OWASP Broken Web Applications Project
☆312Mar 13, 2024Updated 2 years ago
Alternatives and similar repositories for owaspbwa
Users that are interested in owaspbwa are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A modern vulnerable web app☆1,024Mar 11, 2021Updated 5 years ago
- WackoPicko is a vulnerable web application used to test web application vulnerability scanners.☆349May 25, 2024Updated last year
- OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is…☆1,477Aug 3, 2025Updated 8 months ago
- A burp extension to generate sqlmap PoC from target HTTP request.☆27Jan 8, 2017Updated 9 years ago
- This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory☆881Updated this week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.☆5,516Feb 13, 2025Updated last year
- w3af packaging for Kali distribution☆26Nov 29, 2015Updated 10 years ago
- ☆15Sep 24, 2015Updated 10 years ago
- Damn Vulnerable Web Application (DVWA)☆12,896Mar 19, 2026Updated last month
- Web and mobile application security training platform☆1,440Mar 31, 2026Updated 2 weeks ago
- OWASP Skanda - SSRF Exploitation Framework☆38Jul 6, 2013Updated 12 years ago
- WebGoat is a deliberately insecure application☆9,083Feb 8, 2026Updated 2 months ago
- Damn Small Vulnerable Web☆864Dec 21, 2025Updated 3 months ago
- OWASP WebScarab☆615Aug 13, 2021Updated 4 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- The Web Application Vulnerability Scanner Evaluation Project☆238Oct 5, 2022Updated 3 years ago
- the main hackademic code repository☆324Oct 30, 2020Updated 5 years ago
- Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock☆22Oct 8, 2019Updated 6 years ago
- A web scraper for generating password files based on plain text found☆130Jul 19, 2023Updated 2 years ago
- POC for XStream RCE☆13Dec 23, 2013Updated 12 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- The main SamuraiWTF collaborative distro repo.☆558Mar 10, 2025Updated last year
- Compilation of JavaScript XSS oneliners payloads that rocks your nuts!☆24Jul 14, 2017Updated 8 years ago
- The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.☆283Aug 13, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Web application fuzzer☆6,466Jan 21, 2026Updated 2 months ago
- Burp Suite extension to passively scan for applications revealing server error messages☆64Dec 15, 2023Updated 2 years ago
- w3af: web application attack and audit framework, the open source web vulnerability scanner.☆4,864Feb 22, 2023Updated 3 years ago
- Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdom…��☆101Apr 7, 2023Updated 3 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- This repository contains the POC of an exploit for node-jose < 0.11.0☆25Feb 24, 2023Updated 3 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆426Feb 18, 2020Updated 6 years ago
- Advanced web server fingerprinting☆22Sep 27, 2017Updated 8 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Parse X509 certificates to get the (sub)domains in it.☆28Jun 14, 2018Updated 7 years ago
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,876Nov 10, 2023Updated 2 years ago
- OWASP Juice Shop: Probably the most modern and sophisticated insecure web application☆12,930Updated this week
- Tooll for sql injections scan☆11Jul 17, 2018Updated 7 years ago
- OWASP Foundation Web Respository for VulnerableApp project. Project's codebase Repository: https://github.com/SasanLabs/VulnerableApp☆13Updated this week
- Retrive the status codes from a list of URLs☆33May 18, 2020Updated 5 years ago
- Docker container for OWASP Mutillidae II Web Pen-Test Practice Application☆71Dec 13, 2021Updated 4 years ago