The project aims is to automatize the creation process of docker-compose for an exploit present in ExploitDB. Currently are supported only exploit related to:
For WordPress and Joomla there is always the same configuration, that is user/password = test
, project title = test, email = test@test.test. So the tool takes care of the initialization of the
project and also the possible installation of the plugin, theme or component associated with it.
For MySQL the root password is simple root. The access for PhpMyAdmin is user: root pass: root.
See consideration section for more info for which exploit is capable of generating.
You need to have:
Run with the following command to build:
mvn package -DskipTests Now you can use the software present in target folder.
If you are interested in generating a configuration for one particular exploit, you only need the EdbID:
java -jar edb2docker.jar -id 12345 You can also generate multiple configurations at the same time:
java -jar edb2docker.jar -id 12345 6789 87652If the generation success, you can find it in exploits/{edbid}
where you just need to launch the command docker-compose up.
You can also generate a series of configurations based on different criteria (no one is mandatory):
java -jar edb2docker.jar -a -s 2020-01-01 -e 2020-12-31 -r true -t wordpressWhere:
-e,--end-date <yyyy-MM-dd> Date (included) before which the
exploit has been published
-r,--remove-config <true/false> If true remove the container after it
has been tested, with the volumes
associated to it. Default: false
-s,--start-date <yyyy-MM-dd> Date (included) after which the exploit
has been published
-t,--type-exploit <type> [REQUIRED] The exploit types:
wordpress, joomla or phpAt the end of this process, the program generates a CSV with the name result.csv with the result of all
configuration.
Please note that this command removes all docker networks (every 10 configurations) created to free space.
There are some considerations to do for the automation process.
Not for all exploits present in exploitDB is possible to create a configuration, only for those who meet the following requirements:
The situation for WordPress is better since there is an official cli and also an official SVN where plugins and themes are saved. The configuration can be generated only for the exploit that meets the following requirements:
For the PHP webapps, the automatization process is more complicated. Currently, are supported only the exploit that has:
In most cases, there is a DB dump that must import, so the system also automatically find it and import it. *Please note* the non-automatable step is to modify the php file to connect to the database*.
If you find this code useful in your research, please, consider citing our paper:
@inproceedings{Caturano2022,
doi = {10.1109/icecet55527.2022.9872859},
year = {2022},
month = jul,
publisher = {{IEEE}},
author = {Francesco Caturano and Nicola d{\textquotesingle}Ambrosio and Gaetano Perrone and Luigi Previdente and Simon Pietro Romano},
title = {{ExploitWP}2Docker: a Platform for Automating the Generation of Vulnerable {WordPress} Environments for Cyber Ranges},
booktitle = {2022 International Conference on Electrical, Computer and Energy Technologies ({ICECET})}
}