A command-line tool for managing Vulhub vulnerability environments. Start, stop, and manage security lab environments without learning Docker Compose commands or downloading the complete Vulhub repository.
Warning This project is currently in experimental stage and has not been officially released. The command-line interface, configuration file format, and other aspects may still change in future versions. Please be aware of potential breaking changes when using or upgrading this tool.
- Easy Environment Management - Start vulnerability labs with a single command
- Smart Search - Find environments by CVE number, application name, or fuzzy matching
- Automatic Downloads - Environments are downloaded on-demand from GitHub
- GitHub Authentication - Built-in OAuth flow to avoid API rate limits
- Cross-Platform - Works on Windows, macOS, and Linux
git clone https://github.com/vulhub/vulhub-cli.git
cd vulhub-cli
go build -o vulhub ./cmd/vulhub# Linux/macOS
sudo mv vulhub /usr/local/bin/
# Windows (PowerShell as Administrator)
Move-Item vulhub.exe C:\Windows\System32\# Initialize vulhub-cli (downloads environment list)
vulhub init
# Check system environment (Docker, network, etc.)
vulhub doctor
# Search for environments
vulhub search log4j
# Start an environment
vulhub start CVE-2021-44228
# Check environment status
vulhub status
# Stop an environment
vulhub stop CVE-2021-44228
# Completely remove an environment
vulhub clean CVE-2021-44228| Command | Description |
|---|---|
init |
Initialize configuration and download environment list |
syncup |
Update environment list from GitHub |
start |
Start a vulnerability environment |
stop |
Stop a running environment |
restart |
Restart an environment |
clean |
Completely remove an environment |
status |
Show status of downloaded environments (aliases: ls, list) |
list-available |
List all available environments |
search |
Search for environments |
info |
Show environment details |
github-auth |
Authenticate with GitHub |
doctor |
Check system environment and diagnose potential issues |
For detailed command documentation, see the docs directory.
Commands that accept a [keyword] argument support multiple matching modes:
- Exact CVE:
CVE-2021-44228 - Exact Path:
log4j/CVE-2021-44228 - Fuzzy Match:
log4j,struts,spring
When multiple environments match, you'll be prompted to select one interactively.
GitHub API has rate limits (60 requests/hour for unauthenticated users). If you hit rate limits, the CLI will automatically prompt you to authenticate:
# Or authenticate proactively
vulhub github-authThis increases the limit to 5,000 requests/hour.
Configuration is stored in ~/.vulhub/:
~/.vulhub/
├── config.toml # Main configuration
├── environments.toml # Cached environment list
└── environments/ # Downloaded environment files
Contributions are welcome! Please feel free to submit issues and pull requests.
This project is licensed under the MIT License - see the LICENSE file for details.
- Vulhub - Pre-built vulnerable docker environments