XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
☆1,753Sep 12, 2020Updated 5 years ago
Alternatives and similar repositories for xvwa
Users that are interested in xvwa are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn rea…☆459Dec 6, 2021Updated 4 years ago
- Vulnerable web site. Used to test sentinel features.☆11Nov 18, 2016Updated 9 years ago
- Damn Small Vulnerable Web☆870Dec 21, 2025Updated 5 months ago
- A modern vulnerable web app☆1,035Mar 11, 2021Updated 5 years ago
- A collection of PHP backdoors. For educational or testing purposes only.☆2,269Mar 9, 2024Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A Ruby framework designed to aid in the penetration testing of WordPress systems.☆1,047Nov 24, 2019Updated 6 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆4,169Apr 21, 2024Updated 2 years ago
- Automated All-in-One OS Command Injection Exploitation Tool☆5,757Updated this week
- The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of co…☆447Aug 7, 2020Updated 5 years ago
- Welcome to the XSS Challenge Wiki!☆1,593Jun 24, 2020Updated 5 years ago
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,929Nov 10, 2023Updated 2 years ago
- OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.☆361Jun 11, 2026Updated last week
- Git All the Payloads! A collection of web attack payloads.☆3,957May 15, 2023Updated 3 years ago
- A DNS meta-query spider that enumerates DNS records, and subdomains.☆3,513Jan 13, 2022Updated 4 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- A collection of awesome penetration testing resources, tools and other shiny things☆23Mar 11, 2015Updated 11 years ago
- An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically☆496Sep 21, 2021Updated 4 years ago
- Recon, Subdomain Bruting, Zone Transfers☆230Aug 2, 2016Updated 9 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,502Oct 12, 2024Updated last year
- A Tool for Domain Flyovers☆5,940May 22, 2022Updated 4 years ago
- Damn Vulnerable Web Application (DVWA)☆13,235May 30, 2026Updated 2 weeks ago
- Sleepy Puppy XSS Payload Management Framework☆1,044Jul 24, 2018Updated 7 years ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,755Dec 1, 2024Updated last year
- A curated list of resources for learning about application security☆6,951Feb 22, 2025Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.☆1,661May 25, 2024Updated 2 years ago
- ☆2,322Jun 10, 2026Updated last week
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,948Sep 27, 2021Updated 4 years ago
- Lab set-up for learning SQL Injection Techniques☆101Dec 6, 2020Updated 5 years ago
- Add headers to all Burp requests to bypass some WAF products☆329Jan 28, 2018Updated 8 years ago
- A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network☆575Dec 9, 2017Updated 8 years ago
- Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ …☆10,191Jun 6, 2026Updated last week
- The Bug Hunters Methodology☆4,356Aug 1, 2023Updated 2 years ago
- Empire is a PowerShell and Python post-exploitation agent.☆7,841Jan 19, 2020Updated 6 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on th…☆4,208May 11, 2023Updated 3 years ago
- Post Exploitation Collection☆1,581May 1, 2020Updated 6 years ago
- A collection of post-exploitation tools for network red teaming.☆138Dec 7, 2018Updated 7 years ago
- A list of public penetration test reports published by several consulting firms and academic security groups.☆9,581Jun 7, 2026Updated last week
- Advanced Web Shell☆580May 1, 2017Updated 9 years ago
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.☆5,748Jan 5, 2026Updated 5 months ago
- Weaponized web shell☆3,526Oct 1, 2025Updated 8 months ago