docker-vulnerability-environment

这个项目是为了使用 docker 部署 Web 漏洞测试环境, 可随时创建随时删除。 当前项目包括: bWAPP、DVWA、OWASP Broken Web Applications Project等多个漏洞测试环境。

环境列表

• bWAPP
• xssed
• DVWA
• WebGoat
• DVWA-WooYun-edition
• DSVW
• WAVSEP
• OWASP Security Shepherd
• OWASP Broken Web Applications Project(未完成)
• xvwa(未完成) https://github.com/s4n7h0/xvwa

Docker for Penetration Testing

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan
• docker pull pandrew/metasploit - docker-metasploit
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
• docker pull diogomonica/docker-bench-security - Docker Bench for Security
• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
• docker-compose build && docker-compose up - OWASP NodeGoat
• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application
• docker pull bkimminich/juice-shop - OWASP Juice Shop
• docker pull kalilinux/kali-linux-docker - Kali Linux Docker Image

Docker 镜像源

• https://dev.aliyun.com/
• index.docker.io/library/ubuntu

参考链接

• https://github.com/enaqx/awesome-pentest
• https://github.com/secfigo/Awesome-Fuzzing
• https://github.com/Hack-with-Github/Awesome-Hacking
• https://github.com/re-pronin/Awesome-Vulnerability-Research
• https://github.com/b-mueller/android_app_security_checklist
• https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset
• https://github.com/shieldfy/API-Security-Checklist
• https://github.com/Microsoft/MSRC-Security-Research
• https://github.com/advanced-threat-research/firmware-security-training
• https://github.com/FallibleInc/security-guide-for-developers
• https://github.com/paralax/awesome-honeypots
• https://github.com/jaredthecoder/awesome-vehicle-security
• https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
• https://github.com/secretsquirrel/the-backdoor-factory
• https://github.com/enaqx/awesome-pentest
• https://github.com/danielmiessler/SecLists
• https://github.com/nixawk/pentest-wiki
• https://github.com/rshipp/awesome-malware-analysis
• https://github.com/google/oss-fuzz
• https://www.vulnhub.com
• https://pentesterlab.com/