🎉VulnRange

MANIFEST.in

@@ -0,0 +1,5 @@
+include flaskr/schema.sql
+graft flaskr/static
+graft flaskr/templates
+graft instance/flaskr.sqlite
+global-exclude *.pyc

README.md

@@ -1,2 +1,59 @@
-# VulnRange
+> **VulnRange的定位是一个漏洞靶场，用于快速的启动漏洞环境，便于漏洞复现和研究**
-漏洞靶场-快速搭建Web安全漏洞和第三方组件漏洞环境，用于漏洞复现和研究
+
+# 安装部署🚀
+
+## 环境配置
+
+**以Centos为例**
+
+1、[Centos安装python3.8和PIP](https://www.cnblogs.com/wintrysec/p/11963807.html)
+
+2、安装docker和docker-compose [把docker源换掉，推荐阿里云的源]
+
+3、关闭防火墙和SELinux
+
+## 下载安装VulnRange
+
+```bash
+git clone https://github.com/wgpsec/VulnRange.git
+cd VulnRange
+pip install -e . -i https://pypi.tuna.tsinghua.edu.cn/simple/	#安装项目
+```
+
+# 功能介绍:memo:
+
+**启动**
+
+```bash
+#进入项目根目录下启动项目即可
+cd ~/VulnRange
+sh start.sh
+```
+
+## Web安全基础靶场
+
+![](README\image-20200921221721429.png)
+
+![](README\image-20200921221823193.png)
+
+集合了常见的Web安全漏洞，多数是直接拉取开源的靶场环境，比如DVWA、sqli-labs、upload-labs
+
+## 组件靶场分类
+
+以组件名称分类展示各个中间件和CMS的靶场环境
+
+![](README\image-20200921222204154.png)
+
+## 开启靶机
+
+点击 "启动靶机环境" 即可开启相关靶机。
+
+![](README\image-20200921222527813.png)
+
+等的时间过长的话可以切换到系统中看看环境构建进度
+
+![](README\image-20200921222651590.png)
+
+靶机环境构建完成后，点击链接即可访问
+
+![](README\image-20200921222813545.png)

Ranges/Activemq/CVE-2016-3088/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+ activemq:
+   image: vulhub/activemq:5.11.1-with-cron
+   container_name: CVE-2016-3088
+   ports:
+    - "61616:61616"
+    - "8161:8161"

Ranges/Activemq/activemq-5.11.1/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+ activemq:
+   image: vulhub/activemq:5.11.1
+   container_name: activemq-5.11.1
+   ports:
+    - "61616:61616"
+    - "8161:8161"

Ranges/Apache/Apache-Tomcat/CVE-2020-1938/Dockerfile

@@ -0,0 +1,2 @@
+From vulhub/tomcat:9.0.30
+EXPOSE 8009

Ranges/Apache/Apache-Tomcat/CVE-2020-1938/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+ tomcat:
+   build: .
+   container_name: CVE-2020-1938
+   ports:
+    - "8080"
+    - "8009:8009"

Ranges/Apache/Apache-Tomcat/tomcat8/context.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<Context antiResourceLocking="false" privileged="true" >
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="\d+\.\d+\.\d+\.\d+" />
+</Context>

Ranges/Apache/Apache-Tomcat/tomcat8/docker-compose.yml

@@ -0,0 +1,13 @@
+version: '3'
+services:
+ tomcat:
+   image: vulhub/tomcat:8.0
+   container_name: tomcat8
+   volumes:
+    - ./flag_is_here:/flag_is_here
+    - ./web.xml:/usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml
+    - ./tomcat-users.xml:/usr/local/tomcat/conf/tomcat-users.xml
+    - ./context.xml:/usr/local/tomcat/webapps/manager/META-INF/context.xml
+    - ./context.xml:/usr/local/tomcat/webapps/host-manager/META-INF/context.xml
+   ports:
+    - "8080"

Ranges/Apache/Apache-Tomcat/tomcat8/flag_is_here

@@ -0,0 +1 @@
+flag{f1ddd43a702df8b1da4ffd33baa01aae}

Ranges/Apache/Apache-Tomcat/tomcat8/tomcat-users.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+
+    <role rolename="manager-gui"/>
+    <role rolename="manager-script"/>
+    <role rolename="manager-jmx"/>
+    <role rolename="manager-status"/>
+    <role rolename="admin-gui"/>
+    <role rolename="admin-script"/>
+    <user username="tomcat" password="tomcat" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script" />
+    
+</tomcat-users>

Ranges/Apache/Apache-Tomcat/tomcat8/web.xml

@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+  version="3.1"
+  metadata-complete="true">
+
+  <display-name>Welcome to Tomcat</display-name>
+  <description>
+     Welcome to Tomcat
+  </description>
+  
+  <filter>
+  <filter-name>CorsFilter</filter-name>
+  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+  <init-param>
+    <param-name>cors.allowed.origins</param-name>
+    <param-value>*</param-value>
+  </init-param>
+  <init-param>
+    <param-name>cors.allowed.methods</param-name>
+    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
+  </init-param>
+  <init-param>
+    <param-name>cors.allowed.headers</param-name>
+    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+  </init-param>
+  <init-param>
+    <param-name>cors.exposed.headers</param-name>
+    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
+  </init-param>
+  <init-param>
+    <param-name>cors.support.credentials</param-name>
+    <param-value>true</param-value>
+  </init-param>
+  <init-param>
+    <param-name>cors.preflight.maxage</param-name>
+    <param-value>10</param-value>
+  </init-param>
+</filter>
+<filter-mapping>
+  <filter-name>CorsFilter</filter-name>
+  <url-pattern>/*</url-pattern>
+</filter-mapping>
+
+</web-app>

Ranges/Apache/Apache-httpd/CVE-2017-15715/Dockerfile

@@ -0,0 +1,7 @@
+FROM vulhub/php:5.5-apache
+
+LABEL maintainer="phithon <root@leavesongs.com>"
+
+COPY index.php /var/www/html/
+
+RUN chown www-data:www-data -R /var/www/html

Ranges/Apache/Apache-httpd/CVE-2017-15715/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ apache:
+   build: .
+   container_name: CVE-2017-15715
+   ports:
+    - "80"

Ranges/Apache/Apache-httpd/CVE-2017-15715/index.php

@@ -0,0 +1,33 @@
+<?php
+if(isset($_FILES['file'])) {
+    $name = basename($_POST['name']);
+    $ext = pathinfo($name,PATHINFO_EXTENSION);
+    if(in_array($ext, ['php', 'php3', 'php4', 'php5', 'phtml', 'pht'])) {
+        exit('bad file');
+    }
+    move_uploaded_file($_FILES['file']['tmp_name'], './' . $name);
+} else {
+
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+	<title>Upload</title>
+</head>
+<body>
+<form method="POST" enctype="multipart/form-data">
+	<p>
+		<label>file:<input type="file" name="file"></label>
+	</p>
+	<p>
+		<label>filename:<input type="text" name="name" value="evil.php"></label>
+	</p>
+	<input type="submit">
+</form>
+</body>
+</html>
+
+<?php
+}
+?>

Ranges/Apache/Apache-httpd/apache_parsing/conf/docker-php.conf

@@ -0,0 +1,9 @@
+AddHandler application/x-httpd-php .php
+
+DirectoryIndex disabled
+DirectoryIndex index.php index.html                                                                  
+
+<Directory /var/www/>
+    Options -Indexes
+    AllowOverride All
+</Directory>

Ranges/Apache/Apache-httpd/apache_parsing/docker-compose.yml

@@ -0,0 +1,12 @@
+version: '3'
+services:
+ apache:
+   image: php:apache
+   container_name: apache_parsing
+   volumes:
+    - ./www:/var/www/html
+    - ./conf/docker-php.conf:/etc/apache2/conf-enabled/docker-php.conf
+    - ./start.sh:/var/www/start.sh
+   command: /bin/sh /var/www/start.sh
+   ports:
+    - "80"

Ranges/Apache/Apache-httpd/apache_parsing/start.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+chmod 777 /var/www/html/uploadfiles
+apache2-foreground

Ranges/Apache/Apache-httpd/apache_parsing/www/flag.php

@@ -0,0 +1,3 @@
+<?php 
+	//FLAG is = flag{30c4d4a8f97c535aa1f60b3c04a7b1b4}
+ ?>

Ranges/Apache/Apache-httpd/apache_parsing/www/index.php

@@ -0,0 +1,25 @@
+<?php
+header("Access-Control-Allow-Origin: *");//设置允许跨域，用来判断题目环境是否开启
+if (!empty($_FILES)):
+
+$ext = pathinfo($_FILES['file_upload']['name'], PATHINFO_EXTENSION);
+if (!in_array($ext, ['gif', 'png', 'jpg', 'jpeg'])) {
+    die('不允许的文件类型.');
+}
+
+$new_name = 'uploadfiles/' . $_FILES['file_upload']['name'];
+if(!move_uploaded_file($_FILES['file_upload']['tmp_name'], $new_name)){
+    die('上传目录无写权限.');
+}
+
+die('上传成功，文件路径: ' . $new_name);
+
+else:
+?>
+<h2>本页面使用白名单过滤</h2>
+<form method="post" enctype="multipart/form-data">
+    请上传图片: <input type="file" name="file_upload">
+    <input type="submit">
+</form>
+<?php
+endif;

Ranges/Apache/Apache-httpd/apache_parsing/www/uploadfiles/apache.php.jpeg

@@ -0,0 +1,2 @@
+<?php
+phpinfo();

Ranges/Apereo-cas/apereo-cas-4.1.5/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+ web:
+   image: vulhub/apereo-cas:4.1.5
+   container_name: apereo-cas-4.1.5
+   ports:
+    - "8080:8080"

Ranges/Bash/shellshock/docker-compose.yml

@@ -0,0 +1,10 @@
+version: '2'
+services:
+ web:
+   image: vulhub/bash:4.3.0-with-httpd
+   container_name: shellshock
+   ports:
+    - "80"
+   volumes:
+    - ./safe.cgi:/var/www/html/safe.cgi
+    - ./victim.cgi:/var/www/html/victim.cgi

Ranges/Bash/shellshock/safe.cgi

@@ -0,0 +1,15 @@
+#!/bin/bash
+echo "Content-type: text/html"
+echo ""
+echo '<html>'
+echo '<head>'
+echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'
+echo '<title>Bash ShellShock</title>'
+echo '</head>'
+echo '<body>'
+echo '<p>'
+echo 'Hello world'
+echo '</p>'
+echo '</body>'
+echo '</html>'
+exit 0

Ranges/Bash/shellshock/victim.cgi

@@ -0,0 +1,15 @@
+#!/usr/local/bash-4.3.0/bin/bash
+echo "Content-type: text/html"
+echo ""
+echo '<html>'
+echo '<head>'
+echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'
+echo '<title>Bash ShellShock</title>'
+echo '</head>'
+echo '<body>'
+echo '<p>'
+echo 'Hello world'
+echo '</p>'
+echo '</body>'
+echo '</html>'
+exit 0

Ranges/Cgi/CVE-2016-5385/docker-compose.yml

@@ -0,0 +1,16 @@
+version: '2'
+services:
+ nginx:
+   image: nginx:1
+   container_name: CVE-2016-5385
+   volumes:
+    - ./www/index.php:/usr/share/nginx/html/index.php
+    - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
+   depends_on:
+    - php
+   ports:
+    - "80"
+ php:
+   image: vulhub/php:httpoxy
+   volumes: 
+    - ./www/index.php:/var/www/html/index.php

Ranges/Cgi/CVE-2016-5385/nginx/default.conf

@@ -0,0 +1,26 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	root /usr/share/nginx/html;
+
+	index index.html index.php;
+
+	server_name _;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+
+	location ~ [^/]\.php(/|$) {
+		fastcgi_index index.php;
+
+		include fastcgi_params;
+
+		fastcgi_param  REDIRECT_STATUS    200;
+		fastcgi_param  SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
+		fastcgi_param  DOCUMENT_ROOT /var/www/html;
+		fastcgi_pass php:9000;
+	}
+
+}

Ranges/Cgi/CVE-2016-5385/www/index.php

@@ -0,0 +1,20 @@
+<?php
+
+require __DIR__ . '/vendor/autoload.php';
+
+use GuzzleHttp\Client;
+
+header('Content-Type: application/json; charset=utf-8');
+
+$client = new Client([
+    // Base URI is used with relative requests
+    'base_uri' => 'http://httpbin.org',
+    // You can set any number of default request options.
+    'timeout'  => 2.0,
+]);
+
+$response = $client->get('http://httpbin.org/get');
+
+$body = $response->getBody();
+
+echo $body;

Ranges/Confluence/CVE-2019-3396/docker-compose.yml

@@ -0,0 +1,14 @@
+version: '2'
+services:
+  web:
+    image: vulhub/confluence:6.10.2
+    container_name: CVE-2019-3369
+    ports:
+      - "8090:8090"
+    depends_on:
+      - db
+  db:
+    image: postgres:10.7-alpine
+    environment: 
+    - POSTGRES_PASSWORD=postgres
+    - POSTGRES_DB=confluence

