Vulhub is an open-source collection of pre-built, ready-to-use vulnerable Docker environments. With just one command you can launch a vulnerable environment for security research, learning, or demonstration, no prior Docker experience required.
Quick Start
Install Docker (example for Ubuntu 24.04):
# Install the latest version docker
curl -s https://get.docker.com/ | sh
# Run docker service
systemctl start docker
For other operating systems, see the Docker documentation.
Although all Vulhub environments are running based on Docker Compose, you no longer need to install docker-compose separately. Instead, you can use the built-in docker compose command to start Vulhub environments.
Download and set up Vulhub:
git clone --depth 1 https://github.com/vulhub/vulhub
Launch a vulnerable environment:
cd vulhub/langflow/CVE-2025-3248 # Example: enter a vulnerability directory
docker compose up -d
Each environment directory contains a detailed README with reproduction steps and usage instructions.
Clean up after testing:
docker compose down -v
[!NOTE]
- Use a VPS or VM with at least 1GB RAM for best results
- The
your-ipin documentation refers to your host/VPS IP, not the Docker container IP- Ensure Docker has permission to access all files in the current directory to avoid permission errors
- Some environments may not support ARM architectures, see Troubleshooting for details
- All environments are for testing and educational purposes only. Do not use in production!
Troubleshooting
Docker image pull fails in mainland China
Docker Hub may be inaccessible from mainland China. Use a registry mirror or run Vulhub on an overseas VPS.
Environments fail to start on Apple Silicon (M-series) Macs
Most Vulhub environments run natively on Docker Desktop for Mac with M-series chips. If an environment fails, try setting the platform explicitly:
export DOCKER_DEFAULT_PLATFORM=linux/amd64
docker compose up -d
Environments fail on Kali Linux
Some environments may fail on Kali Linux due to a low ulimit nofile setting. See the FAQ for the fix.
If you encounter issues that you cannot resolve, feel free to seek help from the community:
Contributing
We welcome contributions! Please read our Contributing Guide to get started.
Thanks to all contributors:
Partners
Our partners and users:
Sponsor Vulhub on GitHub Sponsor, OpenCollective, or Patreon 🙏
More ways to donate.
License
Vulhub is licensed under the MIT License. See LICENSE for details.