初始化: Web安全攻防知识库

- 靶场环境: DVWA/WebGoat/Pikachu/BWAPP/SQLi-Labs/XSS-Labs
- SQL注入工具: sqli-scanner.py, blind-sqli.py, sqli-exploit.go
- XSS工具: xss-fuzzer.py, xss-scanner.go
- 认证攻击: web-brute.py, jwt-cracker.py
- 服务端安全: port-scanner.py, tls-scanner.py
- 防御配置: nginx-hardening.conf
- 案例研究: 福建政采网安全评估报告 (13份)
- 同步脚本: sync-gitea.sh

00-environments/docker-compose.yml

@@ -0,0 +1,80 @@
+version: '3.8'
+
+services:
+  dvwa:
+    image: vulnerables/web-dvwa:latest
+    container_name: dvwa
+    ports:
+      - "8080:80"
+    environment:
+      - DB_SERVER=db
+      - DB_USER=dvwa
+      - DB_PASS=dvwa
+      - DB_NAME=dvwa
+    depends_on:
+      - dvwa-db
+    networks:
+      - vulnlab
+    restart: unless-stopped
+
+  dvwa-db:
+    image: mysql:5.7
+    container_name: dvwa-db
+    environment:
+      - MYSQL_ROOT_PASSWORD=root
+      - MYSQL_DATABASE=dvwa
+      - MYSQL_USER=dvwa
+      - MYSQL_PASSWORD=dvwa
+    networks:
+      - vulnlab
+    restart: unless-stopped
+
+  webgoat:
+    image: webgoat/webgoat:latest
+    container_name: webgoat
+    ports:
+      - "8081:8080"
+      - "9090:9090"
+    networks:
+      - vulnlab
+    restart: unless-stopped
+
+  pikachu:
+    image: area393/pikachu:latest
+    container_name: pikachu
+    ports:
+      - "8082:80"
+    networks:
+      - vulnlab
+    restart: unless-stopped
+
+  bwapp:
+    image: raesene/bwapp:latest
+    container_name: bwapp
+    ports:
+      - "8083:80"
+    networks:
+      - vulnlab
+    restart: unless-stopped
+
+  sqlilabs:
+    image: acgpiano/sqli-labs:latest
+    container_name: sqlilabs
+    ports:
+      - "8084:80"
+    networks:
+      - vulnlab
+    restart: unless-stopped
+
+  xss-labs:
+    image: c0ny1/xss-labs:latest
+    container_name: xss-labs
+    ports:
+      - "8085:80"
+    networks:
+      - vulnlab
+    restart: unless-stopped
+
+networks:
+  vulnlab:
+    driver: bridge