awesome-vulnerable-apps

Vulnerability Labs

A curated collection of intentionally vulnerable applications and environments to help developers practice security testing and learning about common web application vulnerabilities.

Awesome Vulnerable Applications

GitHub
1k stars
21 watching
160 forks
last commit: 4 months ago
Linked from 1 awesome list

awesomeawesome-listbugbugbountyhackingpenetration-testingsecurityvulnerablevulnerable-applications

Awesome Vulnerable Applications / Online
Hacker101 CTF
Web Security Academy
Hack The Box
Try Hack Me
CTFtime
PWNABLE.KR
XSS game
Gin & Juice Shop

Awesome Vulnerable Applications / Paid
PentesterLab

Awesome Vulnerable Applications / Vulnerable VMs
Vulhub 17,814 about 2 months ago
Exploit Exercises
Metasploitable3 4,764 5 months ago Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities
Hackmyvm.eu

Awesome Vulnerable Applications / Cloud Security
Kubernetes Goat 4,421 10 days ago Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security
CloudGoat 2,976 3 days ago CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
CdkGoat - Vulnerable AWS CDK Infra 44 over 1 year ago CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository
Cfngoat - Vulnerable Cloudformation Template 92 4 months ago Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository
TerraGoat - Vulnerable Terraform Infra 1,157 2 months ago TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository
caponeme - Capital One Breach 241 almost 4 years ago Repository demonstrating the Capital One breach on your AWS account
WrongSecrets 1,236 5 days ago WrongSecrets is "Vulnerable by Design" to show how to not handle secrets in Docker, Kubernetes and in the cloud (AWS/GCP/Azure)
AWSGoat 1,749 25 days ago A Damn Vulnerable AWS Infrastructure
AzureGoat 786 25 days ago A Damn Vulnerable Azure Infrastructure
IAM Vulnerable 479 10 months ago Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground
Sadcloud 659 about 1 year ago A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure
CNAPPgoat 266 3 months ago CNAPPgoat is a multi-cloud, vulnerable-by-design environment deployment tool
Unguard 46 13 days ago An insecure cloud-native microservices demo application for Kubernetes

Awesome Vulnerable Applications / SSO - Single Sign On
vulnerable-sso 147 4 months ago vulnerable single sign on

Awesome Vulnerable Applications / Mobile Security
Allsafe 213 8 months ago Allsafe is an intentionally vulnerable application that contains various vulnerabilities
InsecureBankv2 1,265 7 months ago Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
Vulnerable Kext 230 almost 4 years ago A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
InjuredAndroid 664 over 3 years ago A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style
Damn Vulnerable Bank 654 12 months ago Damn Vulnerable Bank is designed to be an intentionally vulnerable android application
InsecureShop 232 over 2 years ago An Intentionally designed Vulnerable Android Application built in Kotlin
AndroGoat 212 over 2 years ago AndroGoat is purposely developed open source vulnerable/insecure app using Kotlin
DIVA Android 967 over 1 year ago Damn Insecure and vulnerable App for Android
OVAA 656 4 months ago Oversecured Vulnerable Android App
Vuldroid 63 about 3 years ago Android Application covering various static and dynamic vulnerabilities
Android Security Testing 92 11 months ago hpAndro1337 Application made in Kotlin with multiple vulnerabilities and a CTF

Awesome Vulnerable Applications / OWASP Top 10
Owasp Juice shop 10,466 12 days ago OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
DVWA 10,292 15 days ago Damn Vulnerable Web Application (DVWA)
DSVW 785 5 months ago Damn Small Vulnerable Web
bWAPP 133 almost 3 years ago This is just an instance of the OWASP bWAPP project as a docker container
Xtreme Vulnerable Web Application 1,699 about 4 years ago XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security
lazyweb 116 over 2 years ago This web application is a demonstration of common server-side application flaws. Each of the vulnerabilities has its own difficulty rating
OWASP Mutillidae II 1,267 6 days ago OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast
Pentest_lab 182 over 1 year ago Local penetration testing lab using docker-compose
VulnLab 385 4 months ago A vulnerable web application lab using Docker
WebGoat 7,036 10 days ago WebGoat is a deliberately insecure application by OWASP for training purpose
VAmPI 927 3 months ago Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Awesome Vulnerable Applications / OWASP Top 10 / SQL Injection
Yet Another Vulnerability Database 15 over 3 years ago Yet Another Vulnerability Database

