OWASP/wrongsecrets

Vulnerable app with examples showing how to not use secrets

Language: Java - Size: 105 MB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 1,297 - Forks: 432

erev0s/VAmPI

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Language: Python - Size: 66.4 KB - Last synced at: about 19 hours ago - Pushed at: 5 months ago - Stars: 981 - Forks: 416

OWASP/OWASP-VWAD

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Size: 270 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 854 - Forks: 219

OWASP/Vulnerable-Web-Application

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

Language: PHP - Size: 854 KB - Last synced at: 12 months ago - Pushed at: about 1 year ago - Stars: 326 - Forks: 315

Checkmarx/capital

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

Language: CSS - Size: 5.8 MB - Last synced at: 4 months ago - Pushed at: about 1 year ago - Stars: 279 - Forks: 67

lucideus-repo/UnSAFE_Bank

Vulnerable Banking Suite

Language: PHP - Size: 83.5 MB - Last synced at: 5 months ago - Pushed at: over 1 year ago - Stars: 152 - Forks: 83

GoSecure/template-injection-workshop

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

Language: CSS - Size: 3.27 MB - Last synced at: 17 days ago - Pushed at: over 2 years ago - Stars: 125 - Forks: 35

lunasec-io/Spring4Shell-POC Fork of reznok/Spring4Shell-POC

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

Language: Python - Size: 25.4 KB - Last synced at: 12 months ago - Pushed at: over 2 years ago - Stars: 103 - Forks: 75

appsecco/sqlinjection-training-app

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Language: PHP - Size: 26.4 KB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 70 - Forks: 48

Aif4thah/VulnerableLightApp

Vulnerable API for research and education

Language: C# - Size: 115 KB - Last synced at: 6 days ago - Pushed at: 12 days ago - Stars: 41 - Forks: 54

TheTwitchy/vulnd_xxe

A server vulnerable to XXE that can be used to test payloads using the xxer tool.

Language: Java - Size: 8.79 KB - Last synced at: about 2 years ago - Pushed at: about 7 years ago - Stars: 25 - Forks: 3

OWASP/www-project-vulnerable-web-applications-directory

The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Language: HTML - Size: 1.25 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 21 - Forks: 22

sec4you/VulnLabs

docker-compose bringing up multiple vulnerable applications inside containers.

Size: 2.93 KB - Last synced at: 14 days ago - Pushed at: about 7 years ago - Stars: 18 - Forks: 3

karimtariqx/HackerStories

This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.

Language: PHP - Size: 110 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 12 - Forks: 1

OWASP/www-project-vulnerable-flask-app

OWASP Foundation Web Respository

Language: HTML - Size: 9.77 KB - Last synced at: 12 months ago - Pushed at: over 2 years ago - Stars: 12 - Forks: 8

omarkurt/ssjs

SSJS Web Shell Injection Case

Language: JavaScript - Size: 1.22 MB - Last synced at: over 1 year ago - Pushed at: over 5 years ago - Stars: 8 - Forks: 0

anil-yelken/python-source-code-analysis

Python Source Code Analysis

Size: 19.5 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 7 - Forks: 0

OSTEsayed/OSTE-Vulnerable-Web-Application

Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

Language: PHP - Size: 136 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 1

naryal2580/vfapi

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

Language: Python - Size: 783 KB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 6 - Forks: 5

wishtack/wishtack-websheep 📦

⛔️deprecated and replaced by https://github.com/marmicode/websheep

Language: JavaScript - Size: 72.3 KB - Last synced at: about 1 year ago - Pushed at: over 5 years ago - Stars: 6 - Forks: 0

Serhatcck/server-side-prototype-pollution

A website developed with Nodejs. This website includes server side prototype pollution vulnerability

Language: CSS - Size: 8.45 MB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 5 - Forks: 0

anotherik/ThreatByte

ThreatByte is a vulnerable Python (Flask) web application designed to demonstrate some Web Application and API Security risks.

