Need help with awesome-vulnerable-apps?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

vavkamil
167 Stars 21 Forks Creative Commons Zero v1.0 Universal 33 Commits 0 Opened issues

Description

Awesome Vulnerable Applications

Services available

!
?

Need anything else?

Contributors list

# 17,778
Python
payload...
Ruby
Jupyter...
20 commits
# 4,759
pentest...
Android
penetra...
aws-lam...
1 commit
# 487,654
Vim
repl
penetra...
vulnera...
1 commit
# 535,971
Python
Linux
Shell
python3
1 commit

Awesome Vulnerable Applications Awesome

A curated list of various vulnerable by design applications

Contents


Online

Online vulnerable app and CTFs

Paid

Paid tranining courses

Vulnerable VMs

Cloud Security

SSO - Single Sign On

Mobile Security

  • InsecureBankv2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
  • Damn Vulnerable Bank - Vulnerable Banking Application for Android
  • Vulnerable Kext - A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation

OWASP Top 10

  • Owasp Juice shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
  • DVWA - Damn Vulnerable Web Application (DVWA)
  • DSVW - Damn Small Vulnerable Web
  • bWAPP - This is just an instance of the OWASP bWAPP project as a docker container.
  • Xtreme Vulnerable Web Application - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
  • lazyweb - This web application is a demonstration of common server-side application flaws. Each of the vulnerabilities has its own difficulty rating.
  • OWASP Mutillidae II - OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.
  • Pentest_lab - Local penetration testing lab using docker-compose.

SQL Injection

XSS Injection

  • clicker-service - simulate XSS - Docker container that intakes post and then "clicks" the link. Intentionally vulnerable. To be used with vulnerable by design web apps to realistically simulate XSS and XSRF (CSRF).
  • XSSworm.dev - Self-replication contest
  • xssed - A set of XSS vulnerable PHP scripts for testing
  • xssable - A vulnerable blogging platform used to demonstrate XSS vulnerabilities.

Server Side Request Forgery

  • SSRFVulnerableLab - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

CORS Misconfiguration

XXE Injection

  • XXE Lab - A simple web app with a XXE vulnerability.
  • docker-java-xxe - Docker image to test XXE attacks in java with tomcat.

Technologies

WordPress

  • DVWP - Damn Vulnerable WordPress

Node.js

  • exploit-workshop - A step by step workshop to exploit various vulnerabilities in Node.js and Java applications
  • DVNA - Damn Vulnerable NodeJS Application
  • Extreme Vulnerable Node Application - Extreme Vulnerable Node Application
  • dvws-node - Damn Vulnerable Web Service is a vulnerable web service/API/application that can be used to learn webservices/API vulnerabilities.

Firmware

  • DVRF - The Damn Vulnerable Router Firmware Project
  • OWASP IoT Goat - IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.

Uncategorized

  • dvws - Damn Vulnerable Web Services - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
  • Fuzzgoat - A vulnerable C program for testing fuzzers.
  • wavsep - The Web Application Vulnerability Scanner Evaluation Project
  • leaky-repo - Benchmarking repo for secrets scanning
  • OWASP SKF labs - Repo for all the OWASP-SKF Docker lab examples
  • Vulnserver - Vulnerable server used for learning software exploitation
  • Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Contribute

Contributions welcome! Read the contribution guidelines first.

License

CC0

To the extent possible under law, vavkamil has waived all copyright and related or neighboring rights to this work.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.