Hullu is a custom-built lightweight offensive security training VM based on Alpine Linux. It's intended for educational use, penetration testing practice, and Capture The Flag (CTF)-style scenarios in isolated virtual lab environments.

Pre-installed Tools and Services:
+ Web Stack:
- Python3 + Flask
- Apache2 with HTTPS
- PHP + MySQL (MariaDB)
- phpMyAdmin
- FlaskVA (Python-based vulnerable app)
- DVWA (PHP-based vulnerable app) https://github.com/digininja/DVWA
+ Protocols Simulated:
- HTTP / HTTPS
- SSH / SFTP
- SMB (under constructions)
- DNS (under constructions)
- FTP / FTPS (under constructions)

+ In FlaskVA (Python-based):
- SQL Injection
- Command Injection
- File Upload (with SUID exploit vector)
- XSS
- SSRF
- IDOR
This is the first version of Hullu, the future versions will include more FlaskVA detailed vulnerabilities and suitable documentations.
Please contact me if you have any questions or suggestions.
Regards,
Kaled Aljebur.

Project Activity

See All Activity >

Follow Hullu Vulnerable System

Hullu Vulnerable System Web Site

Other Useful Business Software
Our Free Plans just got better! | Auth0 Icon
Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of Hullu Vulnerable System!

Additional Project Details

Registered

4 days ago
Report inappropriate content