gRPC Goat is a "Vulnerable by Design" lab created to provide an interactive, hands-on playground for learning and practicing gRPC security.
Each lab contains a CTF-style flag that you can capture by successfully exploiting the vulnerability!
# Clone the repository
git clone https://github.com/rootxjs/grpc-goat.git
cd grpc-goat
# Start all vulnerable services
docker compose up --build
# Services will be available on localhost:8001-8009For complete documentation, installation guides, and step-by-step walkthroughs, visit:
📖 https://rootxjs.github.io/docs/grpc_goat_docs/getting-started/
The documentation includes:
- gRPC Basics - Essential concepts and security fundamentals
- Labs Overview - All 9 vulnerability scenarios with learning paths
- Installation Guide - Detailed setup instructions and troubleshooting
- Walkthrough - Step-by-step exploitation guides with code examples
| Lab | Vulnerability | Port |
|---|---|---|
| 001 | gRPC Reflection Enabled | 8001 |
| 002 | Plaintext gRPC | 8002 |
| 003 | Insecure TLS | 8003 |
| 004 | Arbitrary mTLS | 8004 |
| 005 | mTLS Subject Validation | 8005 |
| 006 | Unix Socket World Writable | container |
| 007 | SQL Injection | 8007 |
| 008 | Command Injection | 8008 |
| 009 | Server-Side Request Forgery | 8009 |
- Docker and Docker Compose
- grpcurl:
go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest
For labs 002-009, you'll need the corresponding .proto files to interact with the services. All proto files are available in the protos/ directory:
# Example: Test Lab 002 with grpcurl
grpcurl -plaintext -proto protos/lab-002-auth.proto \
-d '{"username": "admin", "password": "password"}' \
localhost:8002 auth.AuthService/LoginSee protos/README.md for detailed usage instructions.
Contributions are welcome! Please see the documentation website for contribution guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.