Alternatives and similar repositories for DVWA

Users that are interested in DVWA are comparing it to the libraries listed below

• fuzzdb-project / fuzzdb
  Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  ☆8,697Updated last year
• xmendez / wfuzz
  Web application fuzzer
  ☆6,297Updated last year
• The-Z-Labs / linux-exploit-suggester
  Linux privilege escalation auditing tool
  ☆6,196Updated last year
• rebootuser / LinEnum
  Scripted Local Linux Enumeration & Privilege Escalation Checks
  ☆7,616Updated 2 years ago
• rapid7 / metasploitable3
  Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
  ☆5,235Updated 7 months ago
• andresriancho / w3af
  w3af: web application attack and audit framework, the open source web vulnerability scanner.
  ☆4,792Updated 2 years ago
• peass-ng / PEASS-ng
  PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
  ☆18,432Updated this week
• maurosoria / dirsearch
  Web path scanner
  ☆13,497Updated 2 weeks ago
• zaproxy / zaproxy
  The ZAP by Checkmarx Core project
  ☆14,180Updated this week
• zardus / ctf-tools
  Some setup scripts for security research tools.
  ☆9,094Updated 2 weeks ago
• sullo / nikto
  Nikto web server scanner
  ☆9,679Updated last month
• aboul3la / Sublist3r
  Fast subdomains enumeration tool for penetration testers
  ☆10,610Updated last year
• EnableSecurity / wafw00f
  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
  ☆5,902Updated 3 weeks ago
• DominicBreuker / pspy
  Monitor linux processes without root permissions
  ☆5,673Updated 2 years ago
• Gallopsled / pwntools
  CTF framework and exploit development library
  ☆12,925Updated last week
• commixproject / commix
  Automated All-in-One OS Command Injection Exploitation Tool.
  ☆5,470Updated this week
• urbanadventurer / WhatWeb
  Next generation web scanner
  ☆6,108Updated this week
• ffuf / ffuf
  Fast web fuzzer written in Go
  ☆14,844Updated 5 months ago
• epinna / weevely3
  Weaponized web shell
  ☆3,385Updated this week
• beefproject / beef
  The Browser Exploitation Framework Project
  ☆10,467Updated last week
• offensive-security / exploitdb
  The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
  ☆7,816Updated 2 years ago
• GTFOBins / GTFOBins.github.io
  GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
  ☆12,153Updated 2 weeks ago
• fortra / impacket
  Impacket is a collection of Python classes for working with network protocols.
  ☆14,918Updated this week
• pentestmonkey / php-reverse-shell
  ☆2,563Updated last year
• WebGoat / WebGoat
  WebGoat is a deliberately insecure application
  ☆8,465Updated last week
• ticarpi / jwt_tool
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,115Updated 5 months ago
• scipag / vulscan
  Advanced vulnerability scanning with Nmap NSE
  ☆3,672Updated last year
• RsaCtfTool / RsaCtfTool
  RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
  ☆6,442Updated last month
• byt3bl33d3r / CrackMapExec
  A swiss army knife for pentesting networks
  ☆8,932Updated last year
• samratashok / nishang
  Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  ☆9,503Updated last year