This tool reproduces a vulnerable Debian environment for a given CVE number.
Copyright (c) 2023-2025 Orange
This code is released under the terms of the BSD 3-Clause license. See the license.txt file for more information.
- Python3
- Docker (see the official documentation)
- Firefox
On Debian stable, a simple way to install DECRET is to first run the
following commands as root:
# apt install python3 python-is-python3 python3-venv
# apt install docker.io
# apt install firefox-esrThen, you can download DECRET and its dependencies in a virtual
environment (using the venv module):
$ git clone https://github.com/Orange-OpenSource/decret.git
$ cd decret
$ python3 -m venv venv
$ source venv/bin/activate
$ pip install -r requirements-minimal.txtYou can use requirements.txt if you want to run the tests which are
run in the Continuous Integration pipeline.
Finally you can run decret like so:
python3 -m decret -n 2020-7247 -r bullseye --selenium
and see available arguments like so:
python3 -m decret -h
You can find examples in the examples directory.
- /decret: Main Python source code
- /tests: This is where the pytest code lives
- /examples: Markdown files illustrating working examples
- Fork this repository
- Create a new branch:
git checkout -b feature/your-feature-name - Make your changes, commit, push to feature branch etc
- Ensure tests and linters pass
Our GitHub Actions run pylint, and pytest. Run them locally if possible:
black .
pylint decret/
pytest- Verify your code passes CI tests under
.github/workflows - Open pull request
