aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/FUNDING.yml vendored Normal file
View File

@@ -0,0 +1,12 @@
# These are supported funding model platforms
github: phith0n
patreon:
open_collective:
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
custom: # Replace with a single custom sponsorship URL

84
.github/ISSUE_TEMPLATE/bug-report.md vendored Normal file
View File

@@ -0,0 +1,84 @@
---
name: Bug Report
about: Please fill out this bug report template to help us improve vulhub / 请按照模板填写错误报告以帮助我们改进vulhub
---
Before submitting an issue, please make sure following things:
1. your local vulhub is up to date
2. Your host OS is on the AMD64 architecture. If you're using a Macbook with an M-series chip, make sure you've tried the methods listed at <https://vulhub.org/documentation/faq>.
3. If you're having trouble pulling the image, make sure you're not in mainland China and being affected by the GFW (Great Firewall).
Please fill in the following information:
- Which environment has the bug (e.g. langflow/CVE-2025-3248):
- Host OS (e.g. Ubuntu 24.04):
- Host CPU Architecture (e.g. x86_64):
- Docker version (e.g. Docker version 24.0.1, build 1160cc8):
- Is your Vulhub up to date: Yes / No
- Is your host in mainland China: Yes / No
- Have you retried and the error still occurs: Yes / No
After answering all the questions above, please describe the issue you encountered here in natural language, and provide logs and screenshots.
Only bugs related to vulhub itself are accepted, such as:
- Build image fails due to errors
- Environment is inaccessible after running
- Vulnerability cannot be reproduced following the README
- Errors in the README, such as typos or invalid reference links
Not accepted:
- Bugs during docker installation
- Bugs that occur within Docker when running it
- Failed to pull/download vulhub due to network issues
- Failed to pull docker images due to network issues
Note: If the environment is set up successfully but the vulnerability cannot be reproduced, I may not test or reply to such issues, as all environments have been tested during setup. Please troubleshoot on your own first. If you find the cause is indeed a vulhub issue (e.g., an unconsidered scenario), then create an issue.
Please paste the complete error message, which can be command line output, software error messages, screenshots, etc.
**Note: Please paste the complete error message, not just the last line!**
------------------
提交issue前请先检查下面的问题
1. 你本地的vulhub是最新版否则可能存在一些由于时间问题导致而今已经修复的bug
2. 你的主机是AMD64架构如果是M系列芯片的Mac请先尝试这个文档中列出的方法<https://vulhub.org/documentation/faq>
3. 如果你在拉取镜像时遇到网络问题请确保你不在中国大陆没有受到GFWGreat Firewall的影响
检查完毕上述问题后再填写下面的列表确保我们能够帮助你进行Debug
- 哪个环境出现了BUG例如langflow/CVE-2025-3248
- 主机使用的操作系统例如Ubuntu 24.04
- 主机CPU架构例如x86_64
- Docker版本例如Docker version 24.0.1, build 1160cc8
- 你的Vulhub是否是最新版是 / 否
- 主机是否在中国大陆:是 / 否
- 是否重试过仍然出现这个错误:是 / 否
在填写完上面的所有问题后,再在此处使用自然语言描述你遇到的问题,并提供日志和截图。
我们仅接受Vulhub自身的bug
- 编译时出现bug导致编译失败
- 漏洞环境运行后,环境无法访问
- 漏洞环境运行后按照README中的操作无法复现漏洞
- README 中出现的错误,如错别字、参考链接失效等
不接受如下问题:
- 安装docker时出现的bug
- 运行docker时docker本身出现的bug
- 拉取/下载vulhub时因为网络原因导致拉取失败
- 拉取docker镜像时因为网络原因导致拉取失败
注意关于环境搭建成功但复现漏洞不成功的情况我可能不会测试并回复issue因为所有环境在搭建的时候均已测试成功。建议此类issue作者自行测试并寻找错误原因如果找到原因的确是Vulhub的问题比如某种情况没考虑到则再创建issue。
**附加信息**
请贴出完整错误信息,可以是命令行输出、软件报错信息、截图等。
**注意,请贴出完整错误信息,不要只粘贴错误的最后一行!**

BIN
.github/assets/banner.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

41
.github/assets/logo.svg vendored Normal file
View File

@@ -0,0 +1,41 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="500" height="500" viewBox="0 0 500 500">
<defs>
<clipPath id="clip-SPRK_default_preset_name_custom_1">
<rect width="500" height="500"/>
</clipPath>
</defs>
<g id="SPRK_default_preset_name_custom_1" data-name="SPRK_default_preset_name_custom 1" clip-path="url(#clip-SPRK_default_preset_name_custom_1)">
<rect width="500" height="500" fill="#fff"/>
<g id="组_1" data-name="组 1" transform="translate(54.6 30.8)">
<g id="组_21" data-name="组 21" transform="translate(8.402 0)">
<path id="路径_41" data-name="路径 41" d="M439.7,158.428s250.048-.619,261.354-.054,20.125-6.728,20.125-6.728c-17.591-26.212-5.651-58.783,5.655-69.52,15.826,5.086,31.652,27.2,31.652,44.085,14.129-4.52,46.347,0,50.3,9.044,0,26.85-28.543,43.523-58.218,36.175-14.7,51.151-38.333,81.83-82.522,107.957-44.935,26.566-111.35,26.847-167.34-7.651-50.44-31.074-70.616-92.959-70.051-102.568S436.591,158.438,439.7,158.428Z" transform="translate(-427.004 29.012)" fill="#2480c5"/>
<rect id="矩形_1" data-name="矩形 1" width="37.022" height="37.022" transform="translate(35.306 143.496)" fill="#2480c5"/>
<rect id="矩形_2" data-name="矩形 2" width="37.022" height="37.022" transform="translate(81.089 143.496)" fill="#2480c5"/>
<rect id="矩形_3" data-name="矩形 3" width="37.022" height="37.022" transform="translate(81.089 99.744)" fill="#2480c5"/>
<rect id="矩形_4" data-name="矩形 4" width="37.022" height="37.022" transform="translate(126.871 99.744)" fill="#2480c5"/>
<rect id="矩形_5" data-name="矩形 5" width="37.022" height="37.022" transform="translate(126.871 143.496)" fill="#2480c5"/>
<rect id="矩形_6" data-name="矩形 6" width="37.022" height="37.022" transform="translate(172.601 99.744)" fill="#2480c5"/>
<rect id="矩形_7" data-name="矩形 7" width="37.022" height="37.022" transform="translate(126.871 53.773)" fill="#2480c5"/>
<rect id="矩形_8" data-name="矩形 8" width="37.022" height="37.022" transform="translate(172.601 143.496)" fill="#2480c5"/>
<rect id="矩形_9" data-name="矩形 9" width="37.022" height="37.022" transform="translate(218.384 143.496)" fill="#2480c5"/>
<path id="路径_42" data-name="路径 42" d="M443.973,97.26A163.977,163.977,0,0,1,640.8,67.027" transform="translate(-398.236 -46.943)" fill="none" stroke="#2480c5" stroke-linecap="round" stroke-linejoin="round" stroke-width="1"/>
<path id="路径_43" data-name="路径 43" d="M435.963,86.41a163.849,163.849,0,0,1,11.988-18.568" transform="translate(-415.528 -1.825)" fill="none" stroke="#2480c5" stroke-linecap="round" stroke-linejoin="round" stroke-width="1"/>
<path id="路径_44" data-name="路径 44" d="M429.494,145.009a163.278,163.278,0,0,1,14.537-67.574" transform="translate(-429.494 18.885)" fill="none" stroke="#2480c5" stroke-linecap="round" stroke-linejoin="round" stroke-width="1"/>
<path id="路径_45" data-name="路径 45" d="M522.518,67.209a164.161,164.161,0,0,1,18.053,29.4" transform="translate(-228.669 -3.192)" fill="none" stroke="#2480c5" stroke-linecap="round" stroke-linejoin="round" stroke-width="1"/>
<path id="路径_46" data-name="路径 46" d="M513.275,57.9a164.951,164.951,0,0,1,13.76,12.029" transform="translate(-248.623 -23.282)" fill="none" stroke="#2480c5" stroke-linecap="round" stroke-linejoin="round" stroke-width="1"/>
</g>
<g id="组_22" data-name="组 22" transform="translate(0 350.879)">
<path id="路径_47" data-name="路径 47" d="M451.552,230.22l-24.718-72.2h23.935l12.556,47.872,12.948-47.872h23.938l-25.116,72.2Z" transform="translate(-426.834 -158.021)" fill="#2480c5"/>
<path id="路径_48" data-name="路径 48" d="M509.588,164.231v52.582H490.36v-7.847q-6.278,9.415-19.225,8.63Q452.684,217.2,452.3,196.41V164.231h21.19v28.256q-.393,10.206,7.455,9.808,7.847.393,7.847-12.948V164.231Z" transform="translate(-371.859 -144.615)" fill="#2480c5"/>
<path id="路径_49" data-name="路径 49" d="M494.708,230.22H473.913v-72.2h20.795Z" transform="translate(-325.197 -158.021)" fill="#2480c5"/>
<path id="路径_50" data-name="路径 50" d="M483.974,230.22v-72.2h21.19v26.288a18.364,18.364,0,0,1,15.7-8.238q20.4,0,20.4,22.76V230.22H520.468V202.362q0-9.8-7.458-9.811-8.24-.384-7.846,10.986V230.22Z" transform="translate(-303.477 -158.021)" fill="#2480c5"/>
<path id="路径_51" data-name="路径 51" d="M562.381,164.231v52.582H543.153v-7.847q-6.278,9.415-19.225,8.63-18.451-.393-18.836-21.186V164.231h21.19v28.256q-.393,10.206,7.455,9.808,7.847.393,7.847-12.948V164.231Z" transform="translate(-257.887 -144.615)" fill="#2480c5"/>
<path id="路径_52" data-name="路径 52" d="M547.4,158.021v24.718a17.514,17.514,0,0,1,14.91-6.668q21.578,1.966,23.151,27.466-.393,27.075-23.935,27.466-12.168,0-16.088-8.238h-.392v7.455H526.209v-72.2Zm8.238,58.464q8.24,0,8.633-12.162-.393-11.775-8.633-12.168-8.24.4-9.025,11.773Q547.005,216.1,555.637,216.485Z" transform="translate(-212.298 -158.021)" fill="#2480c5"/>
</g>
</g>
<path id="路径_53" data-name="路径 53" d="M459.412,126.9l23.625-9.66s7.373,12.737-5.566,18.713C465.038,141.7,459.469,128.252,459.412,126.9Z" transform="translate(-295.585 138.777)" fill="#fff"/>
<g id="组_23" data-name="组 23" transform="translate(113.361 303.749)">
<path id="路径_281" data-name="路径 281" d="M464.167,152.116a138,138,0,0,1-19.392-1.292,1.581,1.581,0,1,1,.483-3.124c.515.079,51.824,7.644,73.169-16.808a1.581,1.581,0,0,1,2.382,2.079C506.834,148.979,481.712,152.116,464.167,152.116Z" transform="translate(-443.436 -130.351)" fill="#fff"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 5.6 KiB