Ranges/Discuz/DiscuzX-3.4/docker-compose.yml

@@ -0,0 +1,15 @@
+version: '3'
+services:
+  discuz:
+    image: vulhub/discuz:x3.4
+    container_name: DiscuzX-3.4
+    depends_on:
+      - db
+    ports:
+      - "80"
+  db:
+    image: mariadb
+    restart: always
+    environment: 
+      MYSQL_ROOT_PASSWORD: root
+      MYSQL_DATABASE: ultrax

Ranges/Drupal/CVE-2018-7600/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: vulhub/drupal:8.5.0
+   container_name: CVE-2018-7600
+   ports:
+    - "80"

Ranges/Drupal/CVE-2018-7602/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: drupal:7.57
+   container_name: CVE-2018-7602
+   ports:
+    - "80"

Ranges/Drupal/CVE-2019-6339/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: drupal:8.5.0
+   container_name: CVE-2019-6339
+   ports:
+    - "80"

Ranges/Ecshop/ecshop-3.6.0/docker-compose.yml

@@ -0,0 +1,13 @@
+version: '2'
+services:
+ ecshop36:
+   image: vulhub/ecshop:3.6.0
+   container_name: ecshop-3.6.0
+   depends_on:
+    - mysql
+   ports:
+    - "80"
+ mysql:
+   image: mysql:5.5
+   environment: 
+    - MYSQL_ROOT_PASSWORD=root

Ranges/Fastjson/1.2.24-rce/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: vulhub/fastjson:1.2.24
+   container_name: 1.2.24-rce
+   ports:
+    - "8090"

Ranges/Fastjson/1.2.47-rce/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: vulhub/fastjson:1.2.45
+   container_name: 1.2.47-rce
+   ports:
+    - "8090"

Ranges/JBoss/CVE-2017-12149/docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+  jboss:
+    image: vulhub/jboss:as-6.1.0
+    container_name: CVE-2017-12149
+    ports:
+      - "9990:9990"
+      - "8080:8080"

Ranges/Jackson/CVE-2017-7525/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: vulhub/spring-with-jackson:2.8.8
+   container_name: CVE-2017-7525
+   ports:
+    - "8080"

Ranges/Jenkins/CVE-2017-1000353/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+  jenkins:
+    image: vulhub/jenkins:2.46.1
+    container_name: CVE-2017-1000353
+    init: true
+    ports:
+      - "50000:50000"
+      - "8080"

Ranges/Jenkins/CVE-2018-1000861/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+  jenkins:
+    image: vulhub/jenkins:2.138
+    container_name: CVE-2018-1000861
+    ports:
+      - "50000:50000"
+      - "8080"
+    init: true

Ranges/Joomla/CVE-2015-8562/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '3'
+services:
+ web:
+   image: vulhub/joomla:3.4.5
+   container_name: CVE-2015-8562
+   depends_on:
+    - mysql
+   environment: 
+    - JOOMLA_DB_HOST=mysql:3306
+    - JOOMLA_DB_USER=root
+    - JOOMLA_DB_PASSWORD=root
+    - JOOMLA_DB_NAME=joomla
+   ports:
+    - "80"
+ mysql:
+   image: mysql:5
+   environment: 
+    - MYSQL_ROOT_PASSWORD=root

Ranges/Joomla/CVE-2017-8917/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '3'
+services:
+ web:
+   image: vulhub/joomla:3.7.0
+   container_name: CVE-2017-8917
+   depends_on:
+    - mysql
+   environment: 
+    - JOOMLA_DB_HOST=mysql:3306
+    - JOOMLA_DB_USER=root
+    - JOOMLA_DB_PASSWORD=root
+    - JOOMLA_DB_NAME=joomla
+   ports:
+    - "80"
+ mysql:
+   image: mysql:5
+   environment: 
+    - MYSQL_ROOT_PASSWORD=root

Ranges/Nexus/CVE-2019-7238/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: vulhub/nexus:3.14.0
+   container_name: CVE-2019-7238
+   ports:
+    - "8081"

Ranges/Nexus/CVE-2020-10199/admin.password

@@ -0,0 +1 @@
+admin

Ranges/Nexus/CVE-2020-10199/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+ web:
+   image: vulhub/nexus:3.21.1
+   container_name: CVE-2020-10199
+   ports:
+    - "8081"
+   volumes: 
+    - ./admin.password:/nexus-data/admin.password

Ranges/Nexus/CVE-2020-10204/admin.password

@@ -0,0 +1 @@
+admin

Ranges/Nexus/CVE-2020-10204/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+ web:
+   image: vulhub/nexus:3.21.1
+   container_name: CVE-2020-10204
+   ports:
+    - "8081"
+   volumes: 
+    - ./admin.password:/nexus-data/admin.password

