Giter VIP home page Giter VIP logo

szliuyujie / app-env-docker Goto Github PK

View Code? Open in Web Editor NEW

This project forked from baidu-security/app-env-docker

0.0 1.0 0.0 126.71 MB

基于 Docker 的真实应用测试环境

Home Page: https://rasp.baidu.com

License: Apache License 2.0

Shell 0.95% PHP 2.51% Makefile 0.79% Vim Script 0.02% Groovy 0.01% Python 0.20% Java 0.06% HTML 0.03% Go 40.92% CSS 0.01% JavaScript 0.03% Assembly 0.02% Dockerfile 1.11% Hack 0.01% TSQL 53.36%

app-env-docker's Introduction

app-env-docker

基于 Docker 的真实应用测试环境。我们构建这个仓库是为了验证防护效果,并补充到 CVE 漏洞覆盖说明 里。和网上已有的 vulhubvulapps 相比,我们不同之处在于:

  1. 下载的资源存储在 https://packages.baidu.com/app/,国内下载快
  2. 完全基于 Dockerfile,执行 make 启动环境,可定制化强但是首次安装慢
  3. 专注 Web 漏洞,覆盖漏洞更多;可用于扫描器开发或者 OpenRASP 漏洞测试
  4. 使用改造过的 socks5 代理自动转发请求,比修改DNS方式安全

其他说明文档

使用方法

构建,并启动指定应用,e.g

make -C src/zzcms/8.2

启动后,会直接进入一个 bash shell,可以使用 curl 测试应用是否正常,e.g

[ubuntu-server: /share/docker]
# make -C src/seacms/6.45/
make: Entering directory '/share/docker/src/seacms/6.45'
docker build -t openrasp/seacms:6.45 .
Sending build context to Docker daemon 23.04 kB
Step 1/14 : FROM openrasp/php5.4
 ---> 0c8fc9d4a64a

-- 精简掉的内容 --

Step 14/14 : RUN chown mysql -R /var/lib/mysql
 ---> Running in 586aa2f25f15
 ---> 2bc8468709c0
Removing intermediate container 586aa2f25f15
Successfully built 2bc8468709c0
docker run --rm -it openrasp/seacms:6.45
[-] Starting Apache
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[-] Starting MariaDB
[-] Waiting for MySQL to start ...
[-] Accessing 127.0.0.1 for the first time
[-] Dropping shell
 -  HostName:    f615004ffa66
 -  IP address:  172.17.0.2

[OpenRASP] root@f615004ffa66:/var/www/html #

自动化代理方案

方案1 - nginx proxy_pass 方式

需要设置转发IP,适合每次只运行一个镜像的场景

server {
    listen 81;
    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://172.17.0.2;
    }
}

方案2 - PAC + xip.io 自动化代理方案

具体请参考 socks5/readme.md

界面截屏如下

screen

app-env-docker's People

Contributors

caledoniaproject avatar explorer1092 avatar yinhuochong avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.