156
.github/workflows/docker-image.yml vendored Normal file
View File

@@ -0,0 +1,156 @@
name: Vulhub Docker Image CI
on:
schedule:
- cron: "0 0 * * 1"
workflow_dispatch:
inputs:
scope:
description: 'Job scope'
required: true
default: 'all'
jobs:
longtime-images-test:
runs-on: ubuntu-latest
if: ${{ github.event.inputs.scope == 'all' || github.event.inputs.scope == 'longtime' }}
steps:
- uses: actions/checkout@v2
- uses: satackey/action-docker-layer-caching@v0.0.11
# Ignore the failure of a step and avoid terminating the job.
continue-on-error: true
- name: couchdb
run: |
bash tests/images-build.sh base/couchdb/1.6.0 base/couchdb/2.1.0
- name: ffmpeg
run: |
bash tests/image-build.sh base/ffmpeg/2.8.4 "vulhub/ffmpeg:2.8.4"
bash tests/image-build.sh base/ffmpeg/3.2.4 "vulhub/ffmpeg:3.2.4"
bash tests/images-build.sh base/ffmpeg/2.8.4-php base/ffmpeg/3.2.4-php
- name: git
run: |
bash tests/images-build.sh base/git/2.12.2
images-test:
runs-on: ubuntu-latest
if: ${{ github.event.inputs.scope == 'all' || github.event.inputs.scope == 'normal' }}
steps:
- uses: actions/checkout@v2
- uses: satackey/action-docker-layer-caching@v0.0.11
# Ignore the failure of a step and avoid terminating the job.
continue-on-error: true
- name: influxdb
run: |
bash tests/images-build.sh base/influxdb/1.6.6 base/influxdb/1.7.9
- name: jboss
run: |
bash tests/images-build.sh base/jboss/as-4.0.5 base/jboss/as-6.1.0
- name: jenkins
run: |
bash tests/images-build.sh base/jenkins/2.138 base/jenkins/2.46.1
- name: jira
run: |
bash tests/images-build.sh base/jira/8.1.0
- name: jmeter
run: |
bash tests/images-build.sh base/jmeter/3.3
- name: joomla
run: |
bash tests/images-build.sh base/joomla/3.4.5 base/joomla/3.7.0
- name: jupyter-notebook
run: |
bash tests/images-build.sh base/jupyter-notebook/5.2.2
- name: kibana
run: |
bash tests/images-build.sh base/kibana/5.6.12 base/kibana/6.5.4
# missed: httpd
- name: hadoop
run: |
bash tests/images-build.sh base/hadoop/2.8.1
- name: discuz
run: |
bash tests/images-build.sh base/discuzx/3.4-20170801 base/discuzx/7.2
- name: ghostscript
run: |
bash tests/image-build.sh base/ghostscript/9.21 "vulhub/ghostscript:9.21"
bash tests/image-build.sh base/ghostscript/9.23 "vulhub/ghostscript:9.23"
bash tests/image-build.sh base/ghostscript/9.25 "vulhub/ghostscript:9.25"
bash tests/image-build.sh base/ghostscript/9.26 "vulhub/ghostscript:9.26"
bash tests/image-build.sh base/ghostscript/9.53.3 "vulhub/ghostscript:9.53.3"
bash tests/images-build.sh base/ghostscript/9.21/with-flask base/ghostscript/9.23/with-flask
- name: imagemagick
run: |
bash tests/image-build.sh base/imagemagick/6.9.2-10 "vulhub/imagemagick:6.9.2-10"
bash tests/image-build.sh base/imagemagick/7.0.8-10 "vulhub/imagemagick:7.0.8-10"
bash tests/image-build.sh base/imagemagick/7.0.8-20 "vulhub/imagemagick:7.0.8-20"
bash tests/image-build.sh base/imagemagick/7.0.8-27 "vulhub/imagemagick:7.0.8-27"
bash tests/image-build.sh base/imagemagick/7.0.10-36 "vulhub/imagemagick:7.0.10-36"
bash tests/images-build.sh base/imagemagick/6.9.2-10/php base/imagemagick/7.0.8-10/php base/imagemagick/7.0.8-20/php base/imagemagick/7.0.8-27/php base/imagemagick/7.0.10-36/php
- name: gitea
run: |
bash tests/images-build.sh base/gitea/1.4.0
- name: gitlist
run: |
bash tests/images-build.sh base/gitlist/0.6.0
- name: glassfish
run: |
bash tests/images-build.sh base/glassfish/4.1
- name: cleanup
run: |
bash tests/cleanup.sh
- name: goahead
run: |
bash tests/images-build.sh base/goahead/3.6.4
- name: gogs
run: |
bash tests/images-build.sh base/gogs/0.11.66
- name: active-mq
run: |
bash tests/images-build.sh base/activemq/5.11.1 base/activemq/5.11.1/with-cron base/activemq/5.13.2
- name: apereo-cas
run: |
bash tests/images-build.sh base/apereo-cas/4.1.5
- name: appweb
run: |
bash tests/images-build.sh base/appweb/7.0.1
- name: aria2
run: |
bash tests/images-build.sh base/aria2/1.18.8
- name: baselinux
run: |
bash tests/images-build.sh base/baselinux/centos-6
- name: bash
run: |
bash tests/image-build.sh base/bash/4.3.0 "vulhub/bash:4.3.0"
bash tests/images-build.sh base/bash/4.3.0/with-httpd
- name: bind
run: |
bash tests/images-build.sh base/bind/latest
# missed: coldfusion
- name: confluence
run: |
bash tests/images-build.sh base/confluence/6.10.2 base/confluence/6.11.2
# longtime: couchdb
- name: django
run: |
bash tests/images-build.sh base/django/1.11.4 base/django/2.2.3 base/django/3.0.3
# missed: docker
- name: drupal
run: |
bash tests/images-build.sh base/drupal/7.31 base/drupal/8.5.0
- name: ecshop
run: |
bash tests/images-build.sh base/ecshop/2.7.3 base/ecshop/3.6.0
- name: elasticsearch
run: |
bash tests/images-build.sh base/elasticsearch/1.1.1 base/elasticsearch/1.4.2 base/elasticsearch/1.4.4 base/elasticsearch/1.5.1 base/elasticsearch/1.6.0 base/elasticsearch/5.6.16 base/elasticsearch/6.8.6
# missed: electron
- name: fastjson
run: |
bash tests/images-build.sh base/fastjson/1.2.24 base/fastjson/1.2.45
# longtime: ffmpeg
- name: flask
run: |
bash tests/images-build.sh base/flask/1.1.1

