geeksonsecurity/vuln-web-apps external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

geeksonsecurity/vuln-web-apps

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/geeksonsecurity/vuln-web-apps)

Close

geeksonsecurity / vuln-web-appsView on GitHubMore

• External links
• Readme badge

A curated list of vulnerable web applications.

☆336Dec 30, 2023Updated 2 years ago

Alternatives and similar repositories for vuln-web-apps

Users that are interested in vuln-web-apps are comparing it to the libraries listed below

• kaiiyer / awesome-vulnerable

  View on GitHub
  A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
  ☆1,263Jan 11, 2026Updated last month
• vavkamil / awesome-vulnerable-apps

  View on GitHub
  Awesome Vulnerable Applications
  ☆1,370Jan 19, 2026Updated last month
• OWASP / Vulnerable-Web-Application

  View on GitHub
  OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
  ☆403Jul 10, 2024Updated last year
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,373Feb 17, 2026Updated 2 weeks ago
• thomaslaurenson / trophyroom

  View on GitHub
  Collection of walk through, hints, notes, code snippets, tools logs and resources for vulnerable CTF-style boxes
  ☆12Dec 3, 2025Updated 3 months ago
• teknogeek / ssrf-sheriff

  View on GitHub
  A simple SSRF-testing sheriff written in Go
  ☆336Oct 31, 2024Updated last year
• appsecco / dvna

  View on GitHub
  Damn Vulnerable NodeJS Application
  ☆764Mar 27, 2024Updated last year
• OWASP / OWASP-VWAD

  View on GitHub
  This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
  ☆884Mar 2, 2026Updated last week
• rahulunair / vulnerable-api

  View on GitHub
  This repository contains an example Python API that is vulnerable to several different web API attacks.
  ☆27Feb 1, 2019Updated 7 years ago
• hakluke / weaponised-XSS-payloads

  View on GitHub
  XSS payloads designed to turn alert(1) into P1
  ☆1,394Sep 12, 2023Updated 2 years ago
• srini0x00 / dvta

  View on GitHub
  Damn Vulnerable Thick Client App developed in C# .NET
  ☆176Aug 17, 2023Updated 2 years ago
• snoopysecurity / dvws-node

  View on GitHub
  Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API re…
  ☆502Feb 28, 2026Updated last week
• jorritfolmer / vulnerable-api

  View on GitHub
  Enhanced fork with logging, OpenAPI 3.0 and Python 3 for security monitoring workshops
  ☆47Feb 16, 2024Updated 2 years ago
• redhuntlabs / BurpSuite-Asset_Discover

  View on GitHub
  Burp Suite extension to discover assets from HTTP response.
  ☆232Jan 22, 2025Updated last year
• dwisiswant0 / hinject

  View on GitHub
  Host Header Injection Checker
  ☆84Mar 2, 2022Updated 4 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,482Oct 12, 2024Updated last year
• Zombiehelp54 / CTF

  View on GitHub
  CTF Writeups
  ☆12Feb 25, 2023Updated 3 years ago
• erev0s / VAmPI

  View on GitHub
  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
  ☆1,174Nov 25, 2024Updated last year
• sec4you / VulnLabs

  View on GitHub
  docker-compose bringing up multiple vulnerable applications inside containers.
  ☆19Jan 29, 2018Updated 8 years ago
• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,361Jan 24, 2021Updated 5 years ago
• secvulture / dvta

  View on GitHub
  Damn Vulnerable Thick Client App
  ☆155Jul 16, 2020Updated 5 years ago
• stamparm / DSVW

  View on GitHub
  Damn Small Vulnerable Web
  ☆858Dec 21, 2025Updated 2 months ago
• subfinder / goaltdns

  View on GitHub
  A permutation generation tool written in golang
  ☆209Jul 15, 2019Updated 6 years ago
• sandmaxprime / VagrantMalwareWin10VM

  View on GitHub
  Vagrant Files to create a Virtualbox VM for Malware Analysis
  ☆13Jun 1, 2021Updated 4 years ago
• gwen001 / dnsexpire

  View on GitHub
  Test domain expiration dates.
  ☆12Dec 2, 2022Updated 3 years ago
• kiview / damn-vulnerable-spring-boot-app

  View on GitHub
  Spring-Boot app for demonstrating security vulnaribilities
  ☆13Aug 21, 2019Updated 6 years ago
• EdOverflow / bugbounty-cheatsheet

  View on GitHub
  A list of interesting payloads, tips and tricks for bug bounty hunters.
  ☆6,385Sep 14, 2023Updated 2 years ago
• juliocesarfort / public-pentesting-reports

  View on GitHub
  A list of public penetration test reports published by several consulting firms and academic security groups.
  ☆9,394Nov 24, 2025Updated 3 months ago
• lutfumertceylan / top25-parameter

  View on GitHub
  For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
  ☆1,819Jun 9, 2024Updated last year
• JavierOlmedo / UltimateCMSWordlists

  View on GitHub
  📚 An ultimate collection wordlists of the best-known CMS
  ☆93Jun 10, 2024Updated last year
• tanprathan / MobileApp-Pentest-Cheatsheet

  View on GitHub
  The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application pen…
  ☆5,159Feb 8, 2024Updated 2 years ago
• s4n7h0 / xvwa

  View on GitHub
  XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
  ☆1,744Sep 12, 2020Updated 5 years ago
• LewisArdern / bXSS

  View on GitHub
  bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
  ☆567Mar 4, 2023Updated 3 years ago
• twseptian / bug-bounty-testing-essential-guideline-startup-bug-hunters

  View on GitHub
  Bug Bounty Testing Essential Guideline : Startup Bug Hunters
  ☆54Dec 21, 2020Updated 5 years ago
• weev3 / LKWA

  View on GitHub
  Lesser Known Web Attack Lab
  ☆330Feb 7, 2020Updated 6 years ago
• coreyshuman / GeekwiseApplicationSecurity

  View on GitHub
  12-week Geekwise course on web application security and hardening.
  ☆17Mar 19, 2020Updated 5 years ago
• vallejocc / Malware-Analysis-Reports-Manual

  View on GitHub
  My manual analysis of malware families
  ☆13Jul 12, 2017Updated 8 years ago
• byt3hx / log4j-detect

  View on GitHub
  Just simple log4j scanner
  ☆12Dec 13, 2021Updated 4 years ago
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,089Aug 14, 2024Updated last year