I'd like to contribute a vulnerable machine. But what? - Githubissues

minispooner / red-team-playground

Docker network containing many vulnerable targets for practicing Red Teaming concepts (initial access, priv esc, persistence, lateral, C2, evasion, etc).

MIT License

83 stars 9 forks source link

I'd like to contribute a vulnerable machine. But what? #4

Open minispooner opened 1 year ago

minispooner commented 1 year ago

Here's a list of common software I see at companies. You can almost always find a vulnerable version to deploy to make it fun ;)

Jenkins
Github (internal server edition) or cgit
Spring Boot Actuator API
Swagger API
Karaf
Tomcat/Apache/nginx
phpmyadmin
OIDC/SAML
Dangling web resources (.env, .git dir, Dockerfile, other sensitive files left dangling on a web server...)
latest trending CVEs - https://cvetrends.com
routers, networking equipment
monitoring dashboards (grafana, etc)
ftp servers, mail servers

Friends, plz feel free to add