Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/HXSecurity/vulhub-compose
vulhub-compose是一款屏蔽docker-compose的命令行工具,目的是降低火线平台社区用户使用vulhub靶场的难度,减少学习docker-compose的时间成本;同时,支持直接安装洞态IAST(原灵芝IAST)到vulhub靶场,用于漏洞复现、漏洞挖掘。
https://github.com/HXSecurity/vulhub-compose
Last synced: 21 days ago
JSON representation
vulhub-compose是一款屏蔽docker-compose的命令行工具,目的是降低火线平台社区用户使用vulhub靶场的难度,减少学习docker-compose的时间成本;同时,支持直接安装洞态IAST(原灵芝IAST)到vulhub靶场,用于漏洞复现、漏洞挖掘。
- Host: GitHub
- URL: https://github.com/HXSecurity/vulhub-compose
- Owner: HXSecurity
- License: mit
- Created: 2021-03-16T07:19:01.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-04-10T02:43:45.000Z (over 3 years ago)
- Last Synced: 2024-11-20T03:13:00.899Z (22 days ago)
- Language: Python
- Size: 31.3 KB
- Stars: 45
- Watchers: 4
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - HXSecurity/vulhub-compose - vulhub-compose是一款屏蔽docker-compose的命令行工具,目的是降低火线平台社区用户使用vulhub靶场的难度,减少学习docker-compose的时间成本;同时,支持直接安装洞态IAST(原灵芝IAST)到vulhub靶场,用于漏洞复现、漏洞挖掘。 (Python)
README
# vulhub-compose
[](https://github.com/huoxianclub/vulhub-compose/blob/main/LICENSE)
[](https://github.com/huoxianclub/vulhub-compose/actions/workflows/python-publish.yml)
`vulhub-cli` is a command line tool of the vulhub project, which makes the operation of `docker-compose` transparent and reduces the difficulty of using the vulhub shooting range. Vulhub-cli supports local mode and remote mode. The remote mode can directly start the related shooting range without downloading the complete vulhub project, which is more convenient to use.
[中文文档](https://github.com/huoxianclub/vulhub-compose/blob/main/README.zh-ch.md)
## Quick start
If you want to download the vulhub project or have already downloaded the vulhub project, you can directly use the local mode; if you don’t want to download, you can use the remote mode
#### download vulhub-cli
```shell script
$ pip install vulhub-cli
```
#### local mode
```shell script
# Specify relative path
$ vulhub-cli local start --app fastjson/1.2.24-rce
$ vulhub-cli local start --app ./fastjson/1.2.24-rce
# Specify absolute path
$ vulhub-cli local start --app /opt/vulhub/fastjson/1.2.24-rce
# Stop environment use vulhub-cli
$ vulhub-cli local stop --app fastjson/1.2.24-rce
# Stop environment with agent use vulhub-cli
$ vulhub-cli local stop --app fastjson/1.2.24-rce
```
#### remote mode
```shell script
# Specify vulhub app's name, eg: fastjson/1.2.24-rce
$ vulhub-cli remote start --app fastjson/1.2.24-rce
# Stop environment with agent use vulhub-cli
$ vulhub-cli remote stop --app fastjson/1.2.24-rce
```
## Plugin System
`vulhub-cli` provides plug-in functions, which can support custom plug-ins to achieve specific functions.
### Plugin: dongtai
Lingzhi IAST is an interactive application security testing tool independently developed by [FireWire platform](https://www.huoxian.cn/) to detect vulnerabilities in application systems; dongtai IAST supports the detection of some 0 Day vulnerabilities. Now, you can use the vulhub-cli tool to quickly create a shooting range and install dongtai IAST to experience the vulnerability detection function.
#### Usage
The startup method is the same as the normal startup method, just add the `plugin` parameter to specify the use of the `dongtai` plugin.
```shell script
# Start the vulhub's app with public Lingzhi IAST agent
$ vulhub-cli remote start --app fastjson/1.2.24-rce --plugin dongtai
# Start the vulhub's app with your own Lingzhi IAST agent
$ vulhub-cli remote start --app fastjson/1.2.24-rce --plugin dongtai --plugin-args "token="
# Stop the vulhub's app with Lingzhi IAST
$ vulhub-cli remote stop --app fastjson/1.2.24-rce --plugin dongtai
```