geeksonsecurity/vuln-web-apps external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

geeksonsecurity/vuln-web-apps

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/geeksonsecurity/vuln-web-apps)

Close

geeksonsecurity / vuln-web-appsView on GitHubMore

• External links
• Readme badge

A curated list of vulnerable web applications.

☆341Dec 30, 2023Updated 2 years ago

Alternatives and similar repositories for vuln-web-apps

Users that are interested in vuln-web-apps are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• kaiiyer / awesome-vulnerable

  View on GitHub
  A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
  ☆1,276Jan 11, 2026Updated 2 months ago
• vavkamil / awesome-vulnerable-apps

  View on GitHub
  Awesome Vulnerable Applications
  ☆1,379Mar 9, 2026Updated 3 weeks ago
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,385Feb 17, 2026Updated last month
• emadshanab / BChecks-Collection

  View on GitHub
  BChecks collection for Burp Suite Professional
  ☆100Jun 6, 2024Updated last year
• OWASP / Vulnerable-Web-Application

  View on GitHub
  OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
  ☆408Jul 10, 2024Updated last year
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• redhuntlabs / BurpSuite-Asset_Discover

  View on GitHub
  Burp Suite extension to discover assets from HTTP response.
  ☆233Jan 22, 2025Updated last year
• hakluke / weaponised-XSS-payloads

  View on GitHub
  XSS payloads designed to turn alert(1) into P1
  ☆1,395Sep 12, 2023Updated 2 years ago
• CSPF-Founder / PHPSecurityCourse

  View on GitHub
  ☆22Jan 24, 2019Updated 7 years ago
• thomaslaurenson / trophyroom

  View on GitHub
  Collection of walk through, hints, notes, code snippets, tools logs and resources for vulnerable CTF-style boxes
  ☆12Dec 3, 2025Updated 3 months ago
• OWASP / OWASP-VWAD

  View on GitHub
  This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
  ☆884Mar 2, 2026Updated 3 weeks ago
• Zombiehelp54 / CTF

  View on GitHub
  CTF Writeups
  ☆12Feb 25, 2023Updated 3 years ago
• erev0s / VAmPI

  View on GitHub
  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
  ☆1,192Nov 25, 2024Updated last year
• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,364Jan 24, 2021Updated 5 years ago
• subfinder / goaltdns

  View on GitHub
  A permutation generation tool written in golang
  ☆210Jul 15, 2019Updated 6 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• appsecco / dvna

  View on GitHub
  Damn Vulnerable NodeJS Application
  ☆766Mar 27, 2024Updated 2 years ago
• iomoath / web-log-analyzer

  View on GitHub
  Web access logs analyzer - provides an insight on how remote hosts behave
  ☆15Sep 13, 2021Updated 4 years ago
• twseptian / bug-bounty-testing-essential-guideline-startup-bug-hunters

  View on GitHub
  Bug Bounty Testing Essential Guideline : Startup Bug Hunters
  ☆55Dec 21, 2020Updated 5 years ago
• snoopysecurity / fuzzpayloads

  View on GitHub
  Collection of fuzzing payloads and corpus from all around added as sub modules
  ☆15Updated this week
• teknogeek / ssrf-sheriff

  View on GitHub
  A simple SSRF-testing sheriff written in Go
  ☆336Oct 31, 2024Updated last year
• lutfumertceylan / top25-parameter

  View on GitHub
  For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
  ☆1,824Jun 9, 2024Updated last year
• sec4you / VulnLabs

  View on GitHub
  docker-compose bringing up multiple vulnerable applications inside containers.
  ☆19Jan 29, 2018Updated 8 years ago
• dwisiswant0 / hinject

  View on GitHub
  Host Header Injection Checker
  ☆84Mar 2, 2022Updated 4 years ago
• EdOverflow / bugbounty-cheatsheet

  View on GitHub
  A list of interesting payloads, tips and tricks for bug bounty hunters.
  ☆6,413Sep 14, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• byt3hx / log4j-detect

  View on GitHub
  Just simple log4j scanner
  ☆12Dec 13, 2021Updated 4 years ago
• juliocesarfort / public-pentesting-reports

  View on GitHub
  A list of public penetration test reports published by several consulting firms and academic security groups.
  ☆9,464Mar 22, 2026Updated last week
• emadshanab / Blind-XSS-burp-match-and-replace

  View on GitHub
  ☆29Dec 13, 2023Updated 2 years ago
• n4xh4ck5 / V1D0m

  View on GitHub
  Enumerate subdomains through Virustotal
  ☆32Nov 2, 2019Updated 6 years ago
• 0xInfection / Awesome-WAF

  View on GitHub
  Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
  ☆7,401Updated this week
• joanbono / Gurp

  View on GitHub
  Burp Commander written in Go
  ☆56Feb 11, 2019Updated 7 years ago
• stamparm / DSVW

  View on GitHub
  Damn Small Vulnerable Web
  ☆862Dec 21, 2025Updated 3 months ago
• secvulture / dvta

  View on GitHub
  Damn Vulnerable Thick Client App
  ☆155Jul 16, 2020Updated 5 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,482Oct 12, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• gwen001 / dnsexpire

  View on GitHub
  Test domain expiration dates.
  ☆12Dec 2, 2022Updated 3 years ago
• m4ll0k / hacks

  View on GitHub
  A collection of hacks and one-off scripts
  ☆18Jun 4, 2021Updated 4 years ago
• srini0x00 / dvta

  View on GitHub
  Damn Vulnerable Thick Client App developed in C# .NET
  ☆177Aug 17, 2023Updated 2 years ago
• cybercdh / vpaths

  View on GitHub
  Take a list of URIs and print all the of the paths
  ☆10Aug 16, 2020Updated 5 years ago
• s4n7h0 / xvwa

  View on GitHub
  XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
  ☆1,746Sep 12, 2020Updated 5 years ago
• yogisec / VulnerableSAMLApp

  View on GitHub
  Vulnerable SAML infrastructure training applicaiton
  ☆54Feb 2, 2023Updated 3 years ago
• secdec / attack-surface-detector-burp

  View on GitHub
  The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
  ☆111Dec 17, 2023Updated 2 years ago