Build software better, together

juice-shop / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

javascript security hacking owasp application-security pentesting ctf vulnerable appsec hacktoberfest owasp-top-10 owasp-top-ten 24pullrequests vulnapp

Updated Jun 6, 2022
TypeScript

OWASP / OWASP-VWAD

Sponsor

Star

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

owasp vulnerable appsec vulnerable-web-app vulnerable-web-application

Updated Apr 23, 2022

appsecco / dvna

Star

Damn Vulnerable NodeJS Application

nodejs testing security hack owasp vulnerable owasp-top-10 vulnerable-apps dvna

Updated Jun 1, 2022
CSS

kaiiyer / awesome-vulnerable

Star

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

awesome hack lab penetration-testing vulnerabilities pentest vulnerable hacktoberfest bwapp vulnerable-apps penetration-skills security-protection badstore security-shepherd test-lab hacking-skills hacktoberfest2021

Updated Apr 25, 2022

vavkamil / awesome-vulnerable-apps

Star

Awesome Vulnerable Applications

security awesome bug hacking penetration-testing awesome-list bugbounty vulnerable vulnerable-applications

Updated May 18, 2022

abhi-r3v0 / EVABS

Star

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

mobile-app application-security pentesting android-app android-security mobile-security vulnerable ctf-platform ctf-challenges android-ctf android-pentest mobile-pentest mobile-ctf android-application-vulnerabilities android-labs

Updated Dec 23, 2021
CMake

opsxcq / docker-vulnerable-dvwa

Sponsor

Star

Damn Vulnerable Web Application Docker container

training docker web-app hacking web-application vulnerabilities vulnerable training-labs dvwa

Updated Apr 13, 2020
PHP

t0thkr1s / allsafe

Star

Intentionally vulnerable Android application.

android forthebadge certificate reverse-engineering dynamic-analysis reverse vulnerabilities bugbounty mobile-security frida bypass vulnerable vulnerable-android-apps hackerone-reports frida-scripts hardcoded-credentials

Updated May 2, 2021
Java

davevs / dvxte

Star

Damn Vulnerable eXtensive Training Environment

training docker vulnerable

Updated Mar 15, 2022
Dockerfile

kagurazakasanae / Mhyprot2DrvControl

Star

A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.

windows kernel driver vulnerable mhyprot2

Updated Oct 28, 2020
C#

DamnVulnerableCryptoApp / DamnVulnerableCryptoApp

Star

An app with really insecure crypto. To be used to see/test/exploit weak cryptographic implementations as well as to learn a little bit more about crypto, without the need to dive deep into the math behind it

block crypto aes random detection oracle rsa md5 sha1 weak cbc padding reordering vulnerable iv ecb damn collisions

Updated Jun 1, 2022
TypeScript

mddanish / Vulnerable-OTP-Application

Star

Vulnerable OTP/2FA Application written in PHP using Google Authenticator

php google-authenticator vulnerable otp-applications multifactor otp-bypass

Updated Nov 13, 2019
PHP

opsxcq / exploit-CVE-2016-6515

Sponsor

Star

OpenSSH remote DOS exploit and vulnerable container

docker exploit container openssh vulnerable

Updated Oct 30, 2017
JavaScript

t0thkr1s / frida

Star

Frida scripts for mobile application dynamic-analysis.

Updated Feb 1, 2021
Python

fportantier / vulpy

Star

Vulnerable Python Application To Learn Secure Development

python flask security web sqlite vulnerable

Updated Apr 28, 2022
Python

find-sec-bugs / find-sec-bugs-demos

Star

Repository to showcase various configuration recipes with various technologies

sample continuous-integration code vulnerable build-analysis configuration-recipes

Updated Mar 31, 2022
HTML

MobSF / MobSF-Related-Materials

Star

MobSF related Presentations, Slides and Others.

tools exploit slides scripts poc mobsf vulnerable reversing

Updated Dec 20, 2017
Java

find-sec-bugs / juliet-test-suite

Star

🔬 A collection of test cases in the Java language. It contains examples for 112 different CWEs.

sample application code vulnerable

Updated May 17, 2021
Java

tristanlatr / WPWatcher

Star

Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.

wordpress alerts service asynchronous email syslog scan batch automate report bulk auto multiple vulnerable wpscan sites warnings mass

Updated Jul 27, 2021
Python

opsxcq / exploit-CVE-2016-7434

Sponsor

Star

NTPD remote DOS exploit and vulnerable container

docker express vulnerable exploitation ntpd vulnerable-container

Updated Oct 30, 2017
C

fabaff / fsl-test-bench

Star

FSL Test bench - Ansible playbook repository to setup a save environment for security auditing and testing. It can be used for teaching security testing methodologies, testing tools, learning, and playing.

security ansible playground fedora pentesting vulnerable fedora-security-lab