Pikachu由国内大佬@hanlu开发GITHUB地址,其中包含的漏洞种类与体验感完全不亚于DVWA,并且与DVWA配置环境都兼容,所以两者同时练习亦可。
包含漏洞:暴力破解,命令注入,CSRF,越权漏洞,任意URL跳转,XXE,敏感信息泄露,文件包含,文件上传,验证码缺陷漏洞,SQL注入,XSS等。
具体安装步骤如下:
第一步:查找想要的镜像 docker search pikachu
docker search pikachu
docker search pikachu
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
area39/pikachu https://github.com/zhuifengshaonianhanlu/pik… 7
vulfocus/pikachu 1
pikachust8811/iii_snort 0
pikachuchu/pythonwebapp_app 0
pikachuchu/pythonwebapp_db 0
hirune924/pikachu https://github.com/hirune924/pikachu/blob/ma… 0
pikachuchu/pythonwebapp_lb 0
pikachust8811/python36-module 0
cyruswireless/pikachufront 0
pikachust8811/kong 0
pikachust8811/tomcat-web 0
pikachust8811/soc 0
amanpunj123/pikachu-datapuller 0
cyruswireless/pikachu 0
pikachust8811/iii_fluentd 0
pikachuhan/pikachu-ci 0
amanpunj123/pikachu-datapuller-1 0
santhoshkudva/pikachu-datapuller 0
pikachuhy/node_pm2 0
amanpunj123/pikachu-server 0
cyruswireless/pikachulegacyback 0
pikachust8811/python36 0
pikachu89/tali-poc 0
pikachuking/lara-docker-dev 0
0x06065a/pikachu-server 0
第二步:选择镜像area39/pikachu进行下载
docker pull area39/pikachu
docker pull area39/pikachu
Using default tag: latest
latest: Pulling from area39/pikachu
c64513b74145: Pulling fs layer
01b8b12bad90: Pull complete
c5d85cf7a05f: Pull complete
b6b268720157: Pull complete
e12192999ff1: Pull complete
d39ece66b667: Pull complete
65599be66378: Pull complete
c75fcebdae6f: Pull complete
87b4f02da429: Pull complete
3842c680efa8: Pull complete
...
第三步:启动运行docker
映射web访问端口为9002,mysql数据库端口映射为23306
docker run --name dvwa -d -p 9002:80 -p 23306:3306 area39/pikachu
第四步:访问pikachu,进行系统初始化
安装:点击链接 [提示:欢迎使用,pikachu还没有初始化,点击进行初始化安装!]
点击 安装/初始化,进行数据库初始化
