OWASP Broken Web Applications Project
☆312Mar 13, 2024Updated 2 years ago
Alternatives and similar repositories for owaspbwa
Users that are interested in owaspbwa are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A modern vulnerable web app☆1,030Mar 11, 2021Updated 5 years ago
- WackoPicko is a vulnerable web application used to test web application vulnerability scanners.☆348May 25, 2024Updated 2 years ago
- OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is…☆1,484Apr 20, 2026Updated last month
- A burp extension to generate sqlmap PoC from target HTTP request.☆27Jan 8, 2017Updated 9 years ago
- This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory☆883Apr 13, 2026Updated last month
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.☆5,572Feb 13, 2025Updated last year
- w3af packaging for Kali distribution☆26Nov 29, 2015Updated 10 years ago
- ☆15Sep 24, 2015Updated 10 years ago
- Damn Vulnerable Web Application (DVWA)☆13,113May 10, 2026Updated 2 weeks ago
- Web and mobile application security training platform☆1,443May 11, 2026Updated 2 weeks ago
- OWASP Skanda - SSRF Exploitation Framework☆38Jul 6, 2013Updated 12 years ago
- WebGoat is a deliberately insecure application☆9,120Feb 8, 2026Updated 3 months ago
- Damn Small Vulnerable Web☆868Dec 21, 2025Updated 5 months ago
- OWASP WebScarab☆613Aug 13, 2021Updated 4 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- The Web Application Vulnerability Scanner Evaluation Project☆240Oct 5, 2022Updated 3 years ago
- the main hackademic code repository☆324Oct 30, 2020Updated 5 years ago
- Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock☆22Oct 8, 2019Updated 6 years ago
- A web scraper for generating password files based on plain text found☆130Jul 19, 2023Updated 2 years ago
- POC for XStream RCE☆13Dec 23, 2013Updated 12 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- The main SamuraiWTF collaborative distro repo.☆560Mar 10, 2025Updated last year
- Compilation of JavaScript XSS oneliners payloads that rocks your nuts!☆24Jul 14, 2017Updated 8 years ago
- Sabonis, a Digital Forensics and Incident Response pivoting tool☆20Mar 3, 2022Updated 4 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.☆286Aug 13, 2024Updated last year
- Web application fuzzer☆6,507Jan 21, 2026Updated 4 months ago
- Burp Suite extension to passively scan for applications revealing server error messages☆65Dec 15, 2023Updated 2 years ago
- w3af: web application attack and audit framework, the open source web vulnerability scanner.☆4,869Feb 22, 2023Updated 3 years ago
- Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdom…☆101Apr 7, 2023Updated 3 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- This repository contains the POC of an exploit for node-jose < 0.11.0☆26Feb 24, 2023Updated 3 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆426Feb 18, 2020Updated 6 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Advanced web server fingerprinting☆22Sep 27, 2017Updated 8 years ago
- Parse X509 certificates to get the (sub)domains in it.☆28Jun 14, 2018Updated 7 years ago
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,917Nov 10, 2023Updated 2 years ago
- OWASP Juice Shop: Probably the most modern and sophisticated insecure web application☆13,223Updated this week
- Tooll for sql injections scan☆11Jul 17, 2018Updated 7 years ago
- OWASP Foundation Web Respository for VulnerableApp project. Project's codebase Repository: https://github.com/SasanLabs/VulnerableApp☆13Apr 13, 2026Updated last month
- Docker container for OWASP Mutillidae II Web Pen-Test Practice Application☆71Dec 13, 2021Updated 4 years ago