Awesome Vulnerable Applications

Curated list of various vulnerable by design applications

Contents

• Online
• Paid
• Docker
• Vulnerable VMs
• Open-source apps
• Cloud
• SSO - Single Sign On
• Uncategorized

---

Online

Online vulnerable app and CTFs

• Hacker101 CTF
• Web Security Academy
• Hack The Box
• Try Hack Me
• CTFtime
• PWNABLE.KR

Paid

Paid tranining courses

• PentesterLab

Docker

• DSVW - Damn Small Vulnerable Web
• Pentest_lab
• DVWP - Damn Vulnerable WordPress
• OWASP SKF labs

Vulnerable VMs

• Vulhub
• Exploit Exercises

Open-source apps

About this section. Optional. Keep this short and focus on the list.

• Owasp Juice shop
• DVWA - Damn Vulnerable Web Application
• bWAPP, or a buggy web application
• Xtreme Vulnerable Web Application
• DVRF - Damn Vulnerable Router Firmware
• Damn Vulnerable Bank

Cloud

• CloudGoat
• CdkGoat - Vulnerable AWS CDK Infra
• Cfngoat - Vulnerable Cloudformation Template
• TerraGoat - Vulnerable Terraform Infra

SSO - Single Sign On

• vulnerable-sso

Uncategorized

• leaky-repo
• DVNA - Damn Vulneable NodeJS Application
• dvws - Damn Vulnerable Web Services
• Metasploitable3
• CORS-vulnerable-Lab
• SSRF_Vulnerable_Lab
• xxelab
• exploit-workshop
• Yet Another Vulnerability Database
• Extreme Vulnerable Node Application
• OWASP Mutillidae II
• xssed
• wavsep
• Kubernetes Goat
• caponeme - Capital One Breach
• clicker-service - simulate XSS

Contribute

Contributions welcome! Read the contribution guidelines first.

License

To the extent possible under law, vavkamil has waived all copyright and related or neighboring rights to this work.