Language: Python - Size: 102 KB - Last synced at: 17 days ago - Pushed at: 17 days ago - Stars: 4 - Forks: 1

manuelz120/extremely-vulnerable-flask-app

Intentionally vulnerable Python / Flask application, built for educational purposes.

Language: Python - Size: 394 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 4 - Forks: 10

yusufarbc/DockerVuln

A TUI enviorment for vulnerable app containers.

Language: Shell - Size: 49.8 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 4 - Forks: 2

knightr1d3r007/OWASP_IOTgoat_for_A5-V11_mini_router

IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.

Size: 803 KB - Last synced at: about 2 months ago - Pushed at: about 1 year ago - Stars: 3 - Forks: 3

bocajspear1/mlprtc

A very vulnerable "medical" web app. Just look at the name.

Language: PHP - Size: 17.6 KB - Last synced at: about 1 year ago - Pushed at: over 2 years ago - Stars: 3 - Forks: 0

bocajspear1/super-cool-community

A really cool community web application... that's vulnerable (Made for CNY Hackathon 2019)

Language: PHP - Size: 1.08 MB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 2 - Forks: 0

firdauskhairuddin/lekir-docker

LEKIR - Vulnerable by design to help people learn about common web security, dockerized!

Language: Dockerfile - Size: 14.6 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 2 - Forks: 0

jib1337/websandbox

Small forum website for practicing basic web exploits.

Language: PHP - Size: 27.3 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 2 - Forks: 2

qwqoro/Mail-Injection

📧 [Research] E-Mail Injection: Vulnerable applications

Language: HTML - Size: 4.51 MB - Last synced at: about 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0

anil-yelken/www-project-vulnerable-flask-app Fork of OWASP/www-project-vulnerable-flask-app

OWASP Foundation Web Respository

Size: 6.84 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 2 - Forks: 0

sec-zone/vuln_app

Another vulnerable application for practicing web penetration testing.

Language: Python - Size: 117 KB - Last synced at: about 1 year ago - Pushed at: over 4 years ago - Stars: 2 - Forks: 3

wwt9829/CSEC-380-Project

Vulnerable web application created by students using Travis CI, Docker, Flask, and Agile

Language: Python - Size: 39.2 MB - Last synced at: about 1 year ago - Pushed at: over 5 years ago - Stars: 2 - Forks: 3

r888800009/vulnerable-cgi-login-example

A buffer overflow vulnerable CGI program

Language: C - Size: 7.81 KB - Last synced at: about 2 years ago - Pushed at: over 5 years ago - Stars: 2 - Forks: 1

TheStarkster/Vulnerable-Operations

A Website with vulnerabilities

Language: PHP - Size: 431 KB - Last synced at: 11 months ago - Pushed at: over 5 years ago - Stars: 2 - Forks: 0

Snbig/Vulnerable-Pages

Intentionally Vulnerable Pages for OWASP ASVS Security Evaluation Templates with Nuclei Project.

Language: Python - Size: 145 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 1 - Forks: 0

danielserbu/VAmPISecurityTests

VAmPISecurityTests with python and pytest

Language: Python - Size: 4.91 MB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

th3r4ven/XSS-WEB-APP

Language: Python - Size: 2.33 MB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 1 - Forks: 2

SasanLabs/facade-schema

Schema to fulfill the VulnerableApp-facade contract

Language: Java - Size: 87.9 KB - Last synced at: about 1 month ago - Pushed at: over 3 years ago - Stars: 1 - Forks: 2

polarspetroll/VulnLogin

Vulnerable login form

Language: CSS - Size: 16.6 KB - Last synced at: about 1 month ago - Pushed at: almost 4 years ago - Stars: 1 - Forks: 0

bocajspear1/manatee-bank-web-app

Vulnerable web app made for CNY Hackathon

Language: PHP - Size: 315 KB - Last synced at: about 1 year ago - Pushed at: about 5 years ago - Stars: 1 - Forks: 7

ledz1996/hack_my_teeth Fork of dentist-team/hack_my_teeth

A deliberately vulnerable java/python applications

Language: Java - Size: 1.33 MB - Last synced at: about 1 month ago - Pushed at: almost 6 years ago - Stars: 1 - Forks: 6

rhaidiz/multi-stage

Multi-Stage vulnerable web application

Language: PHP - Size: 7.81 KB - Last synced at: about 1 month ago - Pushed at: about 7 years ago - Stars: 1 - Forks: 0

ricsirigu/insecurytter

First security project for the MOOC http://mooc.fi/courses/2016/cybersecurity/

Language: Java - Size: 14.6 KB - Last synced at: about 1 year ago - Pushed at: about 8 years ago - Stars: 1 - Forks: 2

abelreqma/BankofAbel

This is a vulnerable web application I developed for my Database Security class at Boston University. It contains possible IDOR and session hijacking attacks in a pseudo-realistic banking web app. The application is built using the LAMP stack.

Language: PHP - Size: 1.87 MB - Last synced at: 13 days ago - Pushed at: 17 days ago - Stars: 0 - Forks: 0

fandigunawan/vulnerable-flask-application

A vulnerable Python Flask application for OWASP TOP 10 vulnerabilities demo

Language: HTML - Size: 17.6 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

tatumroaquin/31261-The-Sensor-DB

a vulnerable web app made with PHP, used to demonstrate SQLIA

Language: PHP - Size: 22.5 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 1

obikag/vuln-php-demo

This is a very simple PHP website that can be used to demonstrate common vulnerabiltiies in web applications.

Language: PHP - Size: 1 MB - Last synced at: about 2 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

dev-angelist/WebSafeHub---Vulnerable-Web-App

WebSafeHub - Vulnerable Web App

Language: PHP - Size: 49.8 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

sanogotech/Vulnerable-Flask-App Fork of anil-yelken/Vulnerable-Flask-App

Erlik 2 - Vulnerable-Flask-App

Language: Python - Size: 203 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

Hritikpatel/InsecureTrust_Bank

"InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.

Language: PHP - Size: 35.7 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

GHOST-mHBr/SQLi-Lab

just a lab for sql injection

Language: CSS - Size: 9.77 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

vulnerable9/redvuln

A simple website to easily create Open Redirect attacks.

Language: HTML - Size: 1.95 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

UsagiB4/Vulnerable-Machines-for-Pentesting-and-Hacking

This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you

Size: 2.93 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

tatumroaquin/vwa-ssji

VWA (vulnerable web applications) for SSJI, implemented in NodeJS and ExpressJS

Language: EJS - Size: 525 KB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

anil-yelken/OWASP-Istanbul-Vulnerable-Flask-App

OWASP Istanbul - Vulnerable Flask App

Size: 1.2 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

david-pellissier/vulnerable-messaging-website

A vulnerable web app in PHP

Language: PHP - Size: 1.34 MB - Last synced at: almost 2 years ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 1

aashishrbhandari/simple-web-apps

Web Apps // Web Dev Projects // Intermediate Learning Web Apps

Language: JavaScript - Size: 98.6 KB - Last synced at: almost 2 years ago - Pushed at: over 3 years ago - Stars: 0 - Forks: 1

Aviral14/Skiddie

A collection of Web Capture the Flag challenges that I created for various CTFs at BPHC

Size: 22.5 KB - Last synced at: about 2 years ago - Pushed at: about 4 years ago - Stars: 0 - Forks: 0

majidmc2/bad_python_extract Fork of ajinabraham/bad_python_extract

A vulnerable web application written in Python Flask to demonstrate insecure file extraction

Language: Python - Size: 13.7 KB - Last synced at: about 1 year ago - Pushed at: about 4 years ago - Stars: 0 - Forks: 0