OWASP Broken Web Applications Project
☆312Mar 13, 2024Updated 2 years ago
Alternatives and similar repositories for owaspbwa
Users that are interested in owaspbwa are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A modern vulnerable web app☆1,028Mar 11, 2021Updated 5 years ago
- WackoPicko is a vulnerable web application used to test web application vulnerability scanners.☆349May 25, 2024Updated last year
- OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is…☆1,480Apr 20, 2026Updated 2 weeks ago
- A burp extension to generate sqlmap PoC from target HTTP request.☆27Jan 8, 2017Updated 9 years ago
- This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory☆882Apr 13, 2026Updated 3 weeks ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.☆5,538Feb 13, 2025Updated last year
- w3af packaging for Kali distribution☆26Nov 29, 2015Updated 10 years ago
- ☆15Sep 24, 2015Updated 10 years ago
- Damn Vulnerable Web Application (DVWA)☆12,999Mar 19, 2026Updated last month
- Web and mobile application security training platform☆1,439Mar 31, 2026Updated last month
- OWASP Skanda - SSRF Exploitation Framework☆38Jul 6, 2013Updated 12 years ago
- WebGoat is a deliberately insecure application☆9,108Feb 8, 2026Updated 3 months ago
- Damn Small Vulnerable Web☆866Dec 21, 2025Updated 4 months ago
- OWASP WebScarab☆614Aug 13, 2021Updated 4 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- The Web Application Vulnerability Scanner Evaluation Project☆241Oct 5, 2022Updated 3 years ago
- the main hackademic code repository☆324Oct 30, 2020Updated 5 years ago
- Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock☆22Oct 8, 2019Updated 6 years ago
- A web scraper for generating password files based on plain text found☆130Jul 19, 2023Updated 2 years ago
- POC for XStream RCE☆13Dec 23, 2013Updated 12 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- The main SamuraiWTF collaborative distro repo.☆559Mar 10, 2025Updated last year
- Compilation of JavaScript XSS oneliners payloads that rocks your nuts!☆24Jul 14, 2017Updated 8 years ago
- The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.☆285Aug 13, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Web application fuzzer☆6,479Jan 21, 2026Updated 3 months ago
- Burp Suite extension to passively scan for applications revealing server error messages☆64Dec 15, 2023Updated 2 years ago
- w3af: web application attack and audit framework, the open source web vulnerability scanner.☆4,868Feb 22, 2023Updated 3 years ago
- Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdom…☆101Apr 7, 2023Updated 3 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- This repository contains the POC of an exploit for node-jose < 0.11.0☆26Feb 24, 2023Updated 3 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆427Feb 18, 2020Updated 6 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- Advanced web server fingerprinting☆22Sep 27, 2017Updated 8 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Parse X509 certificates to get the (sub)domains in it.☆28Jun 14, 2018Updated 7 years ago
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,895Nov 10, 2023Updated 2 years ago
- OWASP Juice Shop: Probably the most modern and sophisticated insecure web application☆13,066Apr 29, 2026Updated last week
- Tooll for sql injections scan☆11Jul 17, 2018Updated 7 years ago
- OWASP Foundation Web Respository for VulnerableApp project. Project's codebase Repository: https://github.com/SasanLabs/VulnerableApp☆13Apr 13, 2026Updated 3 weeks ago
- Retrive the status codes from a list of URLs☆33May 18, 2020Updated 5 years ago
- Docker container for OWASP Mutillidae II Web Pen-Test Practice Application☆71Dec 13, 2021Updated 4 years ago