Very Vulnerable Management API (VVMA) is a deliberately insecure RESTful API built with Node.js for educational and testing purposes. It includes vulnerabilities from the OWASP Top 10 API, allowing learners, security professionals, and developers to explore and understand common API security flaws.
☆70Jun 5, 2025Updated 11 months ago
Alternatives and similar repositories for VVMA
Users that are interested in VVMA are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Penstaller: A Python tool to automate the installation of essential bug bounty and pentesting tools. With one command, it sets up tools f…☆18Mar 14, 2025Updated last year
- This is my personal repo, which includes bug bounty tips, a collection of tools, one-liners, and other resources I personally prefer whil…☆68Apr 25, 2025Updated last year
- Comprehensive AWS cloud reconnaissance and privilege escalation toolkit written in Python. Features IAM, EC2, S3, Lambda, ECS, Secrets Ma…☆50Jul 8, 2025Updated 10 months ago
- This is a Python script that generates a staged payload that fully bypasses MS Defender. Can potentially be used for EDRs with some custo…☆77Mar 31, 2026Updated last month
- Learn how to intercept flutter apps☆25Jan 19, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source c…☆113Apr 26, 2026Updated last week
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆14Apr 2, 2026Updated last month
- A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure cod…☆708Updated this week
- This is an advanced ASMI bypass that is currently undetected by Windows Defender and all the Antivirus software's on virustotal.☆25Jun 10, 2025Updated 10 months ago
- Custom Amsi Bypass by patching AmsiOpenSession function in amsi.dll☆51Jun 16, 2025Updated 10 months ago
- A modern tool written in python for hunting open redirection☆29Aug 8, 2023Updated 2 years ago
- Azure AD (Entra ID) enumeration tool. Find related domains and tenant information in a simple way.☆35Oct 4, 2024Updated last year
- Proxll is a tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h☆41Oct 8, 2024Updated last year
- Google Dork Scanner for Google Chrome Extension☆17May 10, 2025Updated 11 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆102Apr 4, 2025Updated last year
- My notes containing the Certified Red Team Professional Course☆73Sep 7, 2024Updated last year
- Beginner Road map that paves the way for your journey into the captivating world of cyber security based on job roles.☆25Jan 27, 2024Updated 2 years ago
- You can gather useful information accounts by username across all types networks ( which also include social media)☆29Oct 19, 2023Updated 2 years ago
- ☆80Apr 28, 2025Updated last year
- This project documents my hands-on journey in learning and conducting internal Active Directory (AD) penetration testing. The exercises s…☆16Apr 19, 2025Updated last year
- Research into Undocumented Behavior of Azure AD Refresh Tokens☆13Oct 27, 2023Updated 2 years ago
- ☆11Sep 15, 2024Updated last year
- These are installation notes based on Mayfly's installation notes. They are more streamlined for Vagrant as I did not take the Docker rou…☆28Jun 19, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆12Dec 6, 2024Updated last year
- An Android app to easily manage Frida server on your device or emulator☆120Jan 3, 2026Updated 4 months ago
- Collection of Notes and CheatSheets used for Red teaming Certs☆497Feb 13, 2023Updated 3 years ago
- When Your Vision Reaches Beyond IAM Boundary Scope in AWS Cloud☆46Dec 7, 2025Updated 5 months ago
- ☆400Jun 25, 2025Updated 10 months ago
- Defcon 28 - Red Team Village - Applied Purple Teaming - Why Can't We Be Friends☆26Aug 9, 2020Updated 5 years ago
- This tool is designed to seamlessly convert Postman collections into OpenAPI schemas. This conversion is essential for API security testi…☆12Sep 3, 2024Updated last year
- 🔍 erroreyes – Lightweight Subdomain Enumeration Tool A Python-based tool that queries crt.sh certificate logs to discover subdomains ass…☆16May 8, 2025Updated last year
- Web Crawler for Identifying Entry Points☆11Mar 26, 2024Updated 2 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Deliberately insecure Kubernetes test clusters built using kind☆13Aug 16, 2019Updated 6 years ago
- This project automates SOC workflows using Wazuh, Shuffle, and TheHive. It involves setting up a Windows 10 client with Sysmon and Ubuntu…☆39Jun 7, 2024Updated last year
- 🚧 Bypass Android SSL Pinning with ProxyMan and Frida☆32Aug 1, 2024Updated last year
- Knowledge base on cybercriminal concealment techniques☆234Mar 18, 2026Updated last month
- ☆47Mar 7, 2025Updated last year
- CVE-2025-64155: Fortinet FortiSIEM Argument Injection to Remote Code Execution☆31Jan 13, 2026Updated 3 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 10 months ago