{"id":13840866,"url":"https://github.com/wgpsec/VulnRange","last_synced_at":"2025-07-11T09:33:48.592Z","repository":{"id":45227629,"uuid":"297354084","full_name":"wgpsec/VulnRange","owner":"wgpsec","description":"漏洞靶场-快速搭建Web安全漏洞和第三方组件漏洞环境，用于漏洞复现和研究","archived":true,"fork":false,"pushed_at":"2020-12-14T09:35:56.000Z","size":3746,"stargazers_count":313,"open_issues_count":4,"forks_count":61,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-08-05T17:26:00.984Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wgpsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-09-21T13:50:24.000Z","updated_at":"2024-07-11T11:44:07.000Z","dependencies_parsed_at":"2022-09-05T05:41:22.329Z","dependency_job_id":null,"html_url":"https://github.com/wgpsec/VulnRange","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wgpsec%2FVulnRange","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wgpsec%2FVulnRange/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wgpsec%2FVulnRange/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wgpsec%2FVulnRange/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wgpsec","download_url":"https://codeload.github.com/wgpsec/VulnRange/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225712788,"owners_count":17512489,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:00:58.552Z","updated_at":"2024-11-21T10:30:54.116Z","avatar_url":"https://github.com/wgpsec.png","language":"HTML","readme":"\u003e **VulnRange的定位是一个漏洞靶场，用于快速的启动漏洞环境，便于漏洞复现和研究**\n\n使用VulnRange可以快速的部署含有未修复漏洞的Shiro和S2等第三方组件的测试环境，方便复现漏洞。\n\n# 安装部署🚀\n\n## 注意事项\n\n\u003e 1. 项目需要放到 `~/`  当前用户目录下\n\u003e 2. ubuntu 需要将`start.sh`中的`~/`改为绝对路径，如`/home/ubuntu`\n\u003e 3. 关闭Linux防火墙后请重启docker\n\u003e 4. python使用python3.8以上版本\n\u003e 5. 不建议部署在VPS上，小心被人GetShell\n\n## 环境配置\n\n**以Centos为例**\n\n1、Centos安装python3.8和PIP\n\n```bash\n#安装python3.8\nyum -y install yum-utils\nyum-builddep python\ncurl -O https://www.python.org/ftp/python/3.8.0/Python-3.8.0.tgz\ntar xf Python-3.8.0.tgz\ncd Python-3.8.0\n./configure\nmake\nmake install\n\n#设置python3.8为默认版本\nvi /etc/profile.d/python.sh         #编辑用户自定义配置，输入alias参数\nalias python='/usr/local/bin/python3.8'　　#这里写你的python路径\nsource /etc/profile.d/python.sh     #重启会话使配置生效\n\n#安装pip\nwget https://bootstrap.pypa.io/get-pip.py\npython get-pip.py -i https://pypi.tuna.tsinghua.edu.cn/simple/\n```\n\n2、安装docker和docker-compose [把docker源换掉，推荐阿里云的源]\n\n```bash\n#安装docker\nyum install -y yum-utils\t# yum-config-manager需要用这个包\nyum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo\t#安装docker官方源\nyum makecache\nyum -y install docker-ce\nsystemctl start docker\n\n#安装docker-compose\npip install docker-compose -i https://pypi.mirrors.ustc.edu.cn/simple/\n```\n\n更换阿里源：[阿里云帮助手册](https://help.aliyun.com/document_detail/60750.html?spm=a2c4g.11186623.6.553.4851242foO76sC)，用淘宝账号登陆后获取一个独有的加速地址\n\n3、关闭防火墙和SELinux\n\n```bash\nfirewall-cmd --state\t\t\t\t#查看防火墙状态\nsystemctl stop firewall.service\t\t#停止防火墙\nsystemctl disable firewall.service\t#禁止开机启动\n\nvim /etc/selinux/config/  \n#修改为以下内容\nSELINUX=disabled\n\n#然后最好重启一下系统\n```\n\n## 下载安装VulnRange\n\n```bash\ngit clone https://github.com/wgpsec/VulnRange.git\ncd VulnRange\npip install -e . -i https://pypi.tuna.tsinghua.edu.cn/simple/\t#安装项目\npip install Flask\t#自动安装完启动项目Flask报错后，更新pip安装Flask\n```\n\n# 功能介绍:memo:\n\n**启动**\n\n```bash\n#进入项目根目录下启动项目即可\ncd ~/VulnRange\nsh start.sh\n```\n\n## Web安全基础靶场\n\n![](README/image-20200921221721429.png)\n\n![](README/image-20200921221823193.png)\n\n集合了常见的Web安全漏洞，多数是直接拉取开源的靶场环境，比如DVWA、sqli-labs、upload-labs\n\n## 组件靶场分类\n\n以组件名称分类展示各个中间件和CMS的靶场环境\n\n![](README/image-20200921222204154.png)\n\n## 开启靶机\n\n点击 \"启动靶机环境\" 即可开启相关靶机。\n\n![](README/image-20200921222527813.png)\n\n等的时间过长的话可以切换到系统中看看环境构建进度\n\n![](README/image-20200921222651590.png)\n\n靶机环境构建完成后，点击链接即可访问\n\n![](README/image-20200921222813545.png)\n","funding_links":[],"categories":["HTML","HTML (177)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwgpsec%2FVulnRange","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwgpsec%2FVulnRange","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwgpsec%2FVulnRange/lists"}