Ranges/Nginx/CVE-2013-4547/docker-compose.yml

@@ -0,0 +1,14 @@
+version: '3'
+services:
+ nginx:
+   image: vulhub/nginx:1.4.2
+   container_name: CVE-2013-4547
+   volumes:
+    - ./nginx.conf:/usr/local/nginx/conf/nginx.conf
+    - ./www:/usr/local/nginx/html
+   ports:
+    - "80"
+ php:
+   build: ./php-fpm/
+   volumes:
+    - ./www:/var/www/html

Ranges/Nginx/CVE-2013-4547/nginx.conf

@@ -0,0 +1,33 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    server {
+        listen       80;
+        server_name  localhost;
+        root   html;
+        index  index.php;
+
+        charset utf-8;
+
+        location ~ \.php$ {
+           root           html;
+           include        fastcgi_params;
+
+           fastcgi_pass   php:9000;
+           fastcgi_index  index.php;
+           fastcgi_param  SCRIPT_FILENAME  /var/www/html$fastcgi_script_name;
+           fastcgi_param  DOCUMENT_ROOT /var/www/html;
+        }
+    }
+}

Ranges/Nginx/CVE-2013-4547/php-fpm/Dockerfile

@@ -0,0 +1,18 @@
+FROM vulhub/php:5-fpm
+
+MAINTAINER phithon <root@leavesongs.com>
+
+RUN rm -rf /var/www/html/* \
+    && mkdir -p /var/www/html/uploadfiles \
+    && chmod 777 /var/www/html/uploadfiles \
+    && { \
+        echo "#\!/bin/bash"; \
+        echo "chmod 0777 /var/www/html/uploadfiles"; \
+        echo "/usr/local/sbin/php-fpm"; \
+        echo ; \
+    } | tee /start.sh \
+    && chmod +x /start.sh
+
+COPY www.conf /usr/local/etc/php-fpm.d/www-2.conf
+
+CMD ["/start.sh"]

Ranges/Nginx/CVE-2013-4547/php-fpm/www.conf

@@ -0,0 +1,3 @@
+[www]
+security.limit_extensions = 
+php_admin_flag[cgi.fix_pathinfo] = off

Ranges/Nginx/CVE-2013-4547/www/index.php

@@ -0,0 +1,33 @@
+<?php
+if (!empty($_FILES)):
+
+// Check for errors
+if($_FILES['file_upload']['error'] > 0){
+    die('An error ocurred when uploading.');
+}
+
+// Check filesize
+if(!is_uploaded_file($_FILES['file_upload']['tmp_name'])) {
+    die('File is not uploaded file');
+}
+
+$ext = pathinfo($_FILES['file_upload']['name'], PATHINFO_EXTENSION);
+if (empty($ext) || in_array($ext, ['php', 'php3', 'php5', 'phtml'])) {
+    die('Unsupported filetype uploaded.');
+}
+
+$new_name = __DIR__ . '/uploadfiles/' . $_FILES['file_upload']['name'];
+if(!move_uploaded_file($_FILES['file_upload']['tmp_name'], $new_name)){
+    die('Error uploading file - check destination is writeable.');
+}
+
+die('File uploaded successfully: ' . $new_name);
+
+else:
+?>
+<form method="post" enctype="multipart/form-data">
+    File: <input type="file" name="file_upload">
+    <input type="submit">
+</form>
+<?php
+endif;

Ranges/Nginx/dir-through/configuration/error1.conf

@@ -0,0 +1,13 @@
+server {
+	listen 8080;
+
+	root /usr/share/nginx/html;
+
+	index index.html;
+
+	server_name _;
+
+	location / {
+        return 302 https://$host$uri;
+    }
+}

Ranges/Nginx/dir-through/configuration/error2.conf

@@ -0,0 +1,15 @@
+server {
+	listen 8081;
+
+	root /usr/share/nginx/html;
+
+	index index.html;
+
+	server_name _;
+
+    autoindex on;
+
+	location /files {
+        alias /home/;
+    }
+}

Ranges/Nginx/dir-through/configuration/error3.conf

@@ -0,0 +1,23 @@
+server {
+	listen 8082;
+
+	root /usr/share/nginx/html;
+
+	index index.html;
+
+	server_name _;
+
+    autoindex on;
+
+    add_header Content-Security-Policy "default-src 'self'";
+    add_header X-Frame-Options DENY;
+
+	location = /test1 {
+		rewrite ^(.*)$ /xss.html break;
+	}
+
+    location = /test2 {
+        add_header X-Content-Type-Options nosniff;
+        rewrite ^(.*)$ /xss.html break;
+    }
+}

Ranges/Nginx/dir-through/docker-compose.yml

@@ -0,0 +1,11 @@
+version: '3'
+services:
+ nginx:
+   image: vulhub/nginx:1
+   container_name: dir-through
+   volumes:
+    - ./configuration:/etc/nginx/conf.d
+    - ./files/:/home/
+    - ./www/:/usr/share/nginx/html/
+   ports:
+    - "8081"

Ranges/Nginx/dir-through/files/help.txt

@@ -0,0 +1 @@
+This is a public file.

