https://github.com/twseptian/vulnerable-resource

this note is a vulnerability resource for peoples who learn penetration testing. feel free to add some other sources on this note
https://github.com/twseptian/vulnerable-resource

Last synced: about 1 month ago
JSON representation

this note is a vulnerability resource for peoples who learn penetration testing. feel free to add some other sources on this note

• Host: GitHub
• URL: https://github.com/twseptian/vulnerable-resource
• Owner: twseptian
• Created: 2020-07-21T06:20:25.000Z (about 5 years ago)
• Default Branch: master
• Last Pushed: 2020-07-30T05:06:17.000Z (about 5 years ago)
• Last Synced: 2025-07-09T07:52:26.560Z (3 months ago)
• Homepage:
• Size: 10.7 KB
• Stars: 7
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
This note contains the vulnerability apps to improve your skill on penetration testing and hacking

# Contents

- [Web Application](#web-application)

- [Mobile Applicaton](#mobile-application)

- [Thick Client](#thick-client)

- [OS and Hardware](#os-and-hardware)

- [Cyber Physical System](#cyber-physical-system)

- [Cloud Infrastructure](#cloud-infrastructure)

- [Cryptocurrency and Blockchain](#cryptocurrency-and-blockchain)

- [Vulnerability as a Service](#vulnerability-as-a-service)

## Web Application

- [Damn Vulnerable Web Application (DVWA)](https://github.com/ethicalhack3r/DVWA])

- [Buggy Web Application (bWAPP)](https://sourceforge.net/projects/bwapp/files/bWAPP/)

- [JuiceShop](https://github.com/bkimminich/juice-shop)

- [Multilidae II](https://github.com/webpwnized/mutillidae)

- [Damn Vulnerable WordPress Site (DVWPS)](https://github.com/vianasw/dvwps)              

- [Damn Small Vulnerable Web (DSVW)](https://github.com/stamparm/DSVW)

- [WebGoat](https://github.com/WebGoat/WebGoat)

- [WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET)

- [Peruggia](https://sourceforge.net/projects/peruggia/)

- [PuzzleMail](https://code.google.com/archive/p/puzzlemall/)

- [Bricks](https://sechow.com/bricks/download.html)

- [Damn Vulnerable Web-Socket (DVWS)](https://github.com/interference-security/DVWS/)

- [Damn Vulnerable Node.JS Application (DVNA)](https://github.com/appsecco/dvna)

- [Damn Vulnerable Python Web App (DVPWA)](https://github.com/anxolerd/dvpwa)

- [Damn Vulnerable Rails App (DVRA)](https://github.com/guilleiguaran/dvra)

- [NodeGoat (WebGoat + NodeJS)](https://github.com/OWASP/NodeGoat)

- [RailsGoat (WebGoat + Ruby & Rails)](https://github.com/OWASP/railsgoat)

- [OWASP - SecurityShepherd](https://github.com/OWASP/SecurityShepherd)

### Web Service/API

- [Damn Vulnerable Web Service (DVWS)](https://github.com/snoopysecurity/dvws)

- [Tiredful API](https://github.com/payatu/Tiredful-API/)

- [Python Vulnerable API](https://github.com/mattvaldes/vulnerable-api)

- [Websheep](https://github.com/wishtack/wishtack-websheep)

- [Damn Vulnerable C# API (DVCsharp-API)](https://github.com/appsecco/dvcsharp-api)

- [GraphQL security 101](https://github.com/twseptian/graphql-security-labs)

## Mobile Application

### Android

- [Damn Insecure and Vulnerable App (DIVA)](https://github.com/payatu/diva-android)

- [OWASP MSTG Hacking Playground](https://github.com/OWASP/MSTG-Hacking-Playground)

- [Damn Vulnerable Android App (DVAA)](https://code.google.com/p/dvaa/)

- [Damn Vulnerable FirefoxOS Application (DVFA)](https://github.com/arroway/dvfa)

- [ExploitMe Mobile Android Labs](https://securitycompass.github.io/AndroidLabs/)

- [Hacme Bank Android](https://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx)

- [InsecureBank](https://www.paladion.net/downloadapp.html)

- [NcN Wargame](https://github.com/NocONName/Wargame_NcN2012)

- [OWASP Goatdroid](https://github.com/jackMannino/OWASP-GoatDroid-Project)

### IOS

- [Damn Vulnerable iOS App (DVIA)](https://github.com/prateek147/DVIA)

- [Damn VUlnerable iOS App + Swift (DVIA-v2)](https://github.com/prateek147/DVIA-v2)

- [OWASP MSTG Hacking Playground](https://github.com/OWASP/MSTG-Hacking-Playground)

- [ExploitMe Mobile iPhone Labs](https://securitycompass.github.io/iPhoneLabs/)

- [OWASP iGoat](https://code.google.com/p/owasp-igoat/)

### Hybrid technology

- [Damn Vulnerable Hybrid Mobile (DVHMA)](https://github.com/logicalhacking/DVHMA)

- [VyAPI - cloud based app as a backend](https://github.com/appsecco/VyAPI)

## Thick Client

- [Thick Client Application](https://github.com/secvulture/dvta)

- [Java EE](https://github.com/appsecco/dvja)

## OS and Hardware

- [Damn Vulnerable Device Driver (DVDD)](https://github.com/pwk4m1/Damn_Vulnerable_Device_Driver)

- [Damn Vulnerable IoT Device (DVID)](https://github.com/Vulcainreo/DVID)

- [Damn Vulnerable Router Firmware (DVRF)](https://github.com/praetorian-code/DVRF)

- [Damn Vulnerable Raspberry Pi (Sticky Fingers DV-PI)](https://whitedome.com.au/re4son/sticky-fingers-dv-pi/)

## Cyber Physical System

- [Damn Vulnerable Chemical Process — Tenneese Eastman (DVCP-TE) — SCADA](https://github.com/satejnik/DVCP-TE)

## Cloud Infrastructure

- [Damn Vulnerable Cloud Application (DVCA)](https://github.com/m6a-UdS/dvca)

- [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat)

- [Damn Vulnerable Function as a Service (DVFaaS)](https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service)

- [Damn Vulnerable Serverless Application (DVSA)](https://github.com/OWASP/DVSA)

## Cryptocurrency and Blockchain

- [Damn Vulnerable Crypto Wallet (DVCW)](https://gitlab.com/badbounty/dvcw)

- [Damn Vulnerable Wallet App (DVWA)](https://github.com/genecyber/Damn-Vulnerable-Wallet-App)

- [Damn Vulnerable Block Chain (DVBA)](https://github.com/subashsn/dvba)

## Vulnerability as a Service

- [Heartbleed - cve-2014-0160](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) **docker**

- [SambaCry - cve-2017-7494](https://hub.docker.com/r/vulnerables/cve-2017-7494/) **docker**

- [Shellshock - cve-2014-6271](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) **docker**