Vulnerable API for educational purposes

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

WARNING: This is a vulnerable application to test the exploit for the Jetpack < 13.9.1 broken access control (CVE-2024-9926). Run it at your own risk!

A deliberately insecure Java web application

WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2023-39362). Run it at your own risk!

Vulnerable Grade Management System

A vulnerable lab for understanding difference between LFI and File Retrieval

vulnerable web application

Oversecured Vulnerable Android App

📧 [Research] E-Mail Injection: Vulnerable applications

Rebujito is a fork of IppSec.Rocks and serves as a repo for hacking tools and other resources such as vulnerable apps, cheatsheets or methodologies.

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

Oversecured Vulnerable iOS App

testcases developed for research

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

VulnerableApp-facade is probably most modern lightweight distributed farm of Vulnerable Applications built for handling wide range of vulnerabilities across tech stacks.

DIBBA is an intentionally vulnerable Android application that makes the process of learning about Android Building Blocks more fun and interactive. Each activity contains a different CTF challenge

GCP GOAT is the vulnerable application for learn the GCP Security

A TUI enviorment for vulnerable app containers.

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.