Very Vulnerable Management API (VVMA) is a deliberately insecure RESTful API built with Node.js for educational and testing purposes. It includes vulnerabilities from the OWASP Top 10 API, allowing learners, security professionals, and developers to explore and understand common API security flaws.
☆70Jun 5, 2025Updated 9 months ago
Alternatives and similar repositories for VVMA
Users that are interested in VVMA are comparing it to the libraries listed below
Sorting:
- HackList: Your go-to AI-powered guide to hands-on cybersecurity learning!☆24Jul 6, 2025Updated 8 months ago
- Penstaller: A Python tool to automate the installation of essential bug bounty and pentesting tools. With one command, it sets up tools f…☆17Mar 14, 2025Updated 11 months ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆13Jul 16, 2025Updated 7 months ago
- A deliberately vulnerable mobile banking application designed for practicing mobile security testing. Features common vulnerabilities fou…☆80Nov 25, 2025Updated 3 months ago
- Comprehensive AWS cloud reconnaissance and privilege escalation toolkit written in Python. Features IAM, EC2, S3, Lambda, ECS, Secrets Ma…☆49Jul 8, 2025Updated 7 months ago
- This is my personal repo, which includes bug bounty tips, a collection of tools, one-liners, and other resources I personally prefer whil…☆65Apr 25, 2025Updated 10 months ago
- Azure AD (Entra ID) enumeration tool. Find related domains and tenant information in a simple way.☆35Oct 4, 2024Updated last year
- Proxll is a tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h☆41Oct 8, 2024Updated last year
- This is an advanced ASMI bypass that is currently undetected by Windows Defender and all the Antivirus software's on virustotal.☆25Jun 10, 2025Updated 8 months ago
- ☆102Apr 4, 2025Updated 11 months ago
- A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure cod…☆593Nov 23, 2025Updated 3 months ago
- SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source c…☆110Aug 21, 2025Updated 6 months ago
- ☆22Feb 3, 2026Updated last month
- HuntersEye is designed for Bug Bounty Hunters, and Security Researchers to monitor new subdomains and certificates for specified domains.…☆21Dec 29, 2023Updated 2 years ago
- ☆82Apr 28, 2025Updated 10 months ago
- My notes while studying for the PNPT from TCM Security.☆81Mar 30, 2024Updated last year
- Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from si…☆37Feb 6, 2026Updated last month
- Learn how to intercept flutter apps☆23Jan 19, 2024Updated 2 years ago
- You can gather useful information accounts by username across all types networks ( which also include social media)☆27Oct 19, 2023Updated 2 years ago
- When Your Vision Reaches Beyond IAM Boundary Scope in AWS Cloud☆45Dec 7, 2025Updated 3 months ago
- These are installation notes based on Mayfly's installation notes. They are more streamlined for Vagrant as I did not take the Docker rou…☆28Jun 19, 2024Updated last year
- Custom Amsi Bypass by patching AmsiOpenSession function in amsi.dll☆50Jun 16, 2025Updated 8 months ago
- ☆43Mar 13, 2025Updated 11 months ago
- Collection of Notes and CheatSheets used for Red teaming Certs☆494Feb 13, 2023Updated 3 years ago
- Payload Generation Workflow☆40Jul 18, 2025Updated 7 months ago
- This project automates SOC workflows using Wazuh, Shuffle, and TheHive. It involves setting up a Windows 10 client with Sysmon and Ubuntu…☆36Jun 7, 2024Updated last year
- My notes containing the Certified Red Team Professional Course☆68Sep 7, 2024Updated last year
- ☆54Oct 13, 2025Updated 4 months ago
- CVE-2021-26855: PoC (Not a HoneyPoC for once!)☆27Apr 26, 2025Updated 10 months ago
- Cross platform (Linux / Windows) shellcode packer for CTFs and pentest / red team exams aiming for AV evasion !☆114Feb 28, 2026Updated last week
- A modern GoPhish fork with improved tracking accuracy and smarter detection.☆87Feb 16, 2026Updated 2 weeks ago
- Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered b…☆83Nov 15, 2025Updated 3 months ago
- Neo4LDAP is a query and visualization tool focused on Active Directory environments. It combines LDAP syntax with graph-based data analys…☆95Feb 3, 2026Updated last month
- This Repo serves as a collection of shared security and penetration testing resources for the cloud.☆294Jul 21, 2024Updated last year
- ☆11Sep 15, 2024Updated last year
- CTF Helper is a powerful, modular Command Line Interface (CLI) tool designed for Capture The Flag (CTF) competitions and cybersecurity ta…☆34Sep 26, 2025Updated 5 months ago
- ☆12Mar 8, 2025Updated 11 months ago
- Shellcode Tester Pro is a graphical interface tool for analysis, simulated execution, and reverse engineering of malicious shellcodes.☆42Apr 7, 2025Updated 11 months ago
- A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.☆35Aug 30, 2022Updated 3 years ago