Ranges/Nginx/dir-through/www/index.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<link rel="stylesheet" href="static/app.css">
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>

Ranges/Nginx/dir-through/www/static/app.css

@@ -0,0 +1,5 @@
+body {
+    width: 35em;
+    margin: 0 auto;
+    font-family: Tahoma, Verdana, Arial, sans-serif;
+}

Ranges/Nginx/dir-through/www/static/app.js

@@ -0,0 +1,4 @@
+window.onload = function() {
+    var m = document.getElementById('m');
+    m.innerHTML = location.hash.substr(1);
+}

Ranges/Nginx/dir-through/www/xss.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>XSS Vulnerability</title>
+<script src="static/app.js"></script>
+</head>
+<body>
+<p id="m"></p>
+</body>
+</html>

Ranges/Nginx/nginx_parsing/docker-compose.yml

@@ -0,0 +1,19 @@
+version: '3'
+services:
+ nginx:
+   image: nginx:1
+   container_name: nginx_parsing
+   volumes:
+    - ./www:/usr/share/nginx/html
+    - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
+   depends_on:
+    - php
+   ports:
+    - "80"
+ php:
+   image: php:fpm
+   command: /bin/sh /var/www/start.sh
+   volumes:
+    - ./start.sh:/var/www/start.sh
+    - ./www:/var/www/html
+    - ./php-fpm/www-2.conf:/usr/local/etc/php-fpm.d/www-2.conf

Ranges/Nginx/nginx_parsing/nginx/default.conf

@@ -0,0 +1,25 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	root /usr/share/nginx/html;
+
+	index index.html index.php;
+
+	server_name _;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+	
+	location ~ \.php$ {
+		fastcgi_index index.php;
+
+		include fastcgi_params;
+
+		fastcgi_param  REDIRECT_STATUS    200;
+		fastcgi_param  SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
+		fastcgi_param  DOCUMENT_ROOT /var/www/html;
+		fastcgi_pass php:9000;
+	}
+}

Ranges/Nginx/nginx_parsing/php-fpm/www-2.conf

@@ -0,0 +1,2 @@
+[www]
+security.limit_extensions = 

Ranges/Nginx/nginx_parsing/start.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+chmod 777 /var/www/html/uploadfiles
+php-fpm

Ranges/Nginx/nginx_parsing/www/index.php

@@ -0,0 +1,49 @@
+<?php
+
+if (!empty($_FILES)):
+
+// Check for errors
+if($_FILES['file_upload']['error'] > 0){
+    die('An error ocurred when uploading.');
+}
+
+if(!getimagesize($_FILES['file_upload']['tmp_name'])){
+    die('Please ensure you are uploading an image.');
+}
+
+// Check filetype
+if(stripos($_FILES['file_upload']['type'], 'image/') !== 0){
+    die('Unsupported filetype uploaded.');
+}
+
+// Check filesize
+if($_FILES['file_upload']['size'] > 500000){
+    die('File uploaded exceeds maximum upload size.');
+}
+
+// Check filesize
+if(!is_uploaded_file($_FILES['file_upload']['tmp_name'])) {
+    die('File is not uploaded file');
+}
+
+$ext = pathinfo($_FILES['file_upload']['name'], PATHINFO_EXTENSION);
+if (!in_array($ext, ['gif', 'png', 'jpg', 'jpeg'])) {
+    die('Unsupported filetype uploaded.');
+}
+
+
+$new_name = __DIR__ . '/uploadfiles/' . md5($_FILES['file_upload']['name']) . ".{$ext}";
+if(!move_uploaded_file($_FILES['file_upload']['tmp_name'], $new_name)){
+    die('Error uploading file - check destination is writeable.');
+}
+
+die('File uploaded successfully: ' . $new_name);
+
+else:
+?>
+<form method="post" enctype="multipart/form-data">
+    File: <input type="file" name="file_upload">
+    <input type="submit">
+</form>
+<?php
+endif;

