<a href="https://vulhub.org" target="_blank"><img src=".github/assets/banner.png" alt="Vulhub" height="auto" /></a> <a href="https://discord.gg/bQCpZEK" target="_blank"><img src="https://img.shields.io/discord/485505185167179778.svg" alt="Chat on Discord"></a> <a href="https://github.com/sponsors/phith0n" target="_blank"><img src="https://img.shields.io/github/sponsors/phith0n?color=aqua" alt="GitHub Sponsors"></a> <a href="https://vulhub.org/environments" target="_blank"><img alt="Vulnerabilities count" src="https://img.shields.io/badge/dynamic/json?url=https://vulhub.org/api/statistic&query=%24.environments&label=vulnerabilities"></a> <img alt="GitHub language count" src="https://img.shields.io/github/languages/count/vulhub/vulhub?color=yellow"> <a href="https://github.com/vulhub/vulhub/graphs/contributors" target="_blank"><img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/vulhub/vulhub?color=orange"></a> <a href="https://github.com/vulhub/vulhub/blob/master/LICENSE" target="_blank"><img src="https://img.shields.io/github/license/vulhub/vulhub.svg" alt="GitHub"></a>

Vulhub is an open-source collection of pre-built, ready-to-use vulnerable Docker environments. With just one command you can launch a vulnerable environment for security research, learning, or demonstration, no prior Docker experience required.

中文版本(Chinese version)

Quick Start

Install Docker (example for Ubuntu 24.04):

# Install the latest version docker
curl -s https://get.docker.com/ | sh

# Run docker service
systemctl start docker

For other operating systems, see the Docker documentation.

Although all Vulhub environments are running based on Docker Compose, you no longer need to install docker-compose separately. Instead, you can use the built-in docker compose command to start Vulhub environments.

Download and set up Vulhub:

git clone --depth 1 https://github.com/vulhub/vulhub

Launch a vulnerable environment:

cd vulhub/langflow/CVE-2025-3248  # Example: enter a vulnerability directory
docker compose up -d

Each environment directory contains a detailed README with reproduction steps and usage instructions.

Clean up after testing:

docker compose down -v

[!NOTE]

Use a VPS or VM with at least 1GB RAM for best results

The your-ip in documentation refers to your host/VPS IP, not the Docker container IP

Ensure Docker has permission to access all files in the current directory to avoid permission errors

Some environments may not support ARM architectures, see Troubleshooting for details

All environments are for testing and educational purposes only. Do not use in production!

Troubleshooting

Docker image pull fails in mainland China

Docker Hub may be inaccessible from mainland China. Use a registry mirror or run Vulhub on an overseas VPS.

Environments fail to start on Apple Silicon (M-series) Macs

Most Vulhub environments run natively on Docker Desktop for Mac with M-series chips. If an environment fails, try setting the platform explicitly:

export DOCKER_DEFAULT_PLATFORM=linux/amd64
docker compose up -d

Environments fail on Kali Linux

Some environments may fail on Kali Linux due to a low ulimit nofile setting. See the FAQ for the fix.

If you encounter issues that you cannot resolve, feel free to seek help from the community:

Contributing

We welcome contributions! Please read our Contributing Guide to get started.

Thanks to all contributors:

Partners

Our partners and users:

Sponsor Vulhub on GitHub Sponsor, OpenCollective, or Patreon 🙏

More ways to donate.

License

Vulhub is licensed under the MIT License. See LICENSE for details.

Vulhub

Install / Use

README

Quick Start

Troubleshooting

Contributing

Partners

License