Projects in Awesome Lists tagged with vulnerable
A curated list of projects in awesome lists tagged with vulnerable .
https://github.com/bkimminich/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 17 May 2025
https://github.com/juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 13 May 2025
https://bkimminich.github.io/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable
Last synced: 20 Mar 2025
https://github.com/yeswehack/vulnerable-code-snippets
Twitter vulnerable snippets
bugbounty code code-analyze example-code owasp snippets vulnerable web-application websecurity worst-practices
Last synced: 24 Dec 2025
https://github.com/owasp/owasp-vwad
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec owasp vulnerable vulnerable-web-app vulnerable-web-application
Last synced: 02 Apr 2025
https://github.com/OWASP/OWASP-VWAD
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
appsec owasp vulnerable vulnerable-web-app vulnerable-web-application
Last synced: 22 Apr 2025
https://github.com/appsecco/dvna
Damn Vulnerable NodeJS Application
dvna hack nodejs owasp owasp-top-10 security testing vulnerable vulnerable-apps
Last synced: 16 Mar 2025
https://github.com/abhi-r3v0/EVABS
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
android-app android-application-vulnerabilities android-ctf android-labs android-pentest android-security application-security ctf-challenges ctf-platform mobile-app mobile-ctf mobile-pentest mobile-security pentesting vulnerable
Last synced: 29 Apr 2025
https://github.com/t0thkr1s/allsafe
Intentionally vulnerable Android application.
android bugbounty bypass certificate dynamic-analysis forthebadge frida frida-scripts hackerone-reports hardcoded-credentials mobile-security reverse reverse-engineering vulnerabilities vulnerable vulnerable-android-apps
Last synced: 22 Apr 2025
https://github.com/neuralegion/brokencrystals
A Broken Application - Very Vulnerable!
benchmark cyber-security devops nestjs nodejs react secops security typescript vulnerable
Last synced: 11 Apr 2025
https://github.com/davevs/dvxte
Damn Vulnerable eXtensive Training Environment
Last synced: 13 May 2025
https://github.com/fportantier/vulpy
Vulnerable Python Application To Learn Secure Development
flask python security sqlite vulnerable web
Last synced: 18 Nov 2025
https://github.com/mddanish/Vulnerable-OTP-Application
Vulnerable OTP/2FA Application written in PHP using Google Authenticator
google-authenticator multifactor otp-applications otp-bypass php vulnerable
Last synced: 11 Jul 2025
https://github.com/cyllective/oauth-labs
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
appsec ctf hacking oauth2 pentesting security vulnapp vulnerable
Last synced: 02 Apr 2025
https://github.com/find-sec-bugs/juliet-test-suite
:microscope: A collection of test cases in the Java language. It contains examples for 112 different CWEs.
application code sample vulnerable
Last synced: 18 Nov 2025
https://github.com/tristanlatr/wpwatcher
Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.
alerts asynchronous auto automate batch bulk email mass multiple report scan service sites syslog vulnerable warnings wordpress wpscan
Last synced: 05 May 2025
https://github.com/Aif4thah/VulnerableLightApp
Vulnerable API for research and education
api cybersecurity-education cybersecurity-training docker dotnet educational-project hacking hacking-challenge hacking-competitions owasp-top-10 pentest research research-and-development vulnerable vulnerable-api vulnerable-application vulnerable-server vulnerable-web-app vulnerable-web-application web-api
Last synced: 22 Apr 2025
https://github.com/mobsf/mobsf-related-materials
MobSF related Presentations, Slides and Others.
exploit mobsf poc reversing scripts slides tools vulnerable
Last synced: 07 May 2025
https://github.com/fabaff/fsl-test-bench
FSL Test bench - Ansible playbook repository to setup a save environment for security auditing and testing. It can be used for teaching security testing methodologies, testing tools, learning, and playing.
ansible fedora fedora-security-lab pentesting playground security vulnerable
Last synced: 15 Apr 2025
https://github.com/codingo/cracknet
A .net Crackme Challenge made for the SecTalks Brisbane 2017 Capture the Flag Event. Writeup/solution included.
capture-the-flag challenge challenges ctf ctf-challenges ctf-solutions ctf-writeups decompile ida radare2 reverse-engineering security vulnerable vulnerable-application writeup
Last synced: 16 Sep 2025
https://github.com/sectool/python-nikto-vulnerability-report-tool
Nikto Vulnerability Report Tool 🌌
nikto penetration-testing pentest-tool pentesting project python-application python-apps python-project report report-tool reporting security-scanner security-testing security-tools security-vulnerability vulnerabilities vulnerability vulnerability-report vulnerability-scanners vulnerable
Last synced: 18 Oct 2025
https://github.com/sec4you/vulnlabs
docker-compose bringing up multiple vulnerable applications inside containers.
docker docker-compose vulnerabilities vulnerable vulnerable-application vulnerable-container vulnerable-web-app
Last synced: 20 Jun 2025
https://github.com/bwireman/go-over
A tool to audit Erlang & Elixir dependencies, to make sure your ✨ gleam projects really sparkle!
audit beam cli dependencies dependency elixir erlang ghsa gleam javascript security security-audit security-tools tools vulnerable
Last synced: 28 Oct 2025
https://github.com/happyhackingspace/vulnerable-target
Vulnerable Target (VT) is a specialized tool designed for security professionals, researchers, and educators that creates intentionally vulnerable environments across multiple platforms.
cybersecurity repl security vulnerable
Last synced: 19 Apr 2025
https://github.com/lucasmartinelle/AnotherVulnerableWebApp
bugbounty dvwa php7 security training vulnerabilities vulnerable web
Last synced: 11 Jul 2025
https://github.com/omarkurt/ssjs
SSJS Web Shell Injection Case
injection-case ssjs-web vulnerable vulnerable-web-app
Last synced: 26 Jun 2025
https://github.com/demining/log4j-vulnerability
Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (Log4Shell). Attackers can exploit vulnerable servers by connecting over any protocol, such as HTTPS, and sending a specially crafted string.
attack bitcoin blockchain cve-2021-44228 hack hacking log4j log4js log4shell mining vulnerability vulnerability-scanner vulnerable
Last synced: 06 Sep 2025
https://github.com/videvelopers/vulnerable-flask-app
This is a vulnerable Flask web application designed to provide a lab environment for people who want to improve their web penetration testing skills. It includes multiple types of vulnerabilities for you to practice exploiting.
flask flask-application penetration-testing python vulnerable vulnerable-application vulnerable-flask-app
Last synced: 24 Sep 2025
https://github.com/ajinabraham/vulnerable_tornado_app
An intentionally vulnerable web application written in Python using Tornado
tornado vulnerable vulnerable-python-app
Last synced: 08 May 2025
https://github.com/justindperkins/vulnerable-serverless-application-python
Damn Vulnerable Serverless Application
aws aws-lambda serverless vulnerable
Last synced: 14 Apr 2025
https://github.com/demining/bitcoin-lightning-wallet-vulnerability
How to find a private key in binary code from Bitcoin Lightning Wallet Vulnerability in Quasar Framework
bitcoin bitcoin-wallet blockchain exploit hack hacking metasploit metasploit-framework privatekey vulnerability vulnerable
Last synced: 02 Jan 2026
https://github.com/roguecybersecuritychannel/vulnerable-driver-scanner
A script that webs scrapes multiple webpages for known vulnerable Windows Drivers, SHA256 hashes all system drivers, looks for matching driver names and SHA256 hashes.
antivirus blueteam blueteam-tools blueteaming-tools checker cyber-security cybersecurity cybersecurity-education cybersecurity-tools driver drivers edr python scanner vulenrability vulnerable windows windows-10 windows-11 windowsdriver
Last synced: 16 Jul 2025
https://github.com/l1ghtn1ng/mutillidae-ansible
Ansible playbook to install Mutillidae which is a vulnerable web app by design
ansible ansible-playbook infosec labs vulnerabilities vulnerable
Last synced: 11 Apr 2025
https://github.com/yanorei32/unsafebf
An unsafe brainfuck interpreter. It uses stack as memory directly.
brainfuck brainfuck-interpreter return-oriented-programming stack-smaching vulnerable
Last synced: 02 Jul 2025
https://github.com/sarperavci/exploitme
A collection of containerized security vulnerabilities including privilege escalation CVEs and SUID exploits for hands-on penetration testing practice.
ctf cybersecurity docker exploit penetration-testing privilege-escalation security security-training suid vagrant vulnerable
Last synced: 08 Jul 2025
https://github.com/9dl/websploit
New Exploit could be used to gather Vulnerable Links ( PoC )
cybersecurity exploit poc proof-of-concept vulnerable
Last synced: 02 Apr 2025
https://github.com/francescodisalesgithub/damnvulnerablewebserver
A SpringBoot Application that is vulnerable to value fuzzing
dummy fuzzing hacking spring-boot vulnerable webserver
Last synced: 22 Mar 2025
https://github.com/darkrelay-security-labs/linux-damn-vulnerable-thick-client
A Thick client app for linux, designed to be vulnerable. a.k.a. Linux-Damn-Vulnerable-Thick-Client or Linux-Thick-Client-GOAT
cybersecurity cybersecurity-tools dvwa goat hacking infosec linux security thick-client vulnerable
Last synced: 26 Feb 2025
https://github.com/jul10l1r4/modsec-vulneravel
Nginx + Modsecurity + Má configuração = Nego invadindo
docker-image modsecurity vulnerable xss-poc
Last synced: 14 Mar 2025
https://github.com/darkness4/dvwa-docker
A proper DVWA docker container.
docker docker-compose dvwa hacking php vulnerabilities vulnerable
Last synced: 12 Jun 2025
https://github.com/scav-enger/vanguard
Absolute Vulnerability Analytical Station > Conquer | Command | Control
analytics assessment automation bugbounty bugbounty-tool customization deepscan framework network-automation payload payload-generator readteam redteaming scan security vulnerability vulnerable
Last synced: 16 Aug 2025
https://github.com/fguisso/doryl-site-check
Just another vulnerable app. A Golang webapp that contains an example of a SSRF(Server Side Request Forgery) vulnerability and its main goal is to describe how a malicious user could exploit it.
goat hacktoberfest hacktoberfest-accepted security vulnerable
Last synced: 02 Mar 2025
https://github.com/madret/vuln_checker
Search for vulnerabilites in software or hardware and grab actionable CVE information.
advisories cve cve-search cve-searchsploit cves cves-finder database exploit exploits hardware known nist nvd poc powershell software vulnerabilities vulnerability vulnerability-research vulnerable
Last synced: 05 Mar 2025
https://github.com/phrutis/bip39scan3
Vulnerable generator libbitcoin v3.2 - bip39scan GPU brute
bip32 bip39 bip39scan brute entropy generator gpu libbitcoib mnemonic random vulnerable
Last synced: 28 Jul 2025
https://github.com/cuda8/32bit
Selling vulnerable bx explorer libbitcoin $100
btc bx bx-explorer entropy eth libbitcoin private-key seeds tokens vulnerable
Last synced: 10 Apr 2025
https://github.com/miozilla/gsccgs
gsccgs :guard::loudspeaker::chart_with_downwards_trend: : Security Command Center # Risk # Threats # Vulnerabilities # Compliance # Assets # Findings # Sources # Posture Management
analyze cis finding fix hipaa iso kubernetes nist remediate scc vulnerable
Last synced: 16 Nov 2025
https://github.com/phrutis/32bit
Selling vulnerable bx explorer libbitcoin $100
btc bx bx-explorer entropy eth libbitcoin private-key seeds tokens vulnerable
Last synced: 15 May 2025
https://github.com/ait-testbed/atb-ansible-customdpkg
Installs vulnerable packages from the local repository of the AECID-Testbed
ansible ansible-role atb debian repository testbed vulnerable
Last synced: 23 Feb 2025
https://github.com/ait-testbed/atb-ansible-awffullprivesc
AECID Testbed Ansible Role to create a privesc vulnerability on a server by installing awffull with weak permissions
aecid ansible ansible-role atb awffull privesc testbed vulnerable
Last synced: 23 Feb 2025
https://github.com/ait-testbed/atb-ansible-nextcloudrce
This ansible-role installs a vulnerable version(24.0.5) of nextcloud using docker compose
ansible ansible-role atb attackbed nextcloud testbed vulnerable
Last synced: 08 May 2025
https://github.com/platypew/vulnerable-services
Source code for all the vulnerabilities for ICT2204
Last synced: 11 Jun 2025
