Alternatives and similar repositories for DVWA

Users that are interested in DVWA are comparing it to the libraries listed below

• fuzzdb-project / fuzzdb
  Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  ☆8,671Updated last year
• rapid7 / metasploitable3
  Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
  ☆5,206Updated 7 months ago
• WebGoat / WebGoat
  WebGoat is a deliberately insecure application
  ☆7,730Updated last week
• maurosoria / dirsearch
  Web path scanner
  ☆13,400Updated 2 months ago
• EnableSecurity / wafw00f
  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
  ☆5,847Updated last week
• xmendez / wfuzz
  Web application fuzzer
  ☆6,278Updated last year
• tennc / webshell
  This is a webshell open source project
  ☆10,510Updated 8 months ago
• urbanadventurer / WhatWeb
  Next generation web scanner
  ☆6,061Updated 3 weeks ago
• rebootuser / LinEnum
  Scripted Local Linux Enumeration & Privilege Escalation Checks
  ☆7,574Updated 2 years ago
• infosecn1nja / Red-Teaming-Toolkit
  This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
  ☆9,794Updated last month
• s0md3v / XSStrike
  Most advanced XSS scanner.
  ☆14,306Updated 4 months ago
• ticarpi / jwt_tool
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,069Updated 4 months ago
• 1N3 / IntruderPayloads
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,849Updated 3 years ago
• mandiant / commando-vm
  Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…
  ☆7,351Updated 11 months ago
• foospidy / payloads
  Git All the Payloads! A collection of web attack payloads.
  ☆3,827Updated 2 years ago
• commixproject / commix
  Automated All-in-One OS Command Injection Exploitation Tool.
  ☆5,444Updated this week
• andresriancho / w3af
  w3af: web application attack and audit framework, the open source web vulnerability scanner.
  ☆4,782Updated 2 years ago
• ffuf / ffuf
  Fast web fuzzer written in Go
  ☆14,736Updated 4 months ago
• OWASP / wstg
  The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
  ☆8,321Updated last week
• payloadbox / xss-payload-list
  🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
  ☆7,500Updated last year
• webpwnized / mutillidae
  OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is…
  ☆1,408Updated last month
• Audi-1 / sqli-labs
  SQLI labs to test error based, Blind boolean based, Time based.
  ☆5,572Updated last year
• aboul3la / Sublist3r
  Fast subdomains enumeration tool for penetration testers
  ☆10,574Updated last year
• epinna / weevely3
  Weaponized web shell
  ☆3,372Updated 10 months ago
• owasp-amass / amass
  In-depth attack surface mapping and asset discovery
  ☆13,537Updated last week
• trustedsec / ptf
  The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
  ☆5,379Updated 11 months ago
• RedSiege / EyeWitness
  EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  ☆5,434Updated 3 weeks ago
• offensive-security / exploitdb
  The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
  ☆7,817Updated 2 years ago
• michenriksen / aquatone
  A Tool for Domain Flyovers
  ☆5,847Updated 3 years ago
• projectdiscovery / subfinder
  Fast passive subdomain enumeration tool.
  ☆12,262Updated this week