Ranges/OpenSSH/CVE-2018-15473/Dockerfile

@@ -0,0 +1,9 @@
+FROM vulhub/openssh:7.7
+
+LABEL maintainer="phithon <root@leavesongs.com>"
+
+RUN set -ex \
+    && adduser --home /home/vulhub --shell /bin/bash --disabled-password --gecos "" vulhub \
+    && echo "vulhub:vulhub" | chpasswd \
+    && adduser --home /home/example --shell /bin/bash --disabled-password --gecos "" example \
+    && echo "example:123456" | chpasswd

Ranges/OpenSSH/CVE-2018-15473/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+ sshd:
+   build: .
+   container_name: CVE-2018-15473
+   environment: 
+    - ROOT_PASSWORD=vulhub
+   ports:
+    - "22"

Ranges/OpenSSL/CVE-2014-0160/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+ nginx:
+   image: vulhub/nginx:heartbleed
+   container_name: CVE-2014-0160
+   volumes:
+    - ./www:/var/www/html
+   ports:
+    - "443:443"

Ranges/OpenSSL/CVE-2014-0160/www/index.html

@@ -0,0 +1,9 @@
+<html>
+    <head>
+        <meta charset="utf-8">
+        <title>Heartbleed Test</title>
+    </head>
+    <body>
+        <p>Heartbleed Test</p>
+    </body>
+</html>

Ranges/Phpmyadmin/CVE-2016-5734/config.inc.php

@@ -0,0 +1,29 @@
+<?php
+/*
+ * Generated configuration file
+ * Generated by: phpMyAdmin 4.6.2 setup script
+ * Date: Mon, 07 May 2018 10:48:03 +0000
+ */
+
+/* Servers configuration */
+$i = 0;
+
+/* Server: mysql [1] */
+$i++;
+$cfg['Servers'][$i]['verbose'] = 'mysql';
+$cfg['Servers'][$i]['host'] = 'mysql';
+$cfg['Servers'][$i]['port'] = 3306;
+$cfg['Servers'][$i]['socket'] = '';
+$cfg['Servers'][$i]['connect_type'] = 'tcp';
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+$cfg['Servers'][$i]['user'] = 'root';
+$cfg['Servers'][$i]['password'] = '';
+
+/* End of servers configuration */
+
+$cfg['blowfish_secret'] = '5af02eda401ae8.69737537';
+$cfg['DefaultLang'] = 'en';
+$cfg['ServerDefault'] = 1;
+$cfg['UploadDir'] = '';
+$cfg['SaveDir'] = '';
+?>

Ranges/Phpmyadmin/CVE-2016-5734/docker-compose.yml

@@ -0,0 +1,16 @@
+version: '3'
+services:
+ web:
+   image: vulhub/phpmyadmin:4.4.15.6
+   container_name: CVE-2016-5734
+   volumes:
+    - ./config.inc.php:/var/www/html/config.inc.php
+   ports:
+    - "80"
+   depends_on:
+    - mysql
+ mysql:
+   image: mysql:5.5
+   environment: 
+    - MYSQL_ROOT_PASSWORD=root
+    - MYSQL_DATABASE=test

Ranges/Redis/redis-4.0.14/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ redis:
+   image: vulhub/redis:4.0.14
+   container_name: redis-4.0.14
+   ports:
+    - "6379:6379"

Ranges/Rsync/rsync/Dockerfile

@@ -0,0 +1,15 @@
+FROM vulhub/rsync:3.1.2
+
+MAINTAINER phithon <root@leavesongs.com>
+
+ADD rsyncd.conf /etc/rsyncd.conf
+
+ADD docker-entrypoint.sh /docker-entrypoint.sh
+
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y cron \
+    && mkdir /data/ \
+    && chmod +x /docker-entrypoint.sh \
+    && rm -rf /var/lib/apt/lists/*
+
+CMD ["/docker-entrypoint.sh"]

Ranges/Rsync/rsync/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ rsync:
+   build: .
+   container_name: rsync
+   ports:
+    - "873:873"

Ranges/Rsync/rsync/docker-entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -ex
+
+service cron start 
+
+exec rsync --no-detach --daemon --config /etc/rsyncd.conf

Ranges/Rsync/rsync/rsyncd.conf

@@ -0,0 +1,12 @@
+uid = root
+gid = root
+use chroot = no
+max connections = 4
+syslog facility = local5
+pid file = /var/run/rsyncd.pid
+log file = /var/log/rsyncd.log
+
+[src]
+path = /
+comment = src path
+read only = no

Ranges/Spring/CVE-2016-4977/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ spring:
+   image: vulhub/spring-security-oauth2:2.0.8
+   container_name: CVE-2016-4977
+   ports:
+    - "8080"

