OWASP Broken Web Applications Project
☆312Mar 13, 2024Updated 2 years ago
Alternatives and similar repositories for owaspbwa
Users that are interested in owaspbwa are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A modern vulnerable web app☆1,023Mar 11, 2021Updated 5 years ago
- WackoPicko is a vulnerable web application used to test web application vulnerability scanners.☆348May 25, 2024Updated last year
- OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is…☆1,474Aug 3, 2025Updated 7 months ago
- A burp extension to generate sqlmap PoC from target HTTP request.☆27Jan 8, 2017Updated 9 years ago
- This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory☆884Mar 2, 2026Updated 3 weeks ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.☆5,483Feb 13, 2025Updated last year
- w3af packaging for Kali distribution☆26Nov 29, 2015Updated 10 years ago
- ☆15Sep 24, 2015Updated 10 years ago
- Damn Vulnerable Web Application (DVWA)☆12,806Mar 19, 2026Updated last week
- Web and mobile application security training platform☆1,433Updated this week
- OWASP Skanda - SSRF Exploitation Framework☆38Jul 6, 2013Updated 12 years ago
- WebGoat is a deliberately insecure application☆9,042Feb 8, 2026Updated last month
- Damn Small Vulnerable Web☆862Dec 21, 2025Updated 3 months ago
- OWASP WebScarab☆615Aug 13, 2021Updated 4 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- The Web Application Vulnerability Scanner Evaluation Project☆241Oct 5, 2022Updated 3 years ago
- the main hackademic code repository☆324Oct 30, 2020Updated 5 years ago
- Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock☆22Oct 8, 2019Updated 6 years ago
- A web scraper for generating password files based on plain text found☆130Jul 19, 2023Updated 2 years ago
- POC for XStream RCE☆13Dec 23, 2013Updated 12 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- The main SamuraiWTF collaborative distro repo.☆556Mar 10, 2025Updated last year
- Compilation of JavaScript XSS oneliners payloads that rocks your nuts!☆24Jul 14, 2017Updated 8 years ago
- The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.☆282Aug 13, 2024Updated last year
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Web application fuzzer☆6,452Jan 21, 2026Updated 2 months ago
- Burp Suite extension to passively scan for applications revealing server error messages☆64Dec 15, 2023Updated 2 years ago
- w3af: web application attack and audit framework, the open source web vulnerability scanner.☆4,857Feb 22, 2023Updated 3 years ago
- Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdom…☆101Apr 7, 2023Updated 2 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- This repository contains the POC of an exploit for node-jose < 0.11.0☆25Feb 24, 2023Updated 3 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆426Feb 18, 2020Updated 6 years ago
- Advanced web server fingerprinting☆22Sep 27, 2017Updated 8 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Parse X509 certificates to get the (sub)domains in it.☆28Jun 14, 2018Updated 7 years ago
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,862Nov 10, 2023Updated 2 years ago
- OWASP Juice Shop: Probably the most modern and sophisticated insecure web application☆12,742Updated this week
- Tooll for sql injections scan☆11Jul 17, 2018Updated 7 years ago
- Retrive the status codes from a list of URLs☆33May 18, 2020Updated 5 years ago
- Docker container for OWASP Mutillidae II Web Pen-Test Practice Application☆71Dec 13, 2021Updated 4 years ago
- The OWASP Developer Guide☆2,148Updated this week