Damn Small Vulnerable Web
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
README.md Update README.md Jan 10, 2016
dsvw.py Fixes #2 Dec 3, 2016



Damn Small Vulnerable Web Python 2.6|2.7 License

Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes. It supports majority of (most popular) web application vulnerabilities together with appropriate attacks.


Quick start

Run the following command:

$ python dsvw.py 
Damn Small Vulnerable Web (DSVW) < 100 LoC (Lines of Code) #v0.1k
 by: Miroslav Stampar (@stamparm)

[i] running HTTP server at ''...

and navigate your browser to



Python (2.6.x or 2.7.x) is required for running this program. Items XML External Entity (local), XML External Entity (remote) and Blind XPath Injection (boolean) require installation of python-lxml (e.g. apt-get install python-lxml). Otherwise, those will be disabled.