Awesome Vulnerable Applications / OWASP Top 10 / XSS Injection
clicker-service - simulate XSS Docker container that intakes post and then "clicks" the link. Intentionally vulnerable. To be used with vulnerable by design web apps to realistically simulate XSS and XSRF (CSRF)
XSSworm.dev 6 almost 4 years ago Self-replication contest
xssed 37 almost 12 years ago A set of XSS vulnerable PHP scripts for testing
xssable 9 11 months ago A vulnerable blogging platform used to demonstrate XSS vulnerabilities

Awesome Vulnerable Applications / OWASP Top 10 / Server Side Request Forgery
SSRF_Vulnerable_Lab 670 over 1 year ago This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Awesome Vulnerable Applications / OWASP Top 10 / CORS Misconfiguration
CORS-vulnerable-Lab 189 over 3 years ago Sample vulnerable code and its exploit code
CORS misconfiguration vulnerable Lab 65 about 3 years ago This Repository contains CORS misconfiguration related vulnerable codes

Awesome Vulnerable Applications / OWASP Top 10 / XXE Injection
XXE Lab 225 about 3 years ago A simple web app with a XXE vulnerability
docker-java-xxe 5 about 6 years ago Docker image to test XXE attacks in java with tomcat

Awesome Vulnerable Applications / OWASP Top 10 / Request Smuggling
Varnish HTTP/2 Request Smuggling 55 about 3 years ago This repository a docker-compose file to setup a local environment that is vulnerable to CVE-2021-36740 Varnish HTTP/2 request smuggling

Awesome Vulnerable Applications / Technologies / WordPress
DVWP 164 11 months ago Damn Vulnerable WordPress

Awesome Vulnerable Applications / Technologies / Node.js
exploit-workshop 155 8 months ago A step by step workshop to exploit various vulnerabilities in Node.js and Java applications
DVNA 706 8 months ago Damn Vulnerable NodeJS Application
Extreme Vulnerable Node Application 93 about 6 years ago Extreme Vulnerable Node Application
dvws-node 455 about 1 month ago Damn Vulnerable Web Service is a vulnerable web service/API/application that can be used to learn webservices/API vulnerabilities

Awesome Vulnerable Applications / Technologies / Firmware
DVRF 673 over 3 years ago The Damn Vulnerable Router Firmware Project
OWASP IoT Goat 701 15 days ago IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices
DVID 188 10 months ago Damn Vulnerable IoT Device

Awesome Vulnerable Applications / Uncategorized
LogSnare 31 9 months ago A playground for testing, preventing, and logging IDOR vulnerabilities
GitHub Actions Goat 443 about 2 months ago Deliberately Vulnerable GitHub Actions CI/CD Environment
dvws - Damn Vulnerable Web Services 454 almost 3 years ago Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities
Fuzzgoat 190 about 2 years ago A vulnerable C program for testing fuzzers
wavsep 228 about 2 years ago The Web Application Vulnerability Scanner Evaluation Project
leaky-repo 229 3 months ago Benchmarking repo for secrets scanning
OWASP SKF labs 438 4 months ago Repo for all the OWASP-SKF Docker lab examples
Vulnserver 1,001 about 4 years ago Vulnerable server used for learning software exploitation
Damn-Vulnerable-GraphQL-Application 1,505 10 months ago Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security
Vulnerable-nginx 226 about 4 years ago An intentionally vulnerable NGINX setup
Raspwn OS 53 over 7 years ago The intentionally vulnerable image for the Raspberry Pi
python_security 35 over 3 years ago This repository collects lists of security-relavent Python APIs, along with examples of exploits using those APIs
OWASP-VWAD 873 29 days ago The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available
Vulhub 17,814 about 2 months ago Vulhub is an open-source collection of pre-built vulnerable docker environments
VulnDoge Web app for hunters
CI/CD Goat 1,946 4 months ago Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, catch the flags
Damn Vulnerable Thick Client 141 over 1 year ago Damn Vulnerable Thick Client App developed in C# .NET
Damn Vulnerable RESTaurant 442 9 days ago Intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers
VulnerableLightApp 30 10 days ago .NET vulnerable REST API

Backlinks from these awesome lists:

More related projects: