From b8a14c537b7efd3c274933fea5cf708bbfd515e6 Mon Sep 17 00:00:00 2001 From: pentesttools-com <139468926+pentesttools-com@users.noreply.github.com> Date: Sat, 6 Jan 2024 13:21:34 +0200 Subject: [PATCH] Sorted by name key --- src/data/collection.json | 3348 +++++++++++++++++++------------------- 1 file changed, 1674 insertions(+), 1674 deletions(-) diff --git a/src/data/collection.json b/src/data/collection.json index 5dc555d..51495fa 100644 --- a/src/data/collection.json +++ b/src/data/collection.json @@ -1,2851 +1,2851 @@ [ { - "url": "https://github.com/jerryhoff/WebGoat.NET", - "name": ".NET Goat", + "author": "Younes Jaaidi (yjaaidi)", + "badge": "marmicode/websheep", "collection": [ "offline" ], + "name": "websheep", + "notes": " Websheep is an app based on a willingly vulnerable ReSTful APIs.", + "references": [ + { + "name": "guide", + "url": "https://github.com/marmicode/websheep" + } + ], "technology": [ - "C#" + "Angular", + "JavaScript", + "Node" ], - "references": [], - "author": "OWASP", - "notes": "Original main repo: http://github.com/jerryhoff/WebGoat.NET. Others: https://github.com/rapPayne/WebGoat.Net , https://github.com/jowasp/WebGoat.NET.", - "badge": "jerryhoff/WebGoat.NET" + "url": "https://github.com/marmicode/websheep" }, { - "url": "http://testphp.vulnweb.com", - "name": "Acuart", + "author": "Matthew Valdes", + "badge": "mattvaldes/vulnerable-api", "collection": [ - "online" - ], - "technology": [ - "PHP" + "offline" ], + "name": "vulnerable-api", + "notes": null, "references": [ { - "name": "live", - "url": "http://testphp.vulnweb.com" + "name": "download", + "url": "http://github.com/mattvaldes/vulnerable-api" } ], - "author": "Acunetix", - "notes": "Art shopping", - "badge": null + "technology": [ + "Python" + ], + "url": "https://github.com/mattvaldes/vulnerable-api" }, { - "url": "http://demo.testfire.net/", - "name": "Altoro Mutual (AltoroJ)", + "author": "Tushar Kulkarni", + "badge": "roottusk/vapi", "collection": [ - "online", "offline" ], - "technology": [ - "J2EE" - ], + "name": "vAPI", + "notes": "vAPI is a Vulnerable Interface that demonstrates the OWASP API Top 10 vulnerabilities in the means of exercises", "references": [ { - "name": "download", - "url": "https://github.com/HCL-TECH-SOFTWARE/AltoroJ" + "name": "guide", + "url": "https://github.com/roottusk/vapi/blob/master/README.md" }, { - "name": "live", - "url": "http://demo.testfire.net/" + "name": "docker", + "url": "https://hub.docker.com/r/roottusk/vapi" } ], - "author": "IBM/Watchfire", - "notes": "Log in with jsmith/demo1234 or admin/admin", - "badge": "hclproducts/AltoroJ" + "technology": [ + "PHP" + ], + "url": "https://github.com/roottusk/vapi" }, { - "url": "https://github.com/satishpatnayak/AndroGoat", - "name": "AndroGoat", + "author": "Sakti Dwi Cahyono", + "badge": "sakti/twitterlike", "collection": [ - "mobile" - ], - "technology": [ - "Kotlin", - "Android" + "offline" ], + "name": "twitterlike", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk" + "url": "http://github.com/sakti/twitterlike" } ], - "author": "satishpatnayak", - "notes": null, - "badge": "satishpatnayak/AndroGoat" + "technology": [ + "PHP" + ], + "url": "https://github.com/sakti/twitterlike" }, { - "url": "https://github.com/digininja/authlab", - "name": "AuthLab", + "author": null, + "badge": "playframework/play-webgoat", "collection": [ - "offline", - "online" + "offline" ], + "name": "play-webgoat", + "notes": null, + "references": [], "technology": [ - "GO" + "Java", + "Scala", + "Play Framework" + ], + "url": "https://github.com/playframework/play-webgoat" + }, + { + "author": "Sjoerd Langkemper (Sjord)", + "badge": "Sjord/jwtdemo", + "collection": [ + "offline" ], + "name": "jwtdemo", + "notes": "Practice hacking JWT tokens.", "references": [ { "name": "guide", - "url": "https://digi.ninja/projects/authlab.php" - }, - { - "name": "live", - "url": "https://authlab.digi.ninja/" + "url": "https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/" } ], - "author": "digininja (Robin Wood)", - "notes": null, - "badge": "digininja/authlab" + "technology": [ + "PHP" + ], + "url": "https://github.com/Sjord/jwtdemo/" }, { - "url": "http://www.bgabank.com/", - "name": "BGA Vulnerable BANK App", + "author": "Omer Levi Hevroni", + "badge": "omerlh/insecure-deserialisation-net-poc", "collection": [ - "online" + "offline" ], + "name": "insecure-deserialisation-net-poc", + "notes": "A small webserver vulnerable to insecure deserialization", + "references": [], "technology": [ - ".NET" + ".NET", + "JSON", + "yoserial.NET" + ], + "url": "https://github.com/omerlh/insecure-deserialisation-net-poc" + }, + { + "author": "albinowax", + "badge": null, + "collection": [ + "offline", + "online" ], + "name": "hackxor", + "notes": "First 2 levels online, rest offline. Web application hacking game via missions, based on real vulnerabilities.", "references": [ { "name": "live", - "url": "http://www.bgabank.com/" + "url": "https://hackxor.net" } ], - "author": "BGA Security", - "notes": null, - "badge": null + "technology": [], + "url": "http://hackxor.sourceforge.net/cgi-bin/index.pl" }, { - "url": "http://sourceforge.net/projects/bwapp/files/bee-box/", - "name": "Bee-Box", + "author": "@snoopysecurity", + "badge": "snoopysecurity/dvws-node", "collection": [ + "offline", "container" ], + "name": "dvws-node", + "notes": null, + "references": [ + { + "name": "guide", + "url": "https://github.com/snoopysecurity/dvws-node/wiki" + } + ], "technology": [ - "VMware" + "Web Services", + "NodeJS" ], - "references": [], - "author": null, - "notes": null, - "badge": null + "url": "https://github.com/snoopysecurity/dvws-node" }, { - "url": "https://github.com/psiinon/bodgeit", - "name": "BodgeIt Store", + "author": "Paulo Silva", + "badge": "OWASP/crAPI", "collection": [ "offline", "container" ], - "technology": [ - "Java" - ], + "name": "crAPI", + "notes": null, "references": [ { - "name": "download", - "url": "http://github.com/psiinon/bodgeit/releases/latest" - }, - { - "name": "docker", - "url": "https://hub.docker.com/r/psiinon/bodgeit" + "name": "downloads", + "url": "https://github.com/OWASP/crAPI" } ], - "author": "Simon Bennetts (psiinon)", - "notes": null, - "badge": "psiinon/bodgeit" + "technology": [ + "Go", + "nginx" + ], + "url": "https://owasp.org/www-project-crapi/" }, { - "url": "http://sechow.com/bricks/index.html", - "name": "Bricks", + "author": null, + "badge": null, "collection": [ "offline" ], - "technology": [ - "PHP" - ], + "name": "bWAPP", + "notes": null, "references": [ { "name": "download", - "url": "http://sechow.com/bricks/download.html" + "url": "http://sourceforge.net/projects/bwapp/files/" }, { "name": "guide", - "url": "http://sechow.com/bricks/docs/" + "url": "http://itsecgames.blogspot.be/2013/01/bwapp-installation.html" } ], - "author": "OWASP", - "notes": null, - "badge": null + "technology": [ + "PHP" + ], + "url": "http://www.itsecgames.com/" }, { - "url": "https://github.com/NeuraLegion/brokencrystals#vulnerabilities-overview", - "name": "Broken Crystals", + "author": "Micro Focus Fortify (was HP/SpiDynamics)", + "badge": null, "collection": [ - "offline", "online" ], - "technology": [ - "react", - "Node", - "Swagger" - ], + "name": "Zero Bank", + "notes": "(username/password)", "references": [ { "name": "live", - "url": "https://brokencrystals.com/" + "url": "http://zero.webappsecurity.com" } ], - "author": "NeuraLegion", - "notes": null, - "badge": "NeuraLegion/brokencrystals" + "technology": [], + "url": "http://zero.webappsecurity.com/" }, { - "url": "https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project", - "name": "Broken Web Applications Project (BWA) - OWASP", + "author": "@s4n7h0, @samanL33T", + "badge": "s4n7h0/xvwa", "collection": [ - "container" - ], - "technology": [ - "VMware" + "offline" ], + "name": "Xtreme Vulnerable Web Application (XVWA)", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/chuckfw/owaspbwa/" - }, - { - "name": "download", - "url": "https://sourceforge.net/projects/owaspbwa/files/" + "url": "http://github.com/s4n7h0/xvwa" } ], - "author": "OWASP - Chuck Willis", - "notes": null, - "badge": null + "technology": [ + "PHP", + "MySQL" + ], + "url": "https://github.com/s4n7h0/xvwa" }, { - "url": "http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project/", - "name": "Butterfly Security Project", + "author": "Joshua Barone", + "badge": "jbarone/xxelab", "collection": [ + "container", "offline" ], + "name": "XXE Lab", + "notes": null, + "references": [], "technology": [ - "PHP" - ], - "references": [ - { - "name": "download", - "url": "http://sourceforge.net/projects/thebutterflytmp/files/" - } + "docker", + "vagrant" ], - "author": null, - "notes": "Last updated in 2008", - "badge": null + "url": "https://github.com/jbarone/xxelab" }, { - "url": "https://ctflearn.com/", - "name": "CTFLearn", + "author": null, + "badge": null, "collection": [ - "online" + "container" ], - "technology": [], + "name": "XXE", + "notes": null, "references": [ { - "name": "live", - "url": "https://ctflearn.com/" + "name": "download", + "url": "http://sourceforge.net/projects/xxe/files/" } ], - "author": "@ctflearn", - "notes": null, - "badge": null + "technology": [ + "VMware" + ], + "url": "http://xxe.sourceforge.net/" }, { - "url": "http://github.com/convisolabs/CVWA", - "name": "CVWA - Conviso Vulnerable Web Application", + "author": "Jeroen Willemsen (@commjoen), Ben de Haan (@bendehaan), Nanne Baars (@nbaars)", + "badge": "commjoen/wrongsecrets", "collection": [ "offline" ], - "technology": [ - "PHP" - ], + "name": "WrongSecrets", + "notes": "OWASP WrongSecrets is a vulnerable app used to show how to not use secrets.", "references": [ { "name": "download", - "url": "http://github.com/convisolabs/CVWA" + "url": "https://github.com/commjoen/wrongsecrets" } ], - "author": "Conviso AppSec", - "notes": null, - "badge": "convisolabs/CVWA" + "technology": [ + "JavaScript", + "Java", + "Hashicorp Vault", + "Kubernetes", + "Docker", + "AWS", + "GCP" + ], + "url": "https://github.com/commjoen/wrongsecrets" }, { - "url": "https://github.com/RhinoSecurityLabs/cloudgoat", - "name": "CloudGoat", + "author": "OWASP", + "badge": "OWASP/OWASPWebGoatPHP", "collection": [ - "offline", - "container" - ], - "technology": [ - "Python", - "AWS" + "offline" ], + "name": "WebGoatPHP", + "notes": null, "references": [ { - "name": "guide", - "url": "https://medium.com/@rzepsky/playing-with-cloudgoat-part-1-hacking-aws-ec2-service-for-privilege-escalation-4c42cc83f9da" - }, - { - "name": "announcement", - "url": "https://rhinosecuritylabs.com/aws/cloudgoat-vulnerable-design-aws-environment/" + "name": "download", + "url": "http://github.com/OWASP/OWASPWebGoatPHP" }, { - "name": "docker", - "url": "https://hub.docker.com/r/rhinosecuritylabs/cloudgoat" + "name": "downloads", + "url": "https://github.com/OWASP/OWASPWebGoatPHP/blob/master/README.md" } ], - "author": "Rhino Security Labs", - "notes": null, - "badge": "RhinoSecurityLabs/cloudgoat" - }, - { - "url": "https://github.com/SpiderLabs/CryptOMG", - "name": "CryptOMG", - "collection": [ - "offline" - ], "technology": [ "PHP" ], - "references": [ - { - "name": "download", - "url": "http://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/" - } - ], - "author": "SpiderLabs", - "notes": null, - "badge": "SpiderLabs/CryptOMG" + "url": "https://www.owasp.org/index.php/WebGoatPHP" }, { - "url": "https://cyberscavengerhunt.com", - "name": "Cyber Scavenger Hunt", + "author": "OWASP", + "badge": "WebGoat/WebGoat", "collection": [ - "online" - ], - "technology": [ - "Javacript", - "React" + "offline" ], + "name": "WebGoat", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/arthurakay/cyberscavengerhunt" + "url": "https://github.com/WebGoat/WebGoat/releases" }, { - "name": "live", - "url": "https://cyberscavengerhunt.com" + "name": "guide", + "url": "https://owasp.org/www-project-webgoat/" + }, + { + "name": "docker", + "url": "https://hub.docker.com/r/webgoat/goatandwolf" } ], - "author": "Arthur Kay", - "notes": "A simple scavenger hunt to learn about pentesting a website or web application.", - "badge": "arthurakay/cyberscavengerhunt" - }, - { - "url": "https://github.com/fridaygoldsmith/bwa_cyclone_transfers", - "name": "Cyclone Transfers", - "collection": [ - "offline" - ], "technology": [ - "Ruby on Rails" + "Java" ], - "references": [], - "author": null, - "notes": null, - "badge": "fridaygoldsmith/bwa_cyclone_transfers" + "url": "https://webgoat.github.io/WebGoat/" }, { - "url": "https://github.com/snsttr/diwa", - "name": "DIWA - Deliberately Insecure Web Application", + "author": null, + "badge": null, "collection": [ - "offline", "container" ], - "technology": [ - "PHP", - "Docker" - ], + "name": "Web Security Dojo", + "notes": null, "references": [ { - "name": "guide", - "url": "https://github.com/snsttr/diwa/tree/master/docs" + "name": "download", + "url": "http://sourceforge.net/projects/websecuritydojo/files/" } ], - "author": "Tim Steufmehl", - "notes": "A Deliberately Insecure Web Application", - "badge": "snsttr/diwa" + "technology": [ + "VMware", + "VirtualBox" + ], + "url": "http://www.mavensecurity.com/web_security_dojo/" }, { - "url": "https://github.com/stamparm/DSVW", - "name": "Damn Small Vulnerable Web (DSVW)", + "author": null, + "badge": "adamdoupe/WackoPicko", "collection": [ "offline" ], + "name": "WackoPicko", + "notes": null, + "references": [ + { + "name": "download", + "url": "http://github.com/adamdoupe/WackoPicko/zipball/master" + } + ], "technology": [ - "Python" + "PHP" ], - "references": [], - "author": "Miroslav Stampar", - "notes": null, - "badge": "stamparm/DSVW" + "url": "https://github.com/adamdoupe/WackoPicko" }, { - "url": "https://github.com/AvalZ/DVAS", - "name": "Damn Vulnerable Application Scanner (DVAS)", + "author": null, + "badge": null, "collection": [ "offline" ], - "technology": [ - "PHP" - ], + "name": "WIVET- Web Input Vector Extractor Teaser", + "notes": null, "references": [ { - "name": "guide", - "url": "https://ceur-ws.org/Vol-2940/paper36.pdf" + "name": "download", + "url": "http://www.webguvenligi.org/projeler/wivet" }, { - "name": "announcement", - "url": "https://avalz.it/research/metasploit-pro-xss-to-rce/" + "name": "downloads", + "url": "https://code.google.com/p/wivet/downloads/list?can=1&q=" } ], - "author": "Andrea Valenza, Enrico Russo, Gabriele Costa", - "notes": "An intentionally vulnerable web application scanner", - "badge": "AvalZ/DVAS" + "technology": [], + "url": "https://code.google.com/p/wivet/" }, { - "url": "https://github.com/rewanthtammana/Damn-Vulnerable-Bank", - "name": "Damn Vulnerable Bank", + "author": "Shay Chen", + "badge": "sectooladdict/wavsep", "collection": [ - "mobile" - ], - "technology": [ - "android" + "offline" ], + "name": "WAVSEP - Web Application Vulnerability Scanner Evaluation Project", + "notes": null, "references": [ { - "name": "guide", - "url": "https://rewanthtammana.com/damn-vulnerable-bank/" + "name": "download", + "url": "http://sourceforge.net/projects/wavsep/" + }, + { + "name": "downloads", + "url": "https://code.google.com/p/wavsep/downloads/list" + }, + { + "name": "downloads", + "url": "https://github.com/sectooladdict/wavsep/wiki" } ], - "author": "Rewanth Tammana, Akshansh Jaiswal, Hrushikesh Kakade", - "notes": null, - "badge": "rewanthtammana/Damn-Vulnerable-Bank" + "technology": [ + "Java" + ], + "url": "https://github.com/sectooladdict/wavsep" }, { - "url": "https://github.com/njmulsqb/DVEA/", - "name": "Damn Vulnerable Electron App (DVEA)", + "author": " Context Information Security", + "badge": "ctxis/VulnerableXsltConsoleApplication", "collection": [ "offline" ], + "name": "VulnerableXsltConsoleApplication", + "notes": "This is a console app, however it relates to an issues that is relevant to web apps: use of XSLT transforms for XML files.", + "references": [], "technology": [ - "ElectronJS" - ], - "references": [ - { - "name": "announcement", - "url": "https://njmulsqb.github.io/2023/01/03/releasing-DVEA.html" - }, - { - "name": "download", - "url": "https://github.com/njmulsqb/DVEA/" - } + ".Net" ], - "author": "Najam Ul Saqib (cybersoldier)", - "notes": "A deliberately insecure ElectronJS application", - "badge": "njmulsqb/DVEA" + "url": "https://github.com/ctxis/VulnerableXsltConsoleApplication" }, { - "url": "https://github.com/LunaM00n/File-Upload-Lab", - "name": "Damn Vulnerable File Upload - DVFU", + "author": "yogisec", + "badge": "yogisec/VulnerableSAMLApp", "collection": [ "offline" ], + "name": "Vulnerable SAML App", + "notes": null, + "references": [], "technology": [ - "PHP" + "Python" ], - "references": [], - "author": "Thin Ba Shane (@art0flunam00n)", - "notes": null, - "badge": "LunaM00n/File-Upload-Lab" + "url": "https://github.com/yogisec/VulnerableSAMLApp" }, { - "url": "https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service", - "name": "Damn Vulnerable Functions as a Service (DVFaaS)", + "author": "mddanish", + "badge": "mddanish/Vulnerable-OTP-Application", "collection": [ "offline" ], + "name": "Vulnerable OTP App", + "notes": null, + "references": [], "technology": [ - "Python", - "AWS" - ], - "references": [ - { - "name": "guide", - "url": "https://www.slideshare.net/abhaybhargav/an-attackers-view-of-serverless-and-graphql-apps-abhay-bhargav-appsec-california-2019" - } + "PHP", + "Google OTP" ], - "author": "we45 (Abhay Bhargav)", - "notes": null, - "badge": "we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service" + "url": "https://github.com/mddanish/Vulnerable-OTP-Application" }, { - "url": "https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application", - "name": "Damn Vulnerable GraphQL Application (DVGA)", + "author": "Zachary Conger", + "badge": "kaakaww/vuln_node_express", "collection": [ - "container", "offline" ], + "name": "Vulnerable Node Express", + "notes": "SQLi and XSS", + "references": [], "technology": [ - "Python", - "HTML", - "Javascript", - "GraphQL", - "SQLAlchemy", - "docker" + "Node.js", + "Express" ], - "references": [], - "author": "Dolev Farhi , Connor McKinnon", - "notes": null, - "badge": "dolevf/Damn-Vulnerable-GraphQL-Application" + "url": "https://github.com/kaakaww/vuln_node_express" }, { - "url": "https://github.com/isp1r0/DVNA", - "name": "Damn Vulnerable Node Application - DVNA", + "author": "Cyber Security and Privacy Foundation", + "badge": "CSPF-Founder/JavaVulnerableLab", "collection": [ "offline" ], + "name": "Vulnerable Java Web Application", + "notes": null, + "references": [], "technology": [ - "Node.js" + "Java" ], - "references": [], - "author": "Claudio Lacayo", - "notes": null, - "badge": "isp1r0/DVNA" + "url": "https://github.com/CSPF-Founder/JavaVulnerableLab/" }, { - "url": "https://github.com/appsecco/dvna", - "name": "Damn Vulnerable NodeJS Application - DVNA", + "author": "ScaleSec", + "badge": "ScaleSec/vulnado", "collection": [ - "offline" + "container" ], + "name": "Vulnado", + "notes": "Purposely vulnerable Java application to help lead secure coding workshops", + "references": [], "technology": [ - "Node.js" + "Java", + "Docker" ], - "references": [], - "author": "@appsecco", - "notes": "Different project from the old DVNA", - "badge": "appsecco/dvna" + "url": "https://github.com/ScaleSec/vulnado" }, { - "url": "https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications", - "name": "Damn Vulnerable OAuth 2.0 Applications", + "author": "Yavuzlar (siberyavuzlar.com)", + "badge": "Yavuzlar/VulnLab", "collection": [ "offline" ], - "technology": [ - "MEAN", - "Docker", - "OAuth 2.0" - ], + "name": "VulnLab", + "notes": "A web vulnerability lab project developed by Yavuzlar.", "references": [], - "author": "Koen Buyens", - "notes": "A set of vulnerable applications which show Oauth2.0 vulnerabilities.", - "badge": "koenbuyens/Vulnerable-OAuth-2.0-Applications" - }, - { - "url": "https://github.com/anxolerd/dvpwa", - "name": "Damn Vulnerable Python Web Application - DVPWA", - "collection": [ - "offline" - ], "technology": [ - "Python", + "PHP", "Docker" ], - "references": [], - "author": "Oleksandr Kovalchuk", - "notes": null, - "badge": "anxolerd/dvpwa" + "url": "https://github.com/Yavuzlar/VulnLab" }, { - "url": "https://github.com/OWASP/DVSA", - "name": "Damn Vulnerable Serverless App (DVSA)", + "author": null, + "badge": null, "collection": [ - "offline" - ], - "technology": [ - "Node", - "AWS", - "Azure" + "container" ], + "name": "Virtual Hacking Lab", + "notes": null, "references": [ { - "name": "guide", - "url": "https://github.com/OWASP/DVSA/tree/master/AWS/LESSONS" + "name": "download", + "url": "http://sourceforge.net/projects/virtualhacking/files/" } ], - "author": "Protego Labs", - "notes": null, - "badge": "OWASP/DVSA" + "technology": [ + "ZIP" + ], + "url": "http://sourceforge.net/projects/virtualhacking/" }, { - "url": "https://github.com/silentsignal/damn-vulnerable-stateful-web-app", - "name": "Damn Vulnerable Stateful WebApp", + "author": "Detectify", + "badge": "detectify/Varnish-H2-Request-Smuggling", "collection": [ "offline" ], - "technology": [ - "PHP" - ], + "name": "Varnish HTTP/2 Request Smuggling", + "notes": "A docker-compose file to setup a local environment that is vulnerable to CVE-2021-36740 Varnish HTTP/2 request smuggling, presented by Albinowax at Blackhat/Defcon 2021.", "references": [ { - "name": "download", - "url": "http://www.sans.org/reading-room/whitepapers/testing/testing-stateful-web-application-workflows-36637" + "name": "announcement", + "url": "https://twitter.com/berg0x00/status/1431027889064058885" } ], - "author": "dnet", - "notes": null, - "badge": "silentsignal/damn-vulnerable-stateful-web-app" + "technology": [ + "Varnish", + "HTTP/2" + ], + "url": "https://github.com/detectify/Varnish-H2-Request-Smuggling" }, { - "url": "https://github.com/digininja/DVWA", - "name": "Damn Vulnerable Web Application - DVWA", + "author": "erev0s", + "badge": "erev0s/VAmPI", "collection": [ - "offline", "container" ], - "technology": [ - "PHP" - ], + "name": "VAmPI", + "notes": null, "references": [ { - "name": "download", - "url": "https://github.com/digininja/DVWA" + "name": "guide", + "url": "https://thetesttherapist.com/2022/02/13/api-security-testing-with-postman-and-owasp-zap/" }, { - "name": "docker", - "url": "https://github.com/digininja/DVWA#docker" + "name": "announcement", + "url": "https://erev0s.com/blog/vampi-vulnerable-api-security-testing/" } ], - "author": "RandomStorm", - "notes": null, - "badge": "ethicalhack3r/DVWA" - }, - { - "url": "https://github.com/snoopysecurity/dvws", - "name": "Damn Vulnerable Web Services", - "collection": [ - "offline" - ], "technology": [ - "Web Services" + "python", + "docker", + "OpenAPI" ], - "references": [], - "author": "snoopysecurity", - "notes": null, - "badge": "snoopysecurity/dvws" + "url": "https://github.com/erev0s/VAmPI" }, { - "url": "https://github.com/interference-security/DVWS", - "name": "Damn Vulnerable Web Sockets", + "author": "lucideus", + "badge": "lucideus-repo/UnSAFE_Bank", "collection": [ "offline" ], + "name": "UnSAFE Bank", + "notes": "Web, Android and iOS application", + "references": [], "technology": [ - "Web Sockets" + "Docker" ], - "references": [], - "author": "@appsecco", - "notes": null, - "badge": "interference-security/DVWS" + "url": "https://github.com/lucideus-repo/UnSAFE_Bank" }, { - "url": "https://defendtheweb.net/", - "name": "Defend the Web", + "author": "@payatu", + "badge": "payatu/Tiredful-API", "collection": [ - "online" + "offline" ], - "technology": [], + "name": "Tiredful API", + "notes": null, "references": [ { - "name": "live", - "url": "https://defendtheweb.net/" + "name": "download", + "url": "http://github.com/payatu/Tiredful-API" } ], - "author": "Luke [flabbyrabbit]", - "notes": "Formerly HackThis", - "badge": null - }, - { - "url": "https://github.com/red-and-black/DjangoGoat", - "name": "DjangoGoat", - "collection": [ - "offline" - ], "technology": [ "Python", "Django" ], - "references": [], - "author": "Red and Black", - "notes": null, - "badge": "red-and-black/DjangoGoat" + "url": "https://github.com/payatu/Tiredful-API" }, { - "url": "https://github.com/k-tamura/easybuggy", - "name": "EasyBuggy", + "author": null, + "badge": "dhatanian/ticketmagpie", "collection": [ "offline" ], - "technology": [ - "Java" - ], + "name": "TicketMagpie", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/k-tamura/easybuggy/releases" - }, - { - "name": "guide", - "url": "https://github.com/k-tamura/easybuggy/wiki" + "url": "http://github.com/dhatanian/ticketmagpie" } ], - "author": "Kohei Tamura", - "notes": null, - "badge": "k-tamura/easybuggy" + "technology": [ + "Java" + ], + "url": "https://github.com/dhatanian/ticketmagpie" }, { - "url": "http://sourceforge.net/projects/exploitcoilvuln/files/", - "name": "Exploit.co.il Vuln Web App", + "author": "Solyd", + "badge": null, "collection": [ - "container" + "online" ], + "name": "Solyd - Introdução ao Hacking e Pentest", + "notes": "In Portuguese (Português) - Free online trainning with free online lab", + "references": [], "technology": [ - "VMware" - ], - "references": [ - { - "name": "download", - "url": "http://sourceforge.net/projects/exploitcoilvuln/files/" - } + "PHP", + "Linux" ], - "author": null, - "notes": null, - "badge": null + "url": "http://solyd.com.br/treinamentos/introducao-ao-hacking-e-pentest" }, { - "url": "https://github.com/vegabird/xvna", - "name": "Extreme Vulnerable Node Application", + "author": "Acunetix", + "badge": null, "collection": [ - "offline" - ], - "technology": [ - "NodeJS" + "online" ], + "name": "Security Tweets", + "notes": "HTML5", "references": [ { - "name": "download", - "url": "https://github.com/vegabird/xvna" + "name": "live", + "url": "http://testhtml5.vulnweb.com" } ], - "author": "vegabird", - "notes": null, - "badge": "vegabird/xvna" + "technology": [], + "url": "http://testhtml5.vulnweb.com/" }, { - "url": "https://public-firing-range.appspot.com/", - "name": "Firing Range", + "author": "OWASP", + "badge": "OWASP/SecurityShepherd", "collection": [ - "online" + "offline" ], - "technology": [], + "name": "Security Shepherd", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/google/firing-range" - }, - { - "name": "live", - "url": "https://public-firing-range.appspot.com/" + "url": "https://github.com/OWASP/SecurityShepherd" } ], - "author": "Google", - "notes": null, - "badge": "google/firing-range" + "technology": [ + "Java" + ], + "url": "https://owasp.org/www-project-security-shepherd/" }, { - "url": "https://github.com/Orange-Cyberdefense/GOAD", - "name": "Game of Active Directory", + "author": "DataDog", + "badge": "DataDog/security-labs-pocs", "collection": [ "container" ], + "name": "Security Labs & POCs", + "notes": null, + "references": [], "technology": [ - "Windows", - "Active Directory" + "docker", + "Kubernetes", + "PiPy", + "OpenSSL", + "JWT" ], + "url": "https://github.com/DataDog/security-labs-pocs" + }, + { + "author": "Globo", + "badge": "globocom/secDevLabs", + "collection": [ + "offline" + ], + "name": "SecDevLabs", + "notes": "Repository with many intentionally vulnerable web applications. Includes attack narratives and docker options for each app.", "references": [ { "name": "guide", - "url": "https://mayfly277.github.io/categories/ad/" + "url": "https://github.com/globocom/secDevLabs" } ], - "author": "Orange-Cyberdefense", - "notes": "Requires a considerably powerful system", - "badge": "Orange-Cyberdefense/GOAD" + "technology": [ + "Go", + "NodeJS", + "Python", + "PHP", + "React", + "Angular/Spring", + "Dart/Flutter" + ], + "url": "https://github.com/globocom/secDevLabs" }, { - "url": "http://www.gameofhacks.com/", - "name": "Game of Hacks", + "author": null, + "badge": null, "collection": [ - "online" - ], - "technology": [ - "Node", - "Express.js" + "container" ], + "name": "Sauron", + "notes": null, "references": [ { - "name": "live", - "url": "http://www.gameofhacks.com/" + "name": "download", + "url": "http://sg6-labs.blogspot.com/search/label/SecGame" } ], - "author": "Checkmarx", - "notes": null, - "badge": null + "technology": [ + "Quemu" + ], + "url": "http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html" }, { - "url": "http://sourceforge.net/projects/null-gameover/", - "name": "GameOver", + "author": null, + "badge": null, "collection": [ "container" ], - "technology": [ - "VMware" - ], + "name": "Samurai WTF", + "notes": null, "references": [ { "name": "download", - "url": "http://sourceforge.net/projects/null-gameover/files/" + "url": "http://sourceforge.net/projects/samurai/files/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "ISO" + ], + "url": "http://www.samurai-wtf.org/" }, { - "url": "https://github.com/InsiderPhD/Generic-University", - "name": "Generic-University", + "author": "incredibleindishell, Mohammed Farhan", + "badge": "incredibleindishell/SSRF_Vulnerable_Lab", "collection": [ - "container", "offline" ], - "technology": [ - "PHP", - "docker", - "API", - "GraphQL", - "MySQL", - "Laravel" - ], - "references": [], - "author": " Katie Paxton-Fear ", + "name": "SSRF Vuln Lab", "notes": null, - "badge": "InsiderPhD/Generic-University" - }, - { - "url": "https://ginandjuice.shop/", - "name": "Gin & Juice Shop", - "collection": [ - "online" - ], - "technology": [ - "JavaScript", - "AngularJS", - "React", - "CSRF" - ], "references": [ { - "name": "announcement", - "url": "https://portswigger.net/blog/gin-and-juice-shop-put-your-scanner-to-the-test" - }, - { - "name": "live", - "url": "https://ginandjuice.shop/" + "name": "docker", + "url": "https://github.com/incredibleindishell/SSRF_Vulnerable_Lab#docker" } ], - "author": "PortSwigger", - "notes": "A hosted always-online demo app with realistic technologies.", - "badge": null - }, - { - "url": "https://github.com/Checkmarx/Goatlin/", - "name": "Goatlin", - "collection": [ - "mobile" - ], "technology": [ - "Kotlin", - "Android", - "API", - "REST" - ], - "references": [ - { - "name": "guide", - "url": "https://checkmarx.github.io/Kotlin-SCP/" - } + "PHP" ], - "author": "Checkmarx", - "notes": null, - "badge": "Checkmarx/Goatlin" + "url": "https://github.com/incredibleindishell/SSRF_Vulnerable_Lab" }, { - "url": "https://github.com/snyk-labs/nodejs-goof", - "name": "Goof", + "author": null, + "badge": "SpiderLabs/SQLol", "collection": [ - "offline", - "container" - ], - "technology": [ - "NodeJS" + "offline" ], + "name": "SQLol", + "notes": null, "references": [ { - "name": "guide", - "url": "https://snyk.io/test/github/snyk/goof" - }, - { - "name": "guide", - "url": "http://dreamerslab.com/blog/en/write-a-todo-list-with-express-and-mongodb/" + "name": "download", + "url": "http://github.com/SpiderLabs/SQLol/archive/master.zip" } ], - "author": "Snyk", - "notes": "online - via Heroku deploy", - "badge": "snyk-labs/nodejs-goof" + "technology": [ + "PHP" + ], + "url": "https://github.com/SpiderLabs/SQLol" }, { - "url": "http://google-gruyere.appspot.com/", - "name": "Gruyere", + "author": null, + "badge": "Audi-1/sqli-labs", "collection": [ - "offline", - "online" - ], - "technology": [ - "Python" + "offline" ], + "name": "SQLI-labs", + "notes": null, "references": [ { "name": "download", - "url": "http://google-gruyere.appspot.com/gruyere-code.zip" + "url": "http://github.com/Audi-1/sqli-labs/archive/master.zip" }, { - "name": "live", - "url": "http://google-gruyere.appspot.com/" + "name": "guide", + "url": "http://dummy2dummies.blogspot.com/2012/06/sqli-lab-series-part-1.html" } ], - "author": "Google", - "notes": null, - "badge": null + "technology": [ + "PHP" + ], + "url": "https://github.com/Audi-1/sqli-labs" }, { - "url": "https://hack.me", - "name": "Hack.me", + "author": null, + "badge": "sqlmapproject/testenv", "collection": [ - "online" + "offline" ], - "technology": [], + "name": "SQL injection test environment", + "notes": "SQLmap Project", "references": [], - "author": "eLearnSecurity", - "notes": "Beta", - "badge": null + "technology": [ + "PHP" + ], + "url": "https://github.com/sqlmapproject/testenv" }, { - "url": "https://www.hackthis.co.uk/", - "name": "HackThis", + "author": "OWASP", + "badge": "OWASP/railsgoat", "collection": [ - "online" - ], - "technology": [ - "PHP" + "offline" ], + "name": "Rails Goat", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/HackThis/hackthis.co.uk" + "url": "http://github.com/OWASP/railsgoat/archive/master.zip" }, { - "name": "live", - "url": "https://www.hackthis.co.uk/" + "name": "downloads", + "url": "http://railsgoat.cktricky.com/getting_started.html" } ], - "author": "Luke Ward (0x6C77)", - "notes": null, - "badge": "HackThis/hackthis.co.uk" + "technology": [ + "Ruby on Rails" + ], + "url": "https://www.owasp.org/index.php/OWASP_Rails_Goat_Project" }, { - "url": "https://www.hackthissite.org", - "name": "HackThisSite", + "author": "insp3ctre", + "badge": "insp3ctre/race-the-web", "collection": [ - "online" - ], - "technology": [ - "PHP", - "Perl", - "JavaScript", - "API", - "Binaries" + "offline" ], + "name": "Race The Web", + "notes": null, "references": [ { - "name": "live", - "url": "https://www.hackthissite.org" + "name": "download", + "url": "https://github.com/insp3ctre/race-the-web" } ], - "author": "HackThisSite Staff", - "notes": "Always-on CTF challenges including Basic, Realistic, Application, Steganography, and many others.", - "badge": null + "technology": [], + "url": "https://github.com/insp3ctre/race-the-web" }, { - "url": "https://labs.hackxpert.com/", - "name": "HackXpert", + "author": "Ade Yoseman", + "badge": "adeyosemanputra/pygoat", "collection": [ - "online" - ], - "technology": [ - "PHP" + "offline", + "online", + "container" ], + "name": "PyGoat", + "notes": null, "references": [ { "name": "guide", - "url": "https://www.youtube.com/c/TheXSSrat" + "url": "https://github.com/adeyosemanputra/pygoat/blob/master/pygoat/Solutions/solution.md" }, { - "name": "live", - "url": "https://labs.hackxpert.com/" - } - ], - "author": "theXSSrat", - "notes": null, - "badge": null - }, - { - "url": "https://hack-yourself-first.com/", - "name": "HackYourselfFirst", - "collection": [ - "online" - ], - "technology": [], - "references": [ + "name": "docker", + "url": "https://hub.docker.com/r/pygoat/pygoat" + }, { - "name": "guide", - "url": "https://www.troyhunt.com/hack-yourself-first-how-to-go-on/" + "name": "download", + "url": "https://github.com/adeyosemanputra/pygoat" }, { "name": "live", - "url": "https://hack-yourself-first.com/" + "url": "http://pygoat.herokuapp.com/" } ], - "author": "Troy Hunt", - "notes": null, - "badge": null + "technology": [ + "Python" + ], + "url": "https://github.com/adeyosemanputra/pygoat" }, { - "url": "https://github.com/Hackademic/hackademic", - "name": "Hackademic Challenges Project", + "author": null, + "badge": null, "collection": [ "offline" ], - "technology": [ - "PHP", - "Joomla" - ], + "name": "Puzzlemall", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/Hackademic/hackademic" + "url": "http://code.google.com/p/puzzlemall/downloads/list" } ], - "author": "OWASP", - "notes": null, - "badge": "Hackademic/hackademic" + "technology": [ + "Java" + ], + "url": "https://code.google.com/p/puzzlemall/" }, { - "url": "https://github.com/rapid7/hackazon", - "name": "Hackazon", + "author": "OWASP", + "badge": "DevSlop/Pixi", "collection": [ - "offline" - ], - "technology": [ - "AJAX", - "JSON", - "XML", - "GwT", - "AMF" + "offline", + "container" ], + "name": "Pixi", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/rapid7/hackazon" + "url": "https://github.com/DevSlop/Pixi" }, { - "name": "guide", - "url": "https://medium.com/faun/automating-authenticated-api-vulnerability-scanning-with-owasp-zap-eaddba0c2e94" + "name": "download", + "url": "https://github.com/thedeadrobots/pixi" }, { "name": "guide", - "url": "https://github.com/tahmed11/OWASP_ZAP_API_scripts" + "url": "https://www.slideshare.net/TanyaJanca/api-and-web-service-hacking-with-pixi-part-of-owasp-devslop" }, { "name": "guide", - "url": "https://github.com/rapid7/hackazon/blob/master/REST.md" + "url": "https://www.youtube.com/watch?v=td-2rN4PgRw" } ], - "author": "Rapid7 (NTObjectives)", - "notes": null, - "badge": "rapid7/hackazon" + "technology": [ + "Node.js", + "Swagger", + "docker" + ], + "url": "https://github.com/DevSlop/Pixi" }, { - "url": "https://www.hacking-lab.com/events/", - "name": "Hacking