geeksonsecurity/vuln-web-apps external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

geeksonsecurity/vuln-web-apps

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/geeksonsecurity/vuln-web-apps)

Close

geeksonsecurity / vuln-web-appsView on GitHubMore

• External links
• Readme badge

A curated list of vulnerable web applications.

☆343Dec 30, 2023Updated 2 years ago

Alternatives and similar repositories for vuln-web-apps

Users that are interested in vuln-web-apps are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• kaiiyer / awesome-vulnerable

  View on GitHub
  A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
  ☆1,306Jan 11, 2026Updated 3 months ago
• vavkamil / awesome-vulnerable-apps

  View on GitHub
  Awesome Vulnerable Applications
  ☆1,392Mar 9, 2026Updated 2 months ago
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,392Feb 17, 2026Updated 2 months ago
• emadshanab / BChecks-Collection

  View on GitHub
  BChecks collection for Burp Suite Professional
  ☆100Jun 6, 2024Updated last year
• OWASP / Vulnerable-Web-Application

  View on GitHub
  OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
  ☆411Jul 10, 2024Updated last year
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• redhuntlabs / BurpSuite-Asset_Discover

  View on GitHub
  Burp Suite extension to discover assets from HTTP response.
  ☆232Jan 22, 2025Updated last year
• hakluke / weaponised-XSS-payloads

  View on GitHub
  XSS payloads designed to turn alert(1) into P1
  ☆1,396Sep 12, 2023Updated 2 years ago
• CSPF-Founder / PHPSecurityCourse

  View on GitHub
  ☆22Jan 24, 2019Updated 7 years ago
• thomaslaurenson / trophyroom

  View on GitHub
  Collection of walk through, hints, notes, code snippets, tools logs and resources for vulnerable CTF-style boxes
  ☆12Apr 20, 2026Updated 2 weeks ago
• OWASP / OWASP-VWAD

  View on GitHub
  This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
  ☆882Apr 13, 2026Updated 3 weeks ago
• Zombiehelp54 / CTF

  View on GitHub
  CTF Writeups
  ☆12Feb 25, 2023Updated 3 years ago
• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,369Jan 24, 2021Updated 5 years ago
• erev0s / VAmPI

  View on GitHub
  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
  ☆1,208Apr 7, 2026Updated last month
• subfinder / goaltdns

  View on GitHub
  A permutation generation tool written in golang
  ☆211Jul 15, 2019Updated 6 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• appsecco / dvna

  View on GitHub
  Damn Vulnerable NodeJS Application
  ☆771Mar 27, 2024Updated 2 years ago
• iomoath / web-log-analyzer

  View on GitHub
  Web access logs analyzer - provides an insight on how remote hosts behave
  ☆15Sep 13, 2021Updated 4 years ago
• twseptian / bug-bounty-testing-essential-guideline-startup-bug-hunters

  View on GitHub
  Bug Bounty Testing Essential Guideline : Startup Bug Hunters
  ☆55Dec 21, 2020Updated 5 years ago
• snoopysecurity / fuzzpayloads

  View on GitHub
  Collection of fuzzing payloads and corpus from all around added as sub modules
  ☆15Mar 26, 2026Updated last month
• teknogeek / ssrf-sheriff

  View on GitHub
  A simple SSRF-testing sheriff written in Go
  ☆338Oct 31, 2024Updated last year
• lutfumertceylan / top25-parameter

  View on GitHub
  For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
  ☆1,832Jun 9, 2024Updated last year
• sec4you / VulnLabs

  View on GitHub
  docker-compose bringing up multiple vulnerable applications inside containers.
  ☆19Jan 29, 2018Updated 8 years ago
• dwisiswant0 / hinject

  View on GitHub
  Host Header Injection Checker
  ☆84Mar 2, 2022Updated 4 years ago
• juliocesarfort / public-pentesting-reports

  View on GitHub
  A list of public penetration test reports published by several consulting firms and academic security groups.
  ☆9,540May 2, 2026Updated last week
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• EdOverflow / bugbounty-cheatsheet

  View on GitHub
  A list of interesting payloads, tips and tricks for bug bounty hunters.
  ☆6,471Sep 14, 2023Updated 2 years ago
• byt3hx / log4j-detect

  View on GitHub
  Just simple log4j scanner
  ☆12Dec 13, 2021Updated 4 years ago
• 0xInfection / Awesome-WAF

  View on GitHub
  Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
  ☆7,472Mar 26, 2026Updated last month
• emadshanab / Blind-XSS-burp-match-and-replace

  View on GitHub
  ☆29Dec 13, 2023Updated 2 years ago
• n4xh4ck5 / V1D0m

  View on GitHub
  Enumerate subdomains through Virustotal
  ☆32Nov 2, 2019Updated 6 years ago
• joanbono / Gurp

  View on GitHub
  Burp Commander written in Go
  ☆55Feb 11, 2019Updated 7 years ago
• stamparm / DSVW

  View on GitHub
  Damn Small Vulnerable Web
  ☆866Dec 21, 2025Updated 4 months ago
• secvulture / dvta

  View on GitHub
  Damn Vulnerable Thick Client App
  ☆155Jul 16, 2020Updated 5 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,493Oct 12, 2024Updated last year
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• m4ll0k / hacks

  View on GitHub
  A collection of hacks and one-off scripts
  ☆18Jun 4, 2021Updated 4 years ago
• gwen001 / dnsexpire

  View on GitHub
  Test domain expiration dates.
  ☆12Dec 2, 2022Updated 3 years ago
• theowni / Damn-Vulnerable-RESTaurant-API-Game

  View on GitHub
  Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethica…
  ☆909Jan 3, 2026Updated 4 months ago
• cybercdh / vpaths

  View on GitHub
  Take a list of URIs and print all the of the paths
  ☆10Aug 16, 2020Updated 5 years ago
• srini0x00 / dvta

  View on GitHub
  Damn Vulnerable Thick Client App developed in C# .NET
  ☆180Aug 17, 2023Updated 2 years ago
• secdec / attack-surface-detector-burp

  View on GitHub
  The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
  ☆112Dec 17, 2023Updated 2 years ago
• s4n7h0 / xvwa

  View on GitHub
  XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
  ☆1,748Sep 12, 2020Updated 5 years ago