size: 17px;">Copyright&nbsp;@&nbsp;2018&nbsp;by&nbsp;<a href="http://gv7.me">c0ny1</a></span>
+    	</div>
+    </div>
+
+<script type="text/javascript">
+	function openURL(path){
+		var domain = document.domain;
+		var url = "http://" + domain + path;
+		window.open(url);
+	}
+</script>
+</body> 
+
+</html>