Alternatives and similar repositories for DVWA

Users that are interested in DVWA are comparing it to the libraries listed below

• Audi-1 / sqli-labs
  SQLI labs to test error based, Blind boolean based, Time based.
  ☆5,535Updated last year
• xmendez / wfuzz
  Web application fuzzer
  ☆6,235Updated 11 months ago
• fuzzdb-project / fuzzdb
  Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  ☆8,603Updated last year
• maurosoria / dirsearch
  Web path scanner
  ☆13,180Updated last month
• andresriancho / w3af
  w3af: web application attack and audit framework, the open source web vulnerability scanner.
  ☆4,744Updated 2 years ago
• wpscanteam / wpscan
  WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websit…
  ☆9,117Updated this week
• sullo / nikto
  Nikto web server scanner
  ☆9,481Updated 3 weeks ago
• urbanadventurer / WhatWeb
  Next generation web scanner
  ☆5,975Updated this week
• rapid7 / metasploitable3
  Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
  ☆5,138Updated 5 months ago
• epinna / weevely3
  Weaponized web shell
  ☆3,342Updated 9 months ago
• EnableSecurity / wafw00f
  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
  ☆5,781Updated 7 months ago
• rebootuser / LinEnum
  Scripted Local Linux Enumeration & Privilege Escalation Checks
  ☆7,484Updated last year
• The-Z-Labs / linux-exploit-suggester
  Linux privilege escalation auditing tool
  ☆6,070Updated last year
• CTFd / CTFd
  CTFs as you need them
  ☆6,137Updated this week
• aboul3la / Sublist3r
  Fast subdomains enumeration tool for penetration testers
  ☆10,503Updated last year
• s0md3v / XSStrike
  Most advanced XSS scanner.
  ☆14,171Updated 3 months ago
• WebGoat / WebGoat
  WebGoat is a deliberately insecure application
  ☆7,636Updated 2 weeks ago
• OJ / gobuster
  Directory/File, DNS and VHost busting tool written in Go
  ☆12,236Updated this week
• vulhub / vulhub
  Pre-Built Vulnerable Environments Based on Docker-Compose
  ☆19,266Updated 2 weeks ago
• michenriksen / aquatone
  A Tool for Domain Flyovers
  ☆5,810Updated 3 years ago
• guelfoweb / knock
  Knock Subdomain Scan
  ☆4,034Updated last month
• tennc / webshell
  This is a webshell open source project
  ☆10,457Updated 7 months ago
• Arachni / arachni
  Web Application Security Scanner Framework
  ☆3,931Updated 2 months ago
• offensive-security / exploitdb
  The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
  ☆7,808Updated 2 years ago
• frohoff / ysoserial
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,392Updated last year
• commixproject / commix
  Automated All-in-One OS Command Injection Exploitation Tool.
  ☆5,351Updated last week
• samratashok / nishang
  Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
  ☆9,364Updated last year
• lanjelot / patator
  Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
  ☆3,761Updated 2 months ago
• codingo / NoSQLMap
  Automated NoSQL database enumeration and web application exploitation tool.
  ☆3,121Updated last month
• scipag / vulscan
  Advanced vulnerability scanning with Nmap NSE
  ☆3,643Updated 10 months ago