Lab", + "author": null, + "badge": null, "collection": [ - "online" + "offline" ], - "technology": [], + "name": "Peruggia", + "notes": null, "references": [ { - "name": "live", - "url": "https://www.hacking-lab.com/events/" + "name": "download", + "url": "http://sourceforge.net/projects/peruggia/files/" } ], - "author": "Hacking Lab", - "notes": null, - "badge": null + "technology": [ + "PHP" + ], + "url": "http://peruggia.sourceforge.net/" }, { - "url": "http://hackxor.sourceforge.net/cgi-bin/index.pl", - "name": "Hackxor", + "author": null, + "badge": null, "collection": [ "container" ], - "technology": [ - "VMware" + "name": "PentesterLab - The Exercises", + "notes": null, + "references": [], + "technology": [ + "ISO", + "PDF" ], + "url": "https://www.pentesterlab.com/exercises/" + }, + { + "author": null, + "badge": null, + "collection": [ + "online" + ], + "name": "Pentester Academy", + "notes": null, "references": [ { - "name": "download", - "url": "http://sourceforge.net/projects/hackxor/files/" - }, - { - "name": "guide", - "url": "http://hackxor.sourceforge.net/cgi-bin/hints.pl" + "name": "live", + "url": "http://pentesteracademylab.appspot.com" } ], - "author": null, - "notes": null, - "badge": null + "technology": [], + "url": "http://pentesteracademylab.appspot.com" }, { - "url": "http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx", - "name": "Hacme Bank", + "author": "Pentest-Tools.com", + "badge": null, "collection": [ - "offline" - ], - "technology": [ - ".NET" + "online", + "container" ], + "name": "Pentest-Ground", + "notes": "Suite of vulnerable web apps to practice", "references": [ { - "name": "download", - "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmebank2_install.zip" + "name": "Pentest-Ground", + "url": "https://pentest-ground.com/" } ], - "author": "McAfee / Foundstone", - "notes": null, - "badge": null + "technology": [ + "PHP", + "Docker" + ], + "url": "https://pentest-ground.com/" }, { - "url": "http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx", - "name": "Hacme Bank - Android", + "author": "Karan Preet Singh Sasan", + "badge": "SasanLabs/VulnerableApp-facade", "collection": [ "offline" ], - "technology": [], - "references": [], - "author": "McAfee / Foundstone", + "name": "OWASP VulnerableApp-facade", "notes": null, - "badge": null + "references": [ + { + "name": "docker", + "url": "https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp-facade" + }, + { + "name": "download", + "url": "https://github.com/SasanLabs/VulnerableApp-facade" + } + ], + "technology": [ + "Typescript", + "Javascript", + "Docker" + ], + "url": "https://github.com/SasanLabs/VulnerableApp-facade" }, { - "url": "http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx", - "name": "Hacme Books", + "author": "Karan Preet Singh Sasan", + "badge": "SasanLabs/VulnerableApp", "collection": [ "offline" ], - "technology": [ - "Java" - ], + "name": "OWASP VulnerableApp", + "notes": null, "references": [ + { + "name": "docker", + "url": "https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp" + }, { "name": "download", - "url": "http://b2b-download.mcafee.com/products/tools/foundstone/hacmebooks2_installer.zip" + "url": "https://github.com/SasanLabs/VulnerableApp" } ], - "author": "McAfee / Foundstone", - "notes": null, - "badge": null + "technology": [ + "Java", + "Javascript", + "Spring-Boot" + ], + "url": "https://github.com/SasanLabs/VulnerableApp" }, { - "url": "http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx", - "name": "Hacme Casino", + "author": "glenn.ten.cate@owasp.org and riccardo.ten.cate@owasp.org", + "badge": "blabla1337/skf-labs", "collection": [ + "online", "offline" ], - "technology": [ - "Ruby on Rails" - ], + "name": "OWASP SKF Labs", + "notes": "You can go to the demo website and login(admin / test-skf) or skip login, go to Labs menu and start a Lab you want to do. Please limit the usage of scanning tools on the Labs.", "references": [ { - "name": "download", - "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmecasino_installer.zip" + "name": "demo", + "url": "https://demo.securityknowledgeframework.org" + }, + { + "name": "guide", + "url": "https://owasp-skf.gitbook.io/asvs-write-ups/" + }, + { + "name": "live", + "url": "https://secureby.design/" } ], - "author": "McAfee / Foundstone", - "notes": null, - "badge": null + "technology": [ + "Python", + "HTML", + "Javascript", + "GraphQL", + "Ruby" + ], + "url": "https://secureby.design/" }, { - "url": "http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx", - "name": "Hacme Shipping", + "author": "OWASP", + "badge": "juice-shop/juice-shop", "collection": [ - "offline" - ], - "technology": [ - "ColdFusion" + "offline", + "online", + "container" ], + "name": "OWASP Juice Shop", + "notes": null, "references": [ { "name": "download", - "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmeshipping.zip" + "url": "https://github.com/juice-shop/juice-shop" + }, + { + "name": "docker", + "url": "https://hub.docker.com/r/bkimminich/juice-shop/" + }, + { + "name": "guide", + "url": "https://pwning.owasp-juice.shop/" + }, + { + "name": "demo", + "url": "https://demo.owasp-juice.shop" + }, + { + "name": "preview", + "url": "https://preview.owasp-juice.shop" + }, + { + "name": "live", + "url": "https://juice-shop.herokuapp.com" } ], - "author": "McAfee / Foundstone", - "notes": null, - "badge": null + "technology": [ + "TypeScript", + "JavaScript", + "Angular", + "Node.js" + ], + "url": "https://owasp-juice.shop" }, { - "url": "http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx", - "name": "Hacme Travel", + "author": "Abhineet Jayaraj (@xploresec)", + "badge": "interference-security/DVWS", "collection": [ "offline" ], + "name": "OWASP Damn Vulnerable Web Sockets (DVWS)", + "notes": null, + "references": [], "technology": [ - "C++" - ], - "references": [ - { - "name": "download", - "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmetravel_install.zip" - } + "PHP", + "HTML", + "Javascript", + "WebSockets" ], - "author": "McAfee / Foundstone", - "notes": null, - "badge": null + "url": "https://owasp.org/www-project-damn-vulnerable-web-sockets/" }, { - "url": "https://github.com/iknowjason/hammer", - "name": "Hammer", + "author": "(OSTE)Oudjani seyyid taqi eddine", + "badge": "OSTEsayed/OSTE-Vulnerable-Web-Application", "collection": [ "offline" ], + "name": "OSTE-Vulnerable-Web-Application", + "notes": "Vulnerable web application", + "references": [], "technology": [ - "Ruby on Rails" - ], - "references": [ - { - "name": "download", - "url": "https://github.com/iknowjason/hammer" - }, - { - "name": "live", - "url": "https://preprod.rtcfingroup.com/" - } + "PHP" ], - "author": "iknowjason", - "notes": "Includes manual build and docker options.", - "badge": "iknowjason/hammer" + "url": "https://github.com/OSTEsayed/OSTE-Vulnerable-Web-Application" }, { - "url": "http://sourceforge.net/projects/lampsecurity/", - "name": "LAMPSecurity", + "author": "cr0hn", + "badge": "cr0hn/vulnerable-node", "collection": [ - "container", "offline" ], + "name": "NodeVulnerable", + "notes": null, + "references": [], "technology": [ - "VMware", - "PHP" + "Node.js" + ], + "url": "https://github.com/cr0hn/vulnerable-node" + }, + { + "author": "OWASP", + "badge": "OWASP/NodeGoat", + "collection": [ + "offline" ], + "name": "NodeGoat", + "notes": null, "references": [ { "name": "download", - "url": "http://sourceforge.net/projects/lampsecurity/files/" + "url": "https://github.com/OWASP/NodeGoat" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "Node.js" + ], + "url": "https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project" }, { - "url": "https://github.com/christophetd/log4shell-vulnerable-app", - "name": "Log4Shell sample vulnerable application", + "author": "Anton Abashkin", + "badge": "aabashkin/nosql-injection-vulnapp", "collection": [ + "offline", "container" ], + "name": "NoSQL Injection Vulnerable App (NIVA)", + "notes": null, + "references": [ + { + "name": "docker", + "url": "https://hub.docker.com/repository/docker/aabashkin/niva" + }, + { + "name": "guide", + "url": "https://github.com/aabashkin/nosql-injection-vulnapp/blob/main/README.md" + } + ], "technology": [ - "Spring Boot", - "Log4j", - "Java" + "Java", + "MongoDB" ], - "references": [], - "author": "Christophe Tafani-Dereeper, Gerard Arall, rayhan0x01 Rayhan Ahmed", - "notes": "CVE-2021-44228", - "badge": "christophetd/log4shell-vulnerable-app" + "url": "https://github.com/aabashkin/nosql-injection-vulnapp" }, { - "url": "https://github.com/OWASP/owasp-mstg/tree/master/Crackmes", - "name": "MSTG CrackMes", + "author": "@digininja", + "badge": "digininja/nosqlilab", "collection": [ - "mobile" + "offline" ], - "technology": [], - "references": [], - "author": "OWASP", + "name": "NoSQL Injection Lab", "notes": null, - "badge": "OWASP/owasp-mstg" + "references": [ + { + "name": "download", + "url": "http://github.com/digininja/nosqlilab" + } + ], + "technology": [ + "PHP", + "MongoDB" + ], + "url": "https://digi.ninja/projects/nosqli_lab.php" }, { - "url": "https://github.com/OWASP/MSTG-Hacking-Playground", - "name": "MSTG Hacking Playground", + "author": "Netsparker", + "badge": null, "collection": [ - "mobile" + "online" ], - "technology": [], + "name": "Netsparker Test App PHP", + "notes": null, "references": [ { - "name": "guide", - "url": "https://github.com/OWASP/MSTG-Hacking-Playground/wiki" + "name": "live", + "url": "http://php.testsparker.com/" } ], - "author": "OWASP", - "notes": null, - "badge": "OWASP/MSTG-Hacking-Playground" + "technology": [ + "PHP" + ], + "url": "http://php.testsparker.com/" }, { - "url": "https://github.com/SpiderLabs/MCIR", - "name": "Magical Code Injection Rainbow - MCIR", + "author": "Netsparker", + "badge": null, "collection": [ - "offline" + "online" + ], + "name": "Netsparker Test App .NET", + "notes": null, + "references": [ + { + "name": "live", + "url": "http://aspnet.testsparker.com/" + } ], "technology": [ - "PHP" + "ASP.NET" ], - "references": [], - "author": "SpiderLabs", - "notes": null, - "badge": "SpiderLabs/MCIR" + "url": "http://aspnet.testsparker.com/" }, { - "url": "https://github.com/cschneider4711/Marathon", - "name": "Marathon", + "author": null, + "badge": "webpwnized/mutillidae", "collection": [ "offline" ], + "name": "Mutillidae", + "notes": null, + "references": [ + { + "name": "download", + "url": "https://github.com/webpwnized/mutillidae" + } + ], "technology": [ - "JAVA", - "Docker" + "PHP" ], - "references": [], - "author": "Christian Schneider", - "notes": "Vulnerable demo application", - "badge": "cschneider4711/Marathon" + "url": "http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10" }, { - "url": "https://community.rapid7.com/docs/DOC-1875", - "name": "Metasploitable 2", + "author": null, + "badge": null, "collection": [ "container" ], - "technology": [ - "VMware" - ], + "name": "Moth", + "notes": null, "references": [ { "name": "download", - "url": "https://sourceforge.net/projects/metasploitable/files/Metasploitable2/" + "url": "http://sourceforge.net/projects/w3af/files/moth/moth/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "VMware" + ], + "url": "http://sourceforge.net/projects/w3af/files/moth/moth/" }, { - "url": "https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities", - "name": "Metasploitable 3", + "author": null, + "badge": "rapid7/metasploitable3", "collection": [ "container" ], - "technology": [ - "VMware" - ], + "name": "Metasploitable 3", + "notes": null, "references": [ { "name": "download", "url": "https://github.com/rapid7/metasploitable3" } ], - "author": null, - "notes": null, - "badge": "rapid7/metasploitable3" + "technology": [ + "VMware" + ], + "url": "https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities" }, { - "url": "http://sourceforge.net/projects/w3af/files/moth/moth/", - "name": "Moth", + "author": null, + "badge": null, "collection": [ "container" ], - "technology": [ - "VMware" - ], + "name": "Metasploitable 2", + "notes": null, "references": [ { "name": "download", - "url": "http://sourceforge.net/projects/w3af/files/moth/moth/" + "url": "https://sourceforge.net/projects/metasploitable/files/Metasploitable2/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "VMware" + ], + "url": "https://community.rapid7.com/docs/DOC-1875" }, { - "url": "http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10", - "name": "Mutillidae", + "author": "Christian Schneider", + "badge": "cschneider4711/Marathon", "collection": [ "offline" ], + "name": "Marathon", + "notes": "Vulnerable demo application", + "references": [], "technology": [ - "PHP" - ], - "references": [ - { - "name": "download", - "url": "https://github.com/webpwnized/mutillidae" - } + "JAVA", + "Docker" ], - "author": null, - "notes": null, - "badge": "webpwnized/mutillidae" + "url": "https://github.com/cschneider4711/Marathon" }, { - "url": "http://aspnet.testsparker.com/", - "name": "Netsparker Test App .NET", + "author": "SpiderLabs", + "badge": "SpiderLabs/MCIR", "collection": [ - "online" + "offline" ], + "name": "Magical Code Injection Rainbow - MCIR", + "notes": null, + "references": [], "technology": [ - "ASP.NET" + "PHP" ], + "url": "https://github.com/SpiderLabs/MCIR" + }, + { + "author": "OWASP", + "badge": "OWASP/MSTG-Hacking-Playground", + "collection": [ + "mobile" + ], + "name": "MSTG Hacking Playground", + "notes": null, "references": [ { - "name": "live", - "url": "http://aspnet.testsparker.com/" + "name": "guide", + "url": "https://github.com/OWASP/MSTG-Hacking-Playground/wiki" } ], - "author": "Netsparker", + "technology": [], + "url": "https://github.com/OWASP/MSTG-Hacking-Playground" + }, + { + "author": "OWASP", + "badge": "OWASP/owasp-mstg", + "collection": [ + "mobile" + ], + "name": "MSTG CrackMes", "notes": null, - "badge": null + "references": [], + "technology": [], + "url": "https://github.com/OWASP/owasp-mstg/tree/master/Crackmes" }, { - "url": "http://php.testsparker.com/", - "name": "Netsparker Test App PHP", + "author": "Christophe Tafani-Dereeper, Gerard Arall, rayhan0x01 Rayhan Ahmed", + "badge": "christophetd/log4shell-vulnerable-app", "collection": [ - "online" + "container" ], + "name": "Log4Shell sample vulnerable application", + "notes": "CVE-2021-44228", + "references": [], "technology": [ - "PHP" + "Spring Boot", + "Log4j", + "Java" + ], + "url": "https://github.com/christophetd/log4shell-vulnerable-app" + }, + { + "author": null, + "badge": null, + "collection": [ + "container", + "offline" ], + "name": "LAMPSecurity", + "notes": null, "references": [ { - "name": "live", - "url": "http://php.testsparker.com/" + "name": "download", + "url": "http://sourceforge.net/projects/lampsecurity/files/" } ], - "author": "Netsparker", - "notes": null, - "badge": null + "technology": [ + "VMware", + "PHP" + ], + "url": "http://sourceforge.net/projects/lampsecurity/" }, { - "url": "https://digi.ninja/projects/nosqli_lab.php", - "name": "NoSQL Injection Lab", + "author": "iknowjason", + "badge": "iknowjason/hammer", "collection": [ "offline" ], - "technology": [ - "PHP", - "MongoDB" - ], + "name": "Hammer", + "notes": "Includes manual build and docker options.", "references": [ { "name": "download", - "url": "http://github.com/digininja/nosqlilab" + "url": "https://github.com/iknowjason/hammer" + }, + { + "name": "live", + "url": "https://preprod.rtcfingroup.com/" } ], - "author": "@digininja", - "notes": null, - "badge": "digininja/nosqlilab" + "technology": [ + "Ruby on Rails" + ], + "url": "https://github.com/iknowjason/hammer" }, { - "url": "https://github.com/aabashkin/nosql-injection-vulnapp", - "name": "NoSQL Injection Vulnerable App (NIVA)", + "author": "McAfee / Foundstone", + "badge": null, "collection": [ - "offline", - "container" - ], - "technology": [ - "Java", - "MongoDB" + "offline" ], + "name": "Hacme Travel", + "notes": null, "references": [ { - "name": "docker", - "url": "https://hub.docker.com/repository/docker/aabashkin/niva" - }, - { - "name": "guide", - "url": "https://github.com/aabashkin/nosql-injection-vulnapp/blob/main/README.md" + "name": "download", + "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmetravel_install.zip" } ], - "author": "Anton Abashkin", - "notes": null, - "badge": "aabashkin/nosql-injection-vulnapp" + "technology": [ + "C++" + ], + "url": "http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx" }, { - "url": "https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project", - "name": "NodeGoat", + "author": "McAfee / Foundstone", + "badge": null, "collection": [ "offline" ], - "technology": [ - "Node.js" - ], + "name": "Hacme Shipping", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/OWASP/NodeGoat" + "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmeshipping.zip" } ], - "author": "OWASP", - "notes": null, - "badge": "OWASP/NodeGoat" + "technology": [ + "ColdFusion" + ], + "url": "http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx" }, { - "url": "https://github.com/cr0hn/vulnerable-node", - "name": "NodeVulnerable", + "author": "McAfee / Foundstone", + "badge": null, "collection": [ "offline" ], + "name": "Hacme Casino", + "notes": null, + "references": [ + { + "name": "download", + "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmecasino_installer.zip" + } + ], "technology": [ - "Node.js" + "Ruby on Rails" ], - "references": [], - "author": "cr0hn", - "notes": null, - "badge": "cr0hn/vulnerable-node" + "url": "http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx" }, { - "url": "https://github.com/OSTEsayed/OSTE-Vulnerable-Web-Application", - "name": "OSTE-Vulnerable-Web-Application", + "author": "McAfee / Foundstone", + "badge": null, "collection": [ "offline" ], + "name": "Hacme Books", + "notes": null, + "references": [ + { + "name": "download", + "url": "http://b2b-download.mcafee.com/products/tools/foundstone/hacmebooks2_installer.zip" + } + ], "technology": [ - "PHP" + "Java" ], - "references": [], - "author": "(OSTE)Oudjani seyyid taqi eddine", - "notes": "Vulnerable web application", - "badge": "OSTEsayed/OSTE-Vulnerable-Web-Application" + "url": "http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx" }, { - "url": "https://owasp.org/www-project-damn-vulnerable-web-sockets/", - "name": "OWASP Damn Vulnerable Web Sockets (DVWS)", + "author": "McAfee / Foundstone", + "badge": null, "collection": [ "offline" ], - "technology": [ - "PHP", - "HTML", - "Javascript", - "WebSockets" - ], - "references": [], - "author": "Abhineet Jayaraj (@xploresec)", + "name": "Hacme Bank - Android", "notes": null, - "badge": "interference-security/DVWS" + "references": [], + "technology": [], + "url": "http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx" }, { - "url": "https://owasp-juice.shop", - "name": "OWASP Juice Shop", + "author": "McAfee / Foundstone", + "badge": null, "collection": [ - "offline", - "online", - "container" - ], - "technology": [ - "TypeScript", - "JavaScript", - "Angular", - "Node.js" + "offline" ], + "name": "Hacme Bank", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/juice-shop/juice-shop" - }, - { - "name": "docker", - "url": "https://hub.docker.com/r/bkimminich/juice-shop/" - }, - { - "name": "guide", - "url": "https://pwning.owasp-juice.shop/" - }, - { - "name": "demo", - "url": "https://demo.owasp-juice.shop" - }, - { - "name": "preview", - "url": "https://preview.owasp-juice.shop" - }, - { - "name": "live", - "url": "https://juice-shop.herokuapp.com" + "url": "http://downloadcenter.mcafee.com/products/tools/foundstone/hacmebank2_install.zip" } ], - "author": "OWASP", - "notes": null, - "badge": "juice-shop/juice-shop" + "technology": [ + ".NET" + ], + "url": "http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx" }, { - "url": "https://secureby.design/", - "name": "OWASP SKF Labs", + "author": null, + "badge": null, "collection": [ - "online", - "offline" - ], - "technology": [ - "Python", - "HTML", - "Javascript", - "GraphQL", - "Ruby" + "container" ], + "name": "Hackxor", + "notes": null, "references": [ { - "name": "demo", - "url": "https://demo.securityknowledgeframework.org" + "name": "download", + "url": "http://sourceforge.net/projects/hackxor/files/" }, { "name": "guide", - "url": "https://owasp-skf.gitbook.io/asvs-write-ups/" - }, - { - "name": "live", - "url": "https://secureby.design/" + "url": "http://hackxor.sourceforge.net/cgi-bin/hints.pl" } ], - "author": "glenn.ten.cate@owasp.org and riccardo.ten.cate@owasp.org", - "notes": "You can go to the demo website and login(admin / test-skf) or skip login, go to Labs menu and start a Lab you want to do. Please limit the usage of scanning tools on the Labs.", - "badge": "blabla1337/skf-labs" + "technology": [ + "VMware" + ], + "url": "http://hackxor.sourceforge.net/cgi-bin/index.pl" }, { - "url": "https://github.com/SasanLabs/VulnerableApp", - "name": "OWASP VulnerableApp", + "author": "Hacking Lab", + "badge": null, "collection": [ - "offline" - ], - "technology": [ - "Java", - "Javascript", - "Spring-Boot" + "online" ], + "name": "Hacking Lab", + "notes": null, "references": [ { - "name": "docker", - "url": "https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp" - }, - { - "name": "download", - "url": "https://github.com/SasanLabs/VulnerableApp" + "name": "live", + "url": "https://www.hacking-lab.com/events/" } ], - "author": "Karan Preet Singh Sasan", - "notes": null, - "badge": "SasanLabs/VulnerableApp" + "technology": [], + "url": "https://www.hacking-lab.com/events/" }, { - "url": "https://github.com/SasanLabs/VulnerableApp-facade", - "name": "OWASP VulnerableApp-facade", + "author": "Rapid7 (NTObjectives)", + "badge": "rapid7/hackazon", "collection": [ "offline" ], - "technology": [ - "Typescript", - "Javascript", - "Docker" - ], + "name": "Hackazon", + "notes": null, "references": [ { - "name": "docker", - "url": "https://hub.docker.com/r/sasanlabs/owasp-vulnerableapp-facade" + "name": "download", + "url": "https://github.com/rapid7/hackazon" }, { - "name": "download", - "url": "https://github.com/SasanLabs/VulnerableApp-facade" + "name": "guide", + "url": "https://medium.com/faun/automating-authenticated-api-vulnerability-scanning-with-owasp-zap-eaddba0c2e94" + }, + { + "name": "guide", + "url": "https://github.com/tahmed11/OWASP_ZAP_API_scripts" + }, + { + "name": "guide", + "url": "https://github.com/rapid7/hackazon/blob/master/REST.md" } ], - "author": "Karan Preet Singh Sasan", - "notes": null, - "badge": "SasanLabs/VulnerableApp-facade" + "technology": [ + "AJAX", + "JSON", + "XML", + "GwT", + "AMF" + ], + "url": "https://github.com/rapid7/hackazon" }, { - "url": "http://pentesteracademylab.appspot.com", - "name": "Pentester Academy", + "author": "OWASP", + "badge": "Hackademic/hackademic", "collection": [ - "online" + "offline" ], - "technology": [], + "name": "Hackademic Challenges Project", + "notes": null, "references": [ { - "name": "live", - "url": "http://pentesteracademylab.appspot.com" + "name": "download", + "url": "https://github.com/Hackademic/hackademic" } ], - "author": null, - "notes": null, - "badge": null - }, - { - "url": "https://www.pentesterlab.com/exercises/", - "name": "PentesterLab - The Exercises", - "collection": [ - "container" - ], "technology": [ - "ISO", - "PDF" + "PHP", + "Joomla" ], - "references": [], - "author": null, - "notes": null, - "badge": null + "url": "https://github.com/Hackademic/hackademic" }, { - "url": "http://peruggia.sourceforge.net/", - "name": "Peruggia", + "author": "Troy Hunt", + "badge": null, "collection": [ - "offline" - ], - "technology": [ - "PHP" + "online" ], + "name": "HackYourselfFirst", + "notes": null, "references": [ { - "name": "download", - "url": "http://sourceforge.net/projects/peruggia/files/" + "name": "guide", + "url": "https://www.troyhunt.com/hack-yourself-first-how-to-go-on/" + }, + { + "name": "live", + "url": "https://hack-yourself-first.com/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [], + "url": "https://hack-yourself-first.com/" }, { - "url": "https://github.com/DevSlop/Pixi", - "name": "Pixi", + "author": "theXSSrat", + "badge": null, "collection": [ - "offline", - "container" - ], - "technology": [ - "Node.js", - "Swagger", - "docker" + "online" ], + "name": "HackXpert", + "notes": null, "references": [ - { - "name": "download", - "url": "https://github.com/DevSlop/Pixi" - }, - { - "name": "download", - "url": "https://github.com/thedeadrobots/pixi" - }, { "name": "guide", - "url": "https://www.slideshare.net/TanyaJanca/api-and-web-service-hacking-with-pixi-part-of-owasp-devslop" + "url": "https://www.youtube.com/c/TheXSSrat" }, - { - "name": "guide", - "url": "https://www.youtube.com/watch?v=td-2rN4PgRw" + { + "name": "live", + "url": "https://labs.hackxpert.com/" } ], - "author": "OWASP", - "notes": null, - "badge": "DevSlop/Pixi" + "technology": [ + "PHP" + ], + "url": "https://labs.hackxpert.com/" }, { - "url": "https://code.google.com/p/puzzlemall/", - "name": "Puzzlemall", + "author": "HackThisSite Staff", + "badge": null, "collection": [ - "offline" - ], - "technology": [ - "Java" + "online" ], + "name": "HackThisSite", + "notes": "Always-on CTF challenges including Basic, Realistic, Application, Steganography, and many others.", "references": [ { - "name": "download", - "url": "http://code.google.com/p/puzzlemall/downloads/list" + "name": "live", + "url": "https://www.hackthissite.org" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "PHP", + "Perl", + "JavaScript", + "API", + "Binaries" + ], + "url": "https://www.hackthissite.org" }, { - "url": "https://github.com/adeyosemanputra/pygoat", - "name": "PyGoat", + "author": "Luke Ward (0x6C77)", + "badge": "HackThis/hackthis.co.uk", "collection": [ - "offline", - "online", - "container" - ], - "technology": [ - "Python" + "online" ], + "name": "HackThis", + "notes": null, "references": [ - { - "name": "guide", - "url": "https://github.com/adeyosemanputra/pygoat/blob/master/pygoat/Solutions/solution.md" - }, - { - "name": "docker", - "url": "https://hub.docker.com/r/pygoat/pygoat" - }, { "name": "download", - "url": "https://github.com/adeyosemanputra/pygoat" + "url": "https://github.com/HackThis/hackthis.co.uk" }, { "name": "live", - "url": "http://pygoat.herokuapp.com/" + "url": "https://www.hackthis.co.uk/" } ], - "author": "Ade Yoseman", - "notes": null, - "badge": "adeyosemanputra/pygoat" + "technology": [ + "PHP" + ], + "url": "https://www.hackthis.co.uk/" }, { - "url": "https://github.com/insp3ctre/race-the-web", - "name": "Race The Web", + "author": "eLearnSecurity", + "badge": null, "collection": [ - "offline" + "online" ], + "name": "Hack.me", + "notes": "Beta", + "references": [], "technology": [], + "url": "https://hack.me" + }, + { + "author": "Google", + "badge": null, + "collection": [ + "offline", + "online" + ], + "name": "Gruyere", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/insp3ctre/race-the-web" + "url": "http://google-gruyere.appspot.com/gruyere-code.zip" + }, + { + "name": "live", + "url": "http://google-gruyere.appspot.com/" } ], - "author": "insp3ctre", - "notes": null, - "badge": "insp3ctre/race-the-web" + "technology": [ + "Python" + ], + "url": "http://google-gruyere.appspot.com/" }, { - "url": "https://www.owasp.org/index.php/OWASP_Rails_Goat_Project", - "name": "Rails Goat", + "author": "Snyk", + "badge": "snyk-labs/nodejs-goof", "collection": [ - "offline" - ], - "technology": [ - "Ruby on Rails" + "offline", + "container" ], + "name": "Goof", + "notes": "online - via Heroku deploy", "references": [ { - "name": "download", - "url": "http://github.com/OWASP/railsgoat/archive/master.zip" + "name": "guide", + "url": "https://snyk.io/test/github/snyk/goof" }, { - "name": "downloads", - "url": "http://railsgoat.cktricky.com/getting_started.html" + "name": "guide", + "url": "http://dreamerslab.com/blog/en/write-a-todo-list-with-express-and-mongodb/" } ], - "author": "OWASP", - "notes": null, - "badge": "OWASP/railsgoat" + "technology": [ + "NodeJS" + ], + "url": "https://github.com/snyk-labs/nodejs-goof" }, { - "url": "https://github.com/sqlmapproject/testenv", - "name": "SQL injection test environment", + "author": "Checkmarx", + "badge": "Checkmarx/Goatlin", "collection": [ - "offline" + "mobile" + ], + "name": "Goatlin", + "notes": null, + "references": [ + { + "name": "guide", + "url": "https://checkmarx.github.io/Kotlin-SCP/" + } ], "technology": [ - "PHP" + "Kotlin", + "Android", + "API", + "REST" ], - "references": [], - "author": null, - "notes": "SQLmap Project", - "badge": "sqlmapproject/testenv" + "url": "https://github.com/Checkmarx/Goatlin/" }, { - "url": "https://github.com/Audi-1/sqli-labs", - "name": "SQLI-labs", + "author": "PortSwigger", + "badge": null, "collection": [ - "offline" - ], - "technology": [ - "PHP" + "online" ], + "name": "Gin & Juice Shop", + "notes": "A hosted always-online demo app with realistic technologies.", "references": [ { - "name": "download", - "url": "http://github.com/Audi-1/sqli-labs/archive/master.zip" + "name": "announcement", + "url": "https://portswigger.net/blog/gin-and-juice-shop-put-your-scanner-to-the-test" }, { - "name": "guide", - "url": "http://dummy2dummies.blogspot.com/2012/06/sqli-lab-series-part-1.html" + "name": "live", + "url": "https://ginandjuice.shop/" } ], - "author": null, - "notes": null, - "badge": "Audi-1/sqli-labs" + "technology": [ + "JavaScript", + "AngularJS", + "React", + "CSRF" + ], + "url": "https://ginandjuice.shop/" }, { - "url": "https://github.com/SpiderLabs/SQLol", - "name": "SQLol", + "author": " Katie Paxton-Fear ", + "badge": "InsiderPhD/Generic-University", "collection": [ + "container", "offline" ], + "name": "Generic-University", + "notes": null, + "references": [], "technology": [ - "PHP" + "PHP", + "docker", + "API", + "GraphQL", + "MySQL", + "Laravel" + ], + "url": "https://github.com/InsiderPhD/Generic-University" + }, + { + "author": null, + "badge": null, + "collection": [ + "container" ], + "name": "GameOver", + "notes": null, "references": [ { "name": "download", - "url": "http://github.com/SpiderLabs/SQLol/archive/master.zip" + "url": "http://sourceforge.net/projects/null-gameover/files/" } ], - "author": null, - "notes": null, - "badge": "SpiderLabs/SQLol" + "technology": [ + "VMware" + ], + "url": "http://sourceforge.net/projects/null-gameover/" }, { - "url": "https://github.com/incredibleindishell/SSRF_Vulnerable_Lab", - "name": "SSRF Vuln Lab", + "author": "Checkmarx", + "badge": null, "collection": [ - "offline" - ], - "technology": [ - "PHP" + "online" ], + "name": "Game of Hacks", + "notes": null, "references": [ { - "name": "docker", - "url": "https://github.com/incredibleindishell/SSRF_Vulnerable_Lab#docker" + "name": "live", + "url": "http://www.gameofhacks.com/" } ], - "author": "incredibleindishell, Mohammed Farhan", - "notes": null, - "badge": "incredibleindishell/SSRF_Vulnerable_Lab" + "technology": [ + "Node", + "Express.js" + ], + "url": "http://www.gameofhacks.com/" }, { - "url": "http://www.samurai-wtf.org/", - "name": "Samurai WTF", + "author": "Orange-Cyberdefense", + "badge": "Orange-Cyberdefense/GOAD", "collection": [ "container" ], - "technology": [ - "ISO" - ], + "name": "Game of Active Directory", + "notes": "Requires a considerably powerful system", "references": [ { - "name": "download", - "url": "http://sourceforge.net/projects/samurai/files/" + "name": "guide", + "url": "https://mayfly277.github.io/categories/ad/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "Windows", + "Active Directory" + ], + "url": "https://github.com/Orange-Cyberdefense/GOAD" }, { - "url": "http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html", - "name": "Sauron", + "author": "Google", + "badge": "google/firing-range", "collection": [ - "container" - ], - "technology": [ - "Quemu" + "online" ], + "name": "Firing Range", + "notes": null, "references": [ { "name": "download", - "url": "http://sg6-labs.blogspot.com/search/label/SecGame" + "url": "https://github.com/google/firing-range" + }, + { + "name": "live", + "url": "https://public-firing-range.appspot.com/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [], + "url": "https://public-firing-range.appspot.com/" }, { - "url": "https://github.com/globocom/secDevLabs", - "name": "SecDevLabs", + "author": "adamtlangley", + "badge": "adamtlangley/ffufme", "collection": [ - "offline" - ], - "technology": [ - "Go", - "NodeJS", - "Python", - "PHP", - "React", - "Angular/Spring", - "Dart/Flutter" + "online", + "offline", + "container" ], + "name": "FFUF.me", + "notes": "Target practice for ffuf", "references": [ { - "name": "guide", - "url": "https://github.com/globocom/secDevLabs" + "name": "download", + "url": "https://github.com/adamtlangley/ffufme" + }, + { + "name": "live", + "url": "http://ffuf.me/" } ], - "author": "Globo", - "notes": "Repository with many intentionally vulnerable web applications. Includes attack narratives and docker options for each app.", - "badge": "globocom/secDevLabs" - }, - { - "url": "https://github.com/DataDog/security-labs-pocs", - "name": "Security Labs & POCs", - "collection": [ - "container" - ], "technology": [ - "docker", - "Kubernetes", - "PiPy", - "OpenSSL", - "JWT" + "PHP", + "Docker" ], - "references": [], - "author": "DataDog", - "notes": null, - "badge": "DataDog/security-labs-pocs" + "url": "http://ffuf.me/" }, { - "url": "https://owasp.org/www-project-security-shepherd/", - "name": "Security Shepherd", + "author": "vegabird", + "badge": "vegabird/xvna", "collection": [ "offline" ], - "technology": [ - "Java" - ], + "name": "Extreme Vulnerable Node Application", + "notes": null, "references": [ { "name": "download", - "url": "https://github.com/OWASP/SecurityShepherd" + "url": "https://github.com/vegabird/xvna" } ], - "author": "OWASP", - "notes": null, - "badge": "OWASP/SecurityShepherd" + "technology": [ + "NodeJS" + ], + "url": "https://github.com/vegabird/xvna" }, { - "url": "http://testhtml5.vulnweb.com/", - "name": "Security Tweets", + "author": null, + "badge": null, "collection": [ - "online" + "container" ], - "technology": [], + "name": "Exploit.co.il Vuln Web App", + "notes": null, "references": [ { - "name": "live", - "url": "http://testhtml5.vulnweb.com" + "name": "download", + "url": "http://sourceforge.net/projects/exploitcoilvuln/files/" } ], - "author": "Acunetix", - "notes": "HTML5", - "badge": null - }, - { - "url": "http://solyd.com.br/treinamentos/introducao-ao-hacking-e-pentest", - "name": "Solyd - Introdução ao Hacking e Pentest", - "collection": [ - "online" - ], "technology": [ - "PHP", - "Linux" + "VMware" ], - "references": [], - "author": "Solyd", - "notes": "In Portuguese (Português) - Free online trainning with free online lab", - "badge": null + "url": "http://sourceforge.net/projects/exploitcoilvuln/files/" }, { - "url": "https://github.com/dhatanian/ticketmagpie", - "name": "TicketMagpie", + "author": "Kohei Tamura", + "badge": "k-tamura/easybuggy", "collection": [ "offline" ], - "technology": [ - "Java" - ], + "name": "EasyBuggy", + "notes": null, "references": [ { "name": "download", - "url": "http://github.com/dhatanian/ticketmagpie" + "url": "https://github.com/k-tamura/easybuggy/releases" + }, + { + "name": "guide", + "url": "https://github.com/k-tamura/easybuggy/wiki" } ], - "author": null, - "notes": null, - "badge": "dhatanian/ticketmagpie" + "technology": [ + "Java" + ], + "url": "https://github.com/k-tamura/easybuggy" }, { - "url": "https://github.com/payatu/Tiredful-API", - "name": "Tiredful API", + "author": "Red and Black", + "badge": "red-and-black/DjangoGoat", "collection": [ "offline" ], + "name": "DjangoGoat", + "notes": null, + "references": [], "technology": [ "Python", "Django" ], + "url": "https://github.com/red-and-black/DjangoGoat" + }, + { + "author": "Luke [flabbyrabbit]", + "badge": null, + "collection": [ + "online" + ], + "name": "Defend the Web", + "notes": "Formerly HackThis", "references": [ { - "name": "download", - "url": "http://github.com/payatu/Tiredful-API" + "name": "live", + "url": "https://defendtheweb.net/" } ], - "author": "@payatu", - "notes": null, - "badge": "payatu/Tiredful-API" + "technology": [], + "url": "https://defendtheweb.net/" }, { - "url": "https://github.com/lucideus-repo/UnSAFE_Bank", - "name": "UnSAFE Bank", + "author": "@appsecco", + "badge": "interference-security/DVWS", "collection": [ "offline" ], + "name": "Damn Vulnerable Web Sockets", + "notes": null, + "references": [], "technology": [ - "Docker" + "Web Sockets" ], - "references": [], - "author": "lucideus", - "notes": "Web, Android and iOS application", - "badge": "lucideus-repo/UnSAFE_Bank" + "url": "https://github.com/interference-security/DVWS" }, { - "url": "https://github.com/erev0s/VAmPI", - "name": "VAmPI", + "author": "snoopysecurity", + "badge": "snoopysecurity/dvws", "collection": [ - "container" + "offline" ], + "name": "Damn Vulnerable Web Services", + "notes": null, + "references": [], "technology": [ - "python", - "docker", - "OpenAPI" + "Web Services" ], + "url": "https://github.com/snoopysecurity/dvws" + }, + { + "author": "RandomStorm", + "badge": "ethicalhack3r/DVWA", + "collection": [ + "offline", + "container" + ], + "name": "Damn Vulnerable Web Application - DVWA", + "notes": null, "references": [ { - "name": "guide", - "url": "https://thetesttherapist.com/2022/02/13/api-security-testing-with-postman-and-owasp-zap/" + "name": "download", + "url": "https://github.com/digininja/DVWA" }, { - "name": "announcement", - "url": "https://erev0s.com/blog/vampi-vulnerable-api-security-testing/" + "name": "docker", + "url": "https://github.com/digininja/DVWA#docker" } ], - "author": "erev0s", - "notes": null, - "badge": "erev0s/VAmPI" + "technology": [ + "PHP" + ], + "url": "https://github.com/digininja/DVWA" }, { - "url": "https://github.com/detectify/Varnish-H2-Request-Smuggling", - "name": "Varnish HTTP/2 Request Smuggling", + "author": "dnet", + "badge": "silentsignal/damn-vulnerable-stateful-web-app", "collection": [ "offline" ], - "technology": [ - "Varnish", - "HTTP/2" - ], + "name": "Damn Vulnerable Stateful WebApp", + "notes": null, "references": [ { - "name": "announcement", - "url": "https://twitter.com/berg0x00/status/1431027889064058885" + "name": "download", + "url": "http://www.sans.org/reading-room/whitepapers/testing/testing-stateful-web-application-workflows-36637" } ], - "author": "Detectify", - "notes": "A docker-compose file to setup a local environment that is vulnerable to CVE-2021-36740 Varnish HTTP/2 request smuggling, presented by Albinowax at Blackhat/Defcon 2021.", - "badge": "detectify/Varnish-H2-Request-Smuggling" + "technology": [ + "PHP" + ], + "url": "https://github.com/silentsignal/damn-vulnerable-stateful-web-app" }, { - "url": "http://sourceforge.net/projects/virtualhacking/", - "name": "Virtual Hacking Lab", + "author": "Protego Labs", + "badge": "OWASP/DVSA", "collection": [ - "container" - ], - "technology": [ - "ZIP" + "offline" ], + "name": "Damn Vulnerable Serverless App (DVSA)", + "notes": null, "references": [ { - "name": "download", - "url": "http://sourceforge.net/projects/virtualhacking/files/" + "name": "guide", + "url": "https://github.com/OWASP/DVSA/tree/master/AWS/LESSONS" } ], - "author": null, - "notes": null, - "badge": null - }, - { - "url": "https://github.com/Yavuzlar/VulnLab", - "name": "VulnLab", - "collection": [ - "offline" - ], "technology": [ - "PHP", - "Docker" + "Node", + "AWS", + "Azure" ], - "references": [], - "author": "Yavuzlar (siberyavuzlar.com)", - "notes": "A web vulnerability lab project developed by Yavuzlar.", - "badge": "Yavuzlar/VulnLab" + "url": "https://github.com/OWASP/DVSA" }, { - "url": "https://github.com/ScaleSec/vulnado", - "name": "Vulnado", + "author": "Oleksandr Kovalchuk", + "badge": "anxolerd/dvpwa", "collection": [ - "container" + "offline" ], + "name": "Damn Vulnerable Python Web Application - DVPWA", + "notes": null, + "references": [], "technology": [ - "Java", + "Python", "Docker" ], - "references": [], - "author": "ScaleSec", - "notes": "Purposely vulnerable Java application to help lead secure coding workshops", - "badge": "ScaleSec/vulnado" + "url": "https://github.com/anxolerd/dvpwa" }, { - "url": "https://github.com/CSPF-Founder/JavaVulnerableLab/", - "name": "Vulnerable Java Web Application", + "author": "Koen Buyens", + "badge": "koenbuyens/Vulnerable-OAuth-2.0-Applications", "collection": [ "offline" ], - "technology": [ - "Java" - ], + "name": "Damn Vulnerable OAuth 2.0 Applications", + "notes": "A set of vulnerable applications which show Oauth2.0 vulnerabilities.", "references": [], - "author": "Cyber Security and Privacy Foundation", - "notes": null, - "badge": "CSPF-Founder/JavaVulnerableLab" - }, - { - "url": "https://github.com/kaakaww/vuln_node_express", - "name": "Vulnerable Node Express", - "collection": [ - "offline" - ], "technology": [ - "Node.js", - "Express" + "MEAN", + "Docker", + "OAuth 2.0" ], - "references": [], - "author": "Zachary Conger", - "notes": "SQLi and XSS", - "badge": "kaakaww/vuln_node_express" + "url": "https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications" }, { - "url": "https://github.com/mddanish/Vulnerable-OTP-Application", - "name": "Vulnerable OTP App", + "author": "@appsecco", + "badge": "appsecco/dvna", "collection": [ "offline" ], + "name": "Damn Vulnerable NodeJS Application - DVNA", + "notes": "Different project from the old DVNA", + "references": [], "technology": [ - "PHP", - "Google OTP" + "Node.js" ], - "references": [], - "author": "mddanish", - "notes": null, - "badge": "mddanish/Vulnerable-OTP-Application" + "url": "https://github.com/appsecco/dvna" }, { - "url": "https://github.com/yogisec/VulnerableSAMLApp", - "name": "Vulnerable SAML App", + "author": "Claudio Lacayo", + "badge": "isp1r0/DVNA", "collection": [ "offline" ], + "name": "Damn Vulnerable Node Application - DVNA", + "notes": null, + "references": [], "technology": [ - "Python" + "Node.js" ], - "references": [], - "author": "yogisec", - "notes": null, - "badge": "yogisec/VulnerableSAMLApp" + "url": "https://github.com/isp1r0/DVNA" }, { - "url": "https://github.com/ctxis/VulnerableXsltConsoleApplication", - "name": "VulnerableXsltConsoleApplication", + "author": "Dolev Farhi , Connor McKinnon", + "badge": "dolevf/Damn-Vulnerable-GraphQL-Application", "collection": [ + "container", "offline" ], + "name": "Damn Vulnerable GraphQL Application (DVGA)", + "notes": null, + "references": [], "technology": [ - ".Net" + "Python", + "HTML", + "Javascript", + "GraphQL", + "SQLAlchemy", + "docker" ], - "references": [], - "author": " Context Information Security", - "notes": "This is a console app, however it relates to an issues that is relevant to web apps: use of XSLT transforms for XML files.", - "badge": "ctxis/VulnerableXsltConsoleApplication" + "url": "https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application" }, { - "url": "https://github.com/sectooladdict/wavsep", - "name": "WAVSEP - Web Application Vulnerability Scanner Evaluation Project", + "author": "we45 (Abhay Bhargav)", + "badge": "we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service", "collection": [ "offline" ], - "technology": [ - "Java" - ], + "name": "Damn Vulnerable Functions as a Service (DVFaaS)", + "notes": null, "references": [ { - "name": "download", - "url": "http://sourceforge.net/projects/wavsep/" - }, - { - "name": "downloads", - "url": "https://code.google.com/p/wavsep/downloads/list" - }, - { - "name": "downloads", - "url": "https://github.com/sectooladdict/wavsep/wiki" + "name": "guide", + "url": "https://www.slideshare.net/abhaybhargav/an-attackers-view-of-serverless-and-graphql-apps-abhay-bhargav-appsec-california-2019" } ], - "author": "Shay Chen", - "notes": null, - "badge": "sectooladdict/wavsep" + "technology": [ + "Python", + "AWS" + ], + "url": "https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service" }, { - "url": "https://code.google.com/p/wivet/", - "name": "WIVET- Web Input Vector Extractor Teaser", + "author": "Thin Ba Shane (@art0flunam00n)", + "badge": "LunaM00n/File-Upload-Lab", "collection": [ "offline" ], - "technology": [], - "references": [ - { - "name": "download", - "url": "http://www.webguvenligi.org/projeler/wivet" - }, - { - "name": "downloads", - "url": "https://code.google.com/p/wivet/downloads/list?can=1&q=" - } - ], - "author": null, + "name": "Damn Vulnerable File Upload - DVFU", "notes": null, - "badge": null + "references": [], + "technology": [ + "PHP" + ], + "url": "https://github.com/LunaM00n/File-Upload-Lab" }, { - "url": "https://github.com/adamdoupe/WackoPicko", - "name": "WackoPicko", + "author": "Najam Ul Saqib (cybersoldier)", + "badge": "njmulsqb/DVEA", "collection": [ "offline" ], - "technology": [ - "PHP" - ], + "name": "Damn Vulnerable Electron App (DVEA)", + "notes": "A deliberately insecure ElectronJS application", "references": [ + { + "name": "announcement", + "url": "https://njmulsqb.github.io/2023/01/03/releasing-DVEA.html" + }, { "name": "download", - "url": "http://github.com/adamdoupe/WackoPicko/zipball/master" + "url": "https://github.com/njmulsqb/DVEA/" } ], - "author": null, - "notes": null, - "badge": "adamdoupe/WackoPicko" + "technology": [ + "ElectronJS" + ], + "url": "https://github.com/njmulsqb/DVEA/" }, { - "url": "http://www.mavensecurity.com/web_security_dojo/", - "name": "Web Security Dojo", + "author": "Rewanth Tammana, Akshansh Jaiswal, Hrushikesh Kakade", + "badge": "rewanthtammana/Damn-Vulnerable-Bank", "collection": [ - "container" - ], - "technology": [ - "VMware", - "VirtualBox" + "mobile" ], + "name": "Damn Vulnerable Bank", + "notes": null, "references": [ { - "name": "download", - "url": "http://sourceforge.net/projects/websecuritydojo/files/" + "name": "guide", + "url": "https://rewanthtammana.com/damn-vulnerable-bank/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "android" + ], + "url": "https://github.com/rewanthtammana/Damn-Vulnerable-Bank" }, { - "url": "https://webgoat.github.io/WebGoat/", - "name": "WebGoat", + "author": "Andrea Valenza, Enrico Russo, Gabriele Costa", + "badge": "AvalZ/DVAS", "collection": [ "offline" ], - "technology": [ - "Java" - ], + "name": "Damn Vulnerable Application Scanner (DVAS)", + "notes": "An intentionally vulnerable web application scanner", "references": [ - { - "name": "download", - "url": "https://github.com/WebGoat/WebGoat/releases" - }, { "name": "guide", - "url": "https://owasp.org/www-project-webgoat/" + "url": "https://ceur-ws.org/Vol-2940/paper36.pdf" }, { - "name": "docker", - "url": "https://hub.docker.com/r/webgoat/goatandwolf" + "name": "announcement", + "url": "https://avalz.it/research/metasploit-pro-xss-to-rce/" } ], - "author": "OWASP", - "notes": null, - "badge": "WebGoat/WebGoat" - }, - { - "url": "https://www.owasp.org/index.php/WebGoatPHP", - "name": "WebGoatPHP", - "collection": [ - "offline" - ], "technology": [ "PHP" ], - "references": [ - { - "name": "download", - "url": "http://github.com/OWASP/OWASPWebGoatPHP" - }, - { - "name": "downloads", - "url": "https://github.com/OWASP/OWASPWebGoatPHP/blob/master/README.md" - } - ], - "author": "OWASP", - "notes": null, - "badge": "OWASP/OWASPWebGoatPHP" + "url": "https://github.com/AvalZ/DVAS" }, { - "url": "https://github.com/commjoen/wrongsecrets", - "name": "WrongSecrets", + "author": "Miroslav Stampar", + "badge": "stamparm/DSVW", "collection": [ "offline" ], + "name": "Damn Small Vulnerable Web (DSVW)", + "notes": null, + "references": [], "technology": [ - "JavaScript", - "Java", - "Hashicorp Vault", - "Kubernetes", - "Docker", - "AWS", - "GCP" - ], - "references": [ - { - "name": "download", - "url": "https://github.com/commjoen/wrongsecrets" - } + "Python" ], - "author": "Jeroen Willemsen (@commjoen), Ben de Haan (@bendehaan), Nanne Baars (@nbaars)", - "notes": "OWASP WrongSecrets is a vulnerable app used to show how to not use secrets.", - "badge": "commjoen/wrongsecrets" + "url": "https://github.com/stamparm/DSVW" }, { - "url": "http://xxe.sourceforge.net/", - "name": "XXE", + "author": "Tim Steufmehl", + "badge": "snsttr/diwa", "collection": [ + "offline", "container" ], - "technology": [ - "VMware" - ], + "name": "DIWA - Deliberately Insecure Web Application", + "notes": "A Deliberately Insecure Web Application", "references": [ { - "name": "download", - "url": "http://sourceforge.net/projects/xxe/files/" + "name": "guide", + "url": "https://github.com/snsttr/diwa/tree/master/docs" } ], - "author": null, - "notes": null, - "badge": null - }, - { - "url": "https://github.com/jbarone/xxelab", - "name": "XXE Lab", - "collection": [ - "container", - "offline" - ], "technology": [ - "docker", - "vagrant" + "PHP", + "Docker" ], - "references": [], - "author": "Joshua Barone", - "notes": null, - "badge": "jbarone/xxelab" + "url": "https://github.com/snsttr/diwa" }, { - "url": "https://github.com/s4n7h0/xvwa", - "name": "Xtreme Vulnerable Web Application (XVWA)", + "author": null, + "badge": "fridaygoldsmith/bwa_cyclone_transfers", "collection": [ "offline" ], + "name": "Cyclone Transfers", + "notes": null, + "references": [], "technology": [ - "PHP", - "MySQL" - ], - "references": [ - { - "name": "download", - "url": "http://github.com/s4n7h0/xvwa" - } + "Ruby on Rails" ], - "author": "@s4n7h0, @samanL33T", - "notes": null, - "badge": "s4n7h0/xvwa" + "url": "https://github.com/fridaygoldsmith/bwa_cyclone_transfers" }, { - "url": "http://zero.webappsecurity.com/", - "name": "Zero Bank", + "author": "Arthur Kay", + "badge": "arthurakay/cyberscavengerhunt", "collection": [ "online" ], - "technology": [], + "name": "Cyber Scavenger Hunt", + "notes": "A simple scavenger hunt to learn about pentesting a website or web application.", "references": [ + { + "name": "download", + "url": "https://github.com/arthurakay/cyberscavengerhunt" + }, { "name": "live", - "url": "http://zero.webappsecurity.com" + "url": "https://cyberscavengerhunt.com" } ], - "author": "Micro Focus Fortify (was HP/SpiDynamics)", - "notes": "(username/password)", - "badge": null + "technology": [ + "Javacript", + "React" + ], + "url": "https://cyberscavengerhunt.com" }, { - "url": "http://www.itsecgames.com/", - "name": "bWAPP", + "author": "SpiderLabs", + "badge": "SpiderLabs/CryptOMG", "collection": [ "offline" ], - "technology": [ - "PHP" - ], + "name": "CryptOMG", + "notes": null, "references": [ { "name": "download", - "url": "http://sourceforge.net/projects/bwapp/files/" - }, - { - "name": "guide", - "url": "http://itsecgames.blogspot.be/2013/01/bwapp-installation.html" + "url": "http://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/" } ], - "author": null, - "notes": null, - "badge": null + "technology": [ + "PHP" + ], + "url": "https://github.com/SpiderLabs/CryptOMG" }, { - "url": "https://owasp.org/www-project-crapi/", - "name": "crAPI", + "author": "Rhino Security Labs", + "badge": "RhinoSecurityLabs/cloudgoat", "collection": [ "offline", "container" ], - "technology": [ - "Go", - "nginx" - ], + "name": "CloudGoat", + "notes": null, "references": [ { - "name": "downloads", - "url": "https://github.com/OWASP/crAPI" + "name": "guide", + "url": "https://medium.com/@rzepsky/playing-with-cloudgoat-part-1-hacking-aws-ec2-service-for-privilege-escalation-4c42cc83f9da" + }, + { + "name": "announcement", + "url": "https://rhinosecuritylabs.com/aws/cloudgoat-vulnerable-design-aws-environment/" + }, + { + "name": "docker", + "url": "https://hub.docker.com/r/rhinosecuritylabs/cloudgoat" } ], - "author": "Paulo Silva", - "notes": null, - "badge": "OWASP/crAPI" + "technology": [ + "Python", + "AWS" + ], + "url": "https://github.com/RhinoSecurityLabs/cloudgoat" }, { - "url": "https://github.com/snoopysecurity/dvws-node", - "name": "dvws-node", - "collection": [ - "offline", - "container" - ], - "technology": [ - "Web Services", - "NodeJS" + "author": "Conviso AppSec", + "badge": "convisolabs/CVWA", + "collection": [ + "offline" ], + "name": "CVWA - Conviso Vulnerable Web Application", + "notes": null, "references": [ { - "name": "guide", - "url": "https://github.com/snoopysecurity/dvws-node/wiki" + "name": "download", + "url": "http://github.com/convisolabs/CVWA" } ], - "author": "@snoopysecurity", - "notes": null, - "badge": "snoopysecurity/dvws-node" + "technology": [ + "PHP" + ], + "url": "http://github.com/convisolabs/CVWA" }, { - "url": "http://hackxor.sourceforge.net/cgi-bin/index.pl", - "name": "hackxor", + "author": "@ctflearn", + "badge": null, "collection": [ - "offline", "online" ], - "technology": [], + "name": "CTFLearn", + "notes": null, "references": [ { "name": "live", - "url": "https://hackxor.net" + "url": "https://ctflearn.com/" } ], - "author": "albinowax", - "notes": "First 2 levels online, rest offline. Web application hacking game via missions, based on real vulnerabilities.", - "badge": null + "technology": [], + "url": "https://ctflearn.com/" }, { - "url": "https://github.com/omerlh/insecure-deserialisation-net-poc", - "name": "insecure-deserialisation-net-poc", + "author": "Cider", + "badge": "cider-security-research/cicd-goat", "collection": [ - "offline" + "container" ], + "name": "CI/CD Goat", + "notes": "Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags.", + "references": [], "technology": [ - ".NET", - "JSON", - "yoserial.NET" + "Gitea", + "Jenkins", + "GitLab", + "Docker" ], - "references": [], - "author": "Omer Levi Hevroni", - "notes": "A small webserver vulnerable to insecure deserialization", - "badge": "omerlh/insecure-deserialisation-net-poc" + "url": "https://github.com/cider-security-research/cicd-goat" }, { - "url": "https://github.com/Sjord/jwtdemo/", - "name": "jwtdemo", + "author": null, + "badge": null, "collection": [ "offline" ], + "name": "Butterfly Security Project", + "notes": "Last updated in 2008", + "references": [ + { + "name": "download", + "url": "http://sourceforge.net/projects/thebutterflytmp/files/" + } + ], "technology": [ "PHP" ], + "url": "http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project/" + }, + { + "author": "OWASP - Chuck Willis", + "badge": null, + "collection": [ + "container" + ], + "name": "Broken Web Applications Project (BWA) - OWASP", + "notes": null, "references": [ { - "name": "guide", - "url": "https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/" + "name": "download", + "url": "https://github.com/chuckfw/owaspbwa/" + }, + { + "name": "download", + "url": "https://sourceforge.net/projects/owaspbwa/files/" } ], - "author": "Sjoerd Langkemper (Sjord)", - "notes": "Practice hacking JWT tokens.", - "badge": "Sjord/jwtdemo" + "technology": [ + "VMware" + ], + "url": "https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project" }, { - "url": "https://github.com/playframework/play-webgoat", - "name": "play-webgoat", + "author": "NeuraLegion", + "badge": "NeuraLegion/brokencrystals", "collection": [ - "offline" + "offline", + "online" + ], + "name": "Broken Crystals", + "notes": null, + "references": [ + { + "name": "live", + "url": "https://brokencrystals.com/" + } ], "technology": [ - "Java", - "Scala", - "Play Framework" + "react", + "Node", + "Swagger" ], - "references": [], - "author": null, - "notes": null, - "badge": "playframework/play-webgoat" + "url": "https://github.com/NeuraLegion/brokencrystals#vulnerabilities-overview" }, { - "url": "https://github.com/sakti/twitterlike", - "name": "twitterlike", + "author": "OWASP", + "badge": null, "collection": [ "offline" ], - "technology": [ - "PHP" - ], + "name": "Bricks", + "notes": null, "references": [ { "name": "download", - "url": "http://github.com/sakti/twitterlike" + "url": "http://sechow.com/bricks/download.html" + }, + { + "name": "guide", + "url": "http://sechow.com/bricks/docs/" } ], - "author": "Sakti Dwi Cahyono", - "notes": null, - "badge": "sakti/twitterlike" + "technology": [ + "PHP" + ], + "url": "http://sechow.com/bricks/index.html" }, { - "url": "https://github.com/roottusk/vapi", - "name": "vAPI", + "author": "Simon Bennetts (psiinon)", + "badge": "psiinon/bodgeit", "collection": [ - "offline" - ], - "technology": [ - "PHP" + "offline", + "container" ], + "name": "BodgeIt Store", + "notes": null, "references": [ { - "name": "guide", - "url": "https://github.com/roottusk/vapi/blob/master/README.md" + "name": "download", + "url": "http://github.com/psiinon/bodgeit/releases/latest" }, { "name": "docker", - "url": "https://hub.docker.com/r/roottusk/vapi" + "url": "https://hub.docker.com/r/psiinon/bodgeit" } ], - "author": "Tushar Kulkarni", - "notes": "vAPI is a Vulnerable Interface that demonstrates the OWASP API Top 10 vulnerabilities in the means of exercises", - "badge": "roottusk/vapi" + "technology": [ + "Java" + ], + "url": "https://github.com/psiinon/bodgeit" }, { - "url": "https://github.com/mattvaldes/vulnerable-api", - "name": "vulnerable-api", + "author": null, + "badge": null, "collection": [ - "offline" + "container" ], + "name": "Bee-Box", + "notes": null, + "references": [], "technology": [ - "Python" + "VMware" + ], + "url": "http://sourceforge.net/projects/bwapp/files/bee-box/" + }, + { + "author": "BGA Security", + "badge": null, + "collection": [ + "online" ], + "name": "BGA Vulnerable BANK App", + "notes": null, "references": [ { - "name": "download", - "url": "http://github.com/mattvaldes/vulnerable-api" + "name": "live", + "url": "http://www.bgabank.com/" } ], - "author": "Matthew Valdes", - "notes": null, - "badge": "mattvaldes/vulnerable-api" + "technology": [ + ".NET" + ], + "url": "http://www.bgabank.com/" }, { - "url": "https://github.com/marmicode/websheep", - "name": "websheep", + "author": "digininja (Robin Wood)", + "badge": "digininja/authlab", "collection": [ - "offline" - ], - "technology": [ - "Angular", - "JavaScript", - "Node" + "offline", + "online" ], + "name": "AuthLab", + "notes": null, "references": [ { "name": "guide", - "url": "https://github.com/marmicode/websheep" + "url": "https://digi.ninja/projects/authlab.php" + }, + { + "name": "live", + "url": "https://authlab.digi.ninja/" } ], - "author": "Younes Jaaidi (yjaaidi)", - "notes": " Websheep is an app based on a willingly vulnerable ReSTful APIs.", - "badge": "marmicode/websheep" + "technology": [ + "GO" + ], + "url": "https://github.com/digininja/authlab" }, { - "url": "https://github.com/cider-security-research/cicd-goat", - "name": "CI/CD Goat", + "author": "satishpatnayak", + "badge": "satishpatnayak/AndroGoat", "collection": [ - "container" + "mobile" + ], + "name": "AndroGoat", + "notes": null, + "references": [ + { + "name": "download", + "url": "https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk" + } ], "technology": [ - "Gitea", - "Jenkins", - "GitLab", - "Docker" + "Kotlin", + "Android" ], - "references": [], - "author": "Cider", - "notes": "Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags.", - "badge": "cider-security-research/cicd-goat" + "url": "https://github.com/satishpatnayak/AndroGoat" }, { - "url": "http://ffuf.me/", - "name": "FFUF.me", + "author": "IBM/Watchfire", + "badge": "hclproducts/AltoroJ", "collection": [ "online", - "offline", - "container" - ], - "technology": [ - "PHP", - "Docker" + "offline" ], + "name": "Altoro Mutual (AltoroJ)", + "notes": "Log in with jsmith/demo1234 or admin/admin", "references": [ { "name": "download", - "url": "https://github.com/adamtlangley/ffufme" + "url": "https://github.com/HCL-TECH-SOFTWARE/AltoroJ" }, { "name": "live", - "url": "http://ffuf.me/" + "url": "http://demo.testfire.net/" } ], - "author": "adamtlangley", - "notes": "Target practice for ffuf", - "badge": "adamtlangley/ffufme" + "technology": [ + "J2EE" + ], + "url": "http://demo.testfire.net/" }, { - "url": "https://pentest-ground.com/", - "name": "Pentest-Ground", + "author": "Acunetix", + "badge": null, "collection": [ - "online", - "container" - ], - "technology":[ - "PHP", - "Docker" + "online" ], - "references":[ + "name": "Acuart", + "notes": "Art shopping", + "references": [ { - "name": "Pentest-Ground", - "url": "https://pentest-ground.com/" + "name": "live", + "url": "http://testphp.vulnweb.com" } ], - "author": "Pentest-Tools.com", - "notes": "Suite of vulnerable web apps to practice", - "badge": null + "technology": [ + "PHP" + ], + "url": "http://testphp.vulnweb.com" + }, + { + "author": "OWASP", + "badge": "jerryhoff/WebGoat.NET", + "collection": [ + "offline" + ], + "name": ".NET Goat", + "notes": "Original main repo: http://github.com/jerryhoff/WebGoat.NET. Others: https://github.com/rapPayne/WebGoat.Net , https://github.com/jowasp/WebGoat.NET.", + "references": [], + "technology": [ + "C#" + ], + "url": "https://github.com/jerryhoff/WebGoat.NET" } ]