A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
☆53Mar 29, 2023Updated 3 years ago
Alternatives and similar repositories for awesome-vulnerable
Users that are interested in awesome-vulnerable are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation☆15Jul 24, 2025Updated 9 months ago
- ☆16Jul 17, 2024Updated last year
- ☆14Feb 4, 2020Updated 6 years ago
- A security-first linter for code that shouldn't need linting☆19Sep 12, 2023Updated 2 years ago
- A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network c…☆46Updated this week
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Screenshot Shenanigans☆25Nov 20, 2017Updated 8 years ago
- ☆18Feb 16, 2024Updated 2 years ago
- ☆26Apr 14, 2025Updated last year
- Security tool against dependency typosquatting attacks☆56May 13, 2026Updated last week
- LC256 - CBM style 256 color SMD computer☆18Jun 15, 2025Updated 11 months ago
- ☆22Feb 3, 2026Updated 3 months ago
- Additional active scan checks for BURP☆28Oct 3, 2024Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"☆16Apr 10, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- The aim of the project is to develop intentionally vulnerable source code in various languages.☆16Mar 3, 2026Updated 2 months ago
- ☆14Jan 8, 2026Updated 4 months ago
- Docker auditing and enumeration script.☆22Oct 7, 2019Updated 6 years ago
- Very loud vBulletin exploit☆14Aug 12, 2020Updated 5 years ago
- ☆18Jul 30, 2024Updated last year
- ☆116Feb 11, 2026Updated 3 months ago
- Differential CPU fuzzing framework from the paper "RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabiliti…☆26Mar 1, 2026Updated 2 months ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Nov 30, 2025Updated 5 months ago
- Decoupled AI copilot for pentesting & CTFs. Sidecar tails your shell history, parses tool outputs, grounds suggestions in your notes, and…☆13Apr 20, 2026Updated last month
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- A Hubot adapter for Keybase bot development☆11Mar 26, 2024Updated 2 years ago
- ☆10Mar 25, 2025Updated last year
- littleoldearthquake☆12Jul 15, 2014Updated 11 years ago
- A simple Meterpreter stager written in Rust.☆45Nov 2, 2025Updated 6 months ago
- A structure-aware HTTP fuzzing library☆221Jan 12, 2026Updated 4 months ago
- ☆31Oct 28, 2024Updated last year
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆24Apr 27, 2026Updated 3 weeks ago
- ☆93Dec 15, 2025Updated 5 months ago
- ☆42Mar 21, 2026Updated 2 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆114Nov 13, 2024Updated last year
- Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies☆23Jul 4, 2019Updated 6 years ago
- Analyzes AdminSDHolder permissions & compares with default baseline or a previous run, to detect potential backdoor/excessive persistent …☆16Apr 8, 2025Updated last year
- ☆19Apr 16, 2025Updated last year
- This is a phishing ready platform. Unlike other phishing methods, EvilnoVNC allows you to bypass 2FA using a real browser via noVNC conn…☆10Apr 7, 2023Updated 3 years ago
- Yet Another SCA tool☆13Nov 10, 2022Updated 3 years ago
- A Repo for the Magnetic case of the Sweep keyboard�☆16Nov 19, 2023Updated 2 years ago