Skip to content
@vulnerable-apps

vulnerable-apps

Over 100 forks of deliberately vulnerable web applications and APIs.

Pinned Loading

  1. awesome-vulnerable Public template

    Forked from kaiiyer/awesome-vulnerable

    A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

    35 8

  2. vuln_node_express Public

    Forked from kaakaww/vuln_node_express

    JavaScript 10

  3. dvpwa Public

    Forked from anxolerd/dvpwa

    Damn Vulnerable Python Web App

    Python 2 16

  4. javaspringvulny Public

    Forked from kaakaww/javaspringvulny

    javaspringvulny - a Spring Boot web application built wrong on purpose

    Java 13

  5. VulnLab Public

    Forked from Yavuzlar/VulnLab

    CSS 2 3

Repositories

Showing 10 of 153 repositories
  • verademo Public Forked from veracode/verademo

    A deliberately insecure Java web application

    Java 0 MIT 398 0 4 Updated Feb 7, 2025
  • juice-shop Public Forked from juice-shop/juice-shop

    OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

    TypeScript 1 MIT 12,023 0 5 Updated Feb 2, 2025
  • vulnerable-rest-api Public Forked from bnematzadeh/vulnerable-rest-api

    A vulnerable RESTful application written in Node and React based on OWASP API security top 10 2023 edition.

    JavaScript 0 MIT 21 0 2 Updated Jan 17, 2025
  • nosql-injection-vulnapp Public Forked from aabashkin/nosql-injection-vulnapp

    NIVA is a simple web application which is intentionally vulnerable to NoSQL injection. The purpose of this project is to facilitate a better understanding of the NoSQL injection vulnerability among a wide audience of software engineers, security engineers, pentesters, and trainers.

    Java 0 MIT 12 0 1 Updated Nov 12, 2024
  • simple-ssrf Public

    Simple deliberately vulnerable API demonstrating Server-Side Request Forgery (SSRF).

    Python 0 3 0 4 Updated Nov 9, 2024
  • terragoat Public Forked from bridgecrewio/terragoat

    TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

    HCL 0 Apache-2.0 5,439 0 0 Updated Nov 8, 2024
  • SSRF_Vulnerable_Lab Public Forked from incredibleindishell/SSRF_Vulnerable_Lab

    This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

    PHP 0 MIT 183 0 0 Updated Nov 8, 2024
  • Vulnerable-JWT Public Forked from agaosto/Vulnerable-JWT

    Collection of vulnerable APIs/apps to test JWT attacks

    JavaScript 2 4 0 8 Updated Oct 31, 2024
  • crazy-vulnerable-nodejs-application Public Forked from shieldfy/crazy-vulnerable-nodejs-application

    CVNA

    JavaScript 0 17 0 1 Updated Oct 26, 2024
  • yrpreyTasksNodeJS Public Forked from yrprey/yrpreyTasksNodeJS
    PHP 0 3 0 2 Updated Oct 20, 2024
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.