Guide for adding new vulnerability reproduction environments to the Vulhub project. Use this skill whenever the user wants to add a new CVE environment, create a vulnerability Docker lab, contribute a new vulnerability to vulhub, write vulnerability documentation for vulhub, or create docker-compose.yml / Dockerfile / README for a vulnerability environment. Also trigger when the user mentions a specific CVE they want to add, asks about vulhub contribution workflow, or wants to set up a reproducible exploit environment.
Vulhub is an open-source collection of pre-built vulnerable Docker environments for security education. Each environment lets users reproduce a real-world vulnerability by running docker compose up -d.
This skill guides you through creating a complete environment from scratch.
Before starting, verify the vulnerability meets these criteria:
environments.tomlEvery new environment requires these files:
base/<software>/<version>/Dockerfile # Only if this version doesn't exist
<software>/<CVE-ID>/docker-compose.yml # Required
<software>/<CVE-ID>/README.md # Required (English)
<software>/<CVE-ID>/README.zh-cn.md # Required (Chinese)
<software>/<CVE-ID>/1.png, 2.png, ... # Screenshots
environments.toml # Add entry
If the vulnerability is not a CVE, the directory name should be lowercase vulnerability name and the CVE-ID should be replaced with the directory name.
| Item | Rule | Example |
|---|---|---|
| Software directory | lowercase | grafana, apache-cxf |
| CVE directory | UPPERCASE | CVE-2024-9264 |
| Non-CVE directory | lowercase | admin-ssrf, weak_password |
| File extensions | lowercase | .yml, .md, .png |
| Compose file | must be .yml | docker-compose.yml (NOT .yaml) |
| Branch name | lowercase | add-grafana-cve-2024-9264 |
Gather this information before writing any files:
Check if base/<software>/<version>/ already exists. If it does, skip this step.
If creating a new base image:
FROM <official-upstream-image>:<version>
LABEL maintainer="phithon <[email protected]>"
RUN set -ex \
&& apt-get update \
&& apt-get install -y --no-install-recommends <packages> \
&& <install vulnerability dependencies> \
&& apt-get purge -y <build-only-packages> \
&& apt-get autoremove -y \
&& rm -rf /var/lib/apt/lists/*
Guidelines:
rm -rf /var/lib/apt/lists/*)-alpine variants when availablehadolint linting (the CI runs this automatically)Keep it minimal. Reference pre-built images from the vulhub/ Docker Hub namespace: