OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

Pre-Built Vulnerable Environments Based on Docker-Compose

A laboratory for learning secure web and mobile development in a practical manner.

A simple web app with a XXE vulnerability.

Labs built in docker to cover NSE lessons

Damn Vulnerable WordPress

App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

Repo for all the SKF Docker lab examples

A NoSQL Injectable Node App

LDAP Injection Vulnerability Application(Blog Sample Code)

The Internetwache CTF 2016 repository

completely ridiculous API (crAPI)

This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).