33
.github/workflows/format-check.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: Vulhub Format Check and Lint
on: [push, pull_request]
jobs:
format-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: install dependencies
run: |
python -m pip install -U pytest
sudo wget -O /usr/local/bin/hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64
sudo chmod +x /usr/local/bin/hadolint
- name: Check
run: |
python -m pytest tests/check
markdown-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20.x'
- name: install dependencies
run: |
npm install -g markdownlint-cli
- name: check markdown
run: |
markdownlint -c tests/markdownlint.json .

86
.github/workflows/update-vulhub-org.yml vendored Normal file
View File

@@ -0,0 +1,86 @@
name: Update Vulhub.org Environments
on:
push:
branches:
- master
paths:
- "environments.toml"
workflow_dispatch:
inputs:
dry_run:
description: "Dry run mode (no push to repository)"
type: boolean
default: false
required: false
jobs:
update-environments:
runs-on: ubuntu-latest
steps:
- name: Checkout vulhub repository
uses: actions/checkout@v4
with:
path: vulhub
fetch-depth: 0
- name: Checkout vulhub-org repository
uses: actions/checkout@v4
with:
repository: vulhub/vulhub-org
path: vulhub-org
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Update environments.json
run: |
cd vulhub-org
yarn install --frozen-lockfile
./scripts/update_environments.js -i ../vulhub -o ./lib/environments.json
- name: Upload environments.json
uses: actions/upload-artifact@v4
with:
name: environments.json
path: vulhub-org/lib/environments.json
- name: Check for changes and commit
id: commit
run: |
cd vulhub-org
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add lib/environments.json
git --no-pager diff --staged
# Check if there are changes to commit
if git diff --staged --quiet; then
echo "No changes to commit"
echo "has_changes=false" >> $GITHUB_OUTPUT
else
git commit -m "Update environments.json from vulhub/environments.toml"
echo "has_changes=true" >> $GITHUB_OUTPUT
fi
- name: Push changes
if: steps.commit.outputs.has_changes == 'true' && (github.event_name != 'workflow_dispatch' || !inputs.dry_run)
uses: ad-m/github-push-action@master
with:
repository: vulhub/vulhub-org
github_token: ${{ secrets.VULHUB_ORG_TOKEN }}
branch: main
directory: vulhub-org
- name: Dry run summary
if: github.event_name == 'workflow_dispatch' && inputs.dry_run
run: |
echo "### Dry Run Mode - Changes Not Pushed" >> $GITHUB_STEP_SUMMARY
if [ "${{ steps.commit.outputs.has_changes }}" == "true" ]; then
echo "✅ Changes were detected and would have been pushed to the repository" >> $GITHUB_STEP_SUMMARY
else
echo " No changes were detected" >> $GITHUB_STEP_SUMMARY
fi