Ranges/Spring/CVE-2017-4971/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ spring:
+   image: vulhub/spring-webflow:2.4.4
+   container_name: CVE-2017-4971
+   ports:
+    - "8080"

Ranges/Spring/CVE-2018-1270/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ spring:
+   image: vulhub/spring-messaging:5.0.4
+   container_name: CVE-2018-1270
+   ports:
+    - "8080"

Ranges/Spring/CVE-2018-1273/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ spring:
+   image: vulhub/spring-data-commons:2.0.5
+   container_name: CVE-2018-1273
+   ports:
+    - "8080"

Ranges/Struts2/s2-016/Dockerfile

@@ -0,0 +1,10 @@
+FROM vulhub/tomcat:8.5
+
+MAINTAINER phithon <root@leavesongs.com>
+
+RUN set -ex \
+    && rm -rf /usr/local/tomcat/webapps/* \
+    && chmod a+x /usr/local/tomcat/bin/*.sh
+
+ADD https://cdn.vulhub.org/struts2/s2-016/ROOT.war /usr/local/tomcat/webapps/ROOT.war
+EXPOSE 8080

Ranges/Struts2/s2-016/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ struts2:
+   build: .
+   container_name: s2-016
+   ports:
+    - "8080"

Ranges/Struts2/s2-045/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ struts2:
+   image: vulhub/struts2:2.3.30
+   container_name: s2-045
+   ports:
+    - "8080"

Ranges/Struts2/s2-046/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ struts2:
+   image: vulhub/struts2:2.3.30
+   container_name: s2-046
+   ports:
+    - "8080"

Ranges/Struts2/s2-059/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ struts2:
+   image: vulhub/struts2:2.5.16
+   container_name: s2-059
+   ports:
+    - "8080"

Ranges/Supervisor/CVE-2017-11610/Dockerfile

@@ -0,0 +1,17 @@
+FROM vulhub/python:2.7
+
+MAINTAINER phithon <root@leavesongs.com>
+
+COPY docker-entrypoint.sh /usr/local/bin/
+
+RUN pip install -U pip \
+    && pip install "supervisor==3.3.2" \
+    && echo_supervisord_conf | tee /usr/local/etc/supervisord.conf \
+    && { \
+        echo "[inet_http_server]"; \
+        echo "port=0.0.0.0:9001"; \
+        echo; \
+    } | tee -a /usr/local/etc/supervisord.conf \
+    && chmod +x /usr/local/bin/docker-entrypoint.sh
+
+CMD ["/usr/local/bin/docker-entrypoint.sh"]

Ranges/Supervisor/CVE-2017-11610/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   build: .
+   container_name: CVE-2017-11610
+   ports:
+    - "9001:9001"

Ranges/Supervisor/CVE-2017-11610/docker-entrypoint.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+supervisord --user nobody -c /usr/local/etc/supervisord.conf
+
+while true; do sleep 30; done;

Ranges/ThinkPHP/5-rce/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: vulhub/thinkphp:5.0.20
+   container_name: 5-rce
+   ports:
+    - "80"

Ranges/ThinkPHP/5.0.23-rce/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+ web:
+   image: vulhub/thinkphp:5.0.23
+   container_name: 5.0.23-rce
+   ports:
+    - "880"

Ranges/ThinkPHP/sqli/docker-compose.yml

@@ -0,0 +1,20 @@
+version: '3'
+services:
+ web:
+   image: vulhub/thinkphp:5.0.9
+   container_name: sqli
+   depends_on:
+    - mysql
+   ports:
+    - "80"
+   volumes:
+    - ./www/controller:/var/www/application/index/controller
+    - ./www/model:/var/www/application/index/model
+    - ./www/database.php:/var/www/application/database.php
+ mysql:
+   image: mysql:5.5
+   environment: 
+    - MYSQL_ROOT_PASSWORD=root
+    - MYSQL_DATABASE=cat
+   volumes:
+    - ./www/init.sql:/docker-entrypoint-initdb.d/init.sql

Ranges/ThinkPHP/sqli/www/controller/Index.php

@@ -0,0 +1,17 @@
+<?php
+namespace app\index\controller;
+
+use app\index\model\User;
+
+class Index
+{
+    public function index()
+    {
+        $ids = input('ids/a');
+        $t = new User();
+        $result = $t->where('id', 'in', $ids)->select();
+        foreach($result as $row) {
+            echo "<p>Hello, {$row['username']}</p>";
+        }
+    }
+}