Skip to content

Template Structure

Jump to bottom
Omar Kurt edited this page Nov 20, 2025 · 4 revisions

This page explains the Vulnerable Target template structure and provides an example index.yaml format.

πŸ“ Directory Structure

templates/
β”œβ”€β”€ web-dvwa/
β”‚   β”œβ”€β”€ index.yaml           # Template metadata (required)
β”‚   └── docker-compose.yaml  # Container definitions (optional)
└── juice-shop/
    β”œβ”€β”€ index.yaml
    └── docker-compose.yaml
  • index.yaml β†’ Contains all template metadata, references, and setup methods.
  • docker-compose.yaml β†’ Optional; defines containers if the project is deployed with Docker.
  • Each template lives inside its own folder.

πŸ“ Template Format (index.yaml)

All available examples:
πŸ”— templates/

---
id: example-template (required)

info:
  name: Vulnerable Target (required)
  author: hhsteam (required)
  description: | (optional)
    Description of the Vulnerable Target goes here.
  targets: (required, min_length: 1)
    - "web-application"
    - "login-system"
  type: Lab | CVE (required, Lab or CVE)
  affected_versions: (optinal)
    - "1.0.0"
  fixed_version: "1.1.0" (optinal)
  cve: "CVE-XXXX" (optional)
  cwe: "CWE-XX" (optinal)
  cvss: (optinal)
    score: "5.0"
    metrics: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
  tags: (required, min_length: 1)
    - "nodejs"
    - "angular"
    - "sqli"
  references: (optinal)
    - "https://vulnerabletarget.com/"

poc: (optinal)
  semgrep:
    - "semgrep_1.yaml"
    - "semgrep_2.yaml"
  nuclei:
    - "nuclei_template_1.yaml"
    - "nuclei_template_2.yaml"

remediation: (optinal)
  - "Use parameterized queries or prepared statements"
  - "Implement input validation and sanitization"
  - "Apply principle of least privilege to database connections"
  - "Update to version 1.3.0 or later"

providers: (required, min_length: 1)
  docker-compose:
    path: "docker-compose.yaml"

post-install: (optinal)
  - "After up app"
  - "If have any configuration, credential information or todo"
  - "You should notice to end-user"
  - "See templates/bwapp/index.yaml"

πŸ“Œ Notes

  • The id field must be unique.
  • The info section should clearly describe the purpose and scope of the template.
  • Under providers, you can define multiple deployment/setup methods.
  • Optional fields can be omitted, but leaving comments instead of empty values improves readability.
  • Each template can have its own independent setup method(s).

Clone this wiki locally