Vulnerable docker environment for learning to hack

Vulhub is an open-source collection of pre-built vulnerable docker environment for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.

Vulnerable docker environment for learning to hack

Vulnerable docker environment for learning to hack

Vulhub contains many frameworks, databases, applications, programming languages and more such as:

  • Drupal
  • ffmpeg
  • CouchDB
  • ActiveMQ
  • Glassfish
  • Joombla
  • JBoss
  • Kibana
  • Laravel
  • Rails
  • Python
  • Tomcat

And many, many more.

Install docker/docker-compose

Install the docker/docker-compose on Ubuntu 20.04:

# Install pip
curl -s | python3

# Install the latest version docker
curl -s | sh

# Run docker service
systemctl start docker

# Install docker compose
pip install docker-compose

The installation steps of docker and docker-compose for other operating systems might be slightly different, please refer to the docker documentation for details.

Pre-Built Vulnerable Docker Environments For Learning To Hack


# Download project
wget -O
cd vulhub-master

# Enter the directory of vulnerability/environment
cd flask/ssti

# Compile environment
docker-compose build

# Run environment
docker-compose up -d

There is a README document in each environment directory, please read this file for vulnerability/environment testing and usage.

After the test, delete the environment with the following command.

docker-compose down -v

It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.

All environments in this project are for testing purposes only and should not be used as a production environment!


  1. To prevent permission errors, it is best to use the root user to execute the docker and docker-compose commands.
  2. Some docker images do not support running on ARM machines.

More here.

Check Also

Whispers: A Powerful Static Code Analysis Tool for Credential Detection

“My little birds are everywhere, even in the North, they whisper to me the strangest …

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

If you’ve encountered an issue where Hashcat initially only recognizes your CPU and not the …

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.