OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Awesome Vulnerable Applications

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Twitter vulnerable snippets

:warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

Damn Vulnerable NodeJS Application

Intentionally vulnerable Android application.

A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Damn Vulnerable Web Application Docker container

A Broken Application - Very Vulnerable!

Web application with vulnerabilities found in real cases, both in pentests and in Bug Bounty programs.

Vulnerable Python Application To Learn Secure Development

Frida scripts for mobile application dynamic-analysis.

Damn Vulnerable eXtensive Training Environment

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

Vulnerable OTP/2FA Application written in PHP using Google Authenticator

An app with really insecure crypto. To be used to see/test/exploit weak cryptographic implementations as well as to learn a little bit more about crypto, without the need to dive deep into the math behind it

oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning

:microscope: A collection of test cases in the Java language. It contains examples for 112 different CWEs.

OpenSSH remote DOS exploit and vulnerable container

Vulnerable API for research and education

Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.

Repository to showcase various configuration recipes with various technologies

Vulnerable Target (VT) is a specialized tool designed for security professionals, researchers, and educators that creates intentionally vulnerable environments across multiple platforms.

MobSF related Presentations, Slides and Others.

FSL Test bench - Ansible playbook repository to setup a save environment for security auditing and testing. It can be used for teaching security testing methodologies, testing tools, learning, and playing.

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

Intentionally vulnerable Linux application for buffer overflow and RCE development practice

A broken-by-design Azure environment to practice and train security skills in the cloud domain.