Skip to content

timastras9/vuln-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
services
services
 
 
vuln-lab-image
vuln-lab-image
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
podman-compose.yml
podman-compose.yml
 
 
seed-databases.sh
seed-databases.sh
 
 

Repository files navigation

Vulnerable Lab Environment

A comprehensive vulnerable lab environment for penetration testing practice and security tool development. This lab contains 30+ intentionally vulnerable services designed for testing PentestAI and learning offensive security techniques.

Quick Start

# Start the lab
docker-compose up -d

# Seed databases with vulnerable data
./seed-databases.sh

# Verify services are running
docker ps | grep lab-

Services Included

Service Port Vulnerabilities
MySQL 3306 Default credentials, SQL injection
PostgreSQL 5432 Weak auth, exposed data
Redis 6379 No authentication
MongoDB 27017 No auth, exposed data
SSH 2222 Weak credentials
FTP 21 Anonymous login
WordPress 8080 Outdated plugins, SQLi
Jenkins 8081 Default admin, RCE
Tomcat 8084 Manager default creds
Nginx 80/443 Misconfigurations
Docker Registry 5000 No authentication
Elasticsearch 9200 No auth
gRPC 50051 No auth
JSON-RPC 8087 No auth
XML-RPC 8088 XXE vulnerability
Backdoor 4444/31337 Intentional backdoor
Netcat Shell 9999 Open shell

Resetting the Lab

The lab may become "fixed" after running security remediation tools. To reset:

Using Claude Code (Recommended)

claude
# Then in Claude Code:
> Reset the vuln-lab to its original vulnerable state by rebuilding all containers

Or with a single command:

claude --prompt "Reset the vuln-lab: docker-compose down -v && docker-compose build --no-cache && docker-compose up -d && ./seed-databases.sh"

Manual Reset

# Full reset with volume cleanup
docker-compose down -v
docker-compose build --no-cache
docker-compose up -d
./seed-databases.sh

Partial Reset (Single Service)

# Reset just MySQL
docker-compose stop mysql
docker-compose rm -f mysql
docker volume rm lab_mysql_data
docker-compose up -d mysql

Testing with PentestAI

# Clone PentestAI
git clone https://github.com/timastras9/pentestai
cd pentestai

# Build and run
go build -o pentestai ./cmd/main.go
./pentestai

# Run autonomous scan against the lab
pentestai> autopwn 127.0.0.1 --max-actions 100

Directory Structure

vuln-lab/
├── docker-compose.yml      # Main orchestration file
├── podman-compose.yml      # Podman alternative
├── seed-databases.sh       # Database seeding script
├── services/               # Custom vulnerable services
│   ├── https-api/          # HTTPS API with vulns
│   ├── grpc/               # gRPC service
│   ├── jsonrpc/            # JSON-RPC service
│   ├── xmlrpc/             # XML-RPC with XXE
│   └── ...
└── vuln-lab-image/         # Additional vulnerable images

Requirements

  • Docker 20.10+
  • Docker Compose 2.0+
  • 8GB+ RAM recommended
  • 20GB+ disk space

Warning

This lab contains intentionally vulnerable services. DO NOT expose to the internet or use in production environments.

License

MIT License - See LICENSE for details.

Credits

Created by The Intel Report for use with PentestAI.

About

Vulnerable lab environment for PentestAI - 30+ intentionally vulnerable services for penetration testing practice

Topics

training security pentesting vulnerable-by-design

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages