Repository navigation
vulnerable
- Website
- Wikipedia
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Awesome Vulnerable Applications
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Twitter vulnerable snippets
⚠ This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
Damn Vulnerable NodeJS Application
A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.
Intentionally vulnerable Android application.
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Damn Vulnerable Web Application Docker container
Web application with vulnerabilities found in real cases, both in pentests and in Bug Bounty programs.
A Broken Application - Very Vulnerable!
Frida scripts for mobile application dynamic-analysis.
Damn Vulnerable eXtensive Training Environment
Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.
Vulnerable OTP/2FA Application written in PHP using Google Authenticator
An app with really insecure crypto. To be used to see/test/exploit weak cryptographic implementations as well as to learn a little bit more about crypto, without the need to dive deep into the math behind it
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
🔬 A collection of test cases in the Java language. It contains examples for 112 different CWEs.