A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
☆50Mar 29, 2023Updated 2 years ago
Alternatives and similar repositories for awesome-vulnerable
Users that are interested in awesome-vulnerable are comparing it to the libraries listed below
Sorting:
- Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"☆15Apr 10, 2025Updated 11 months ago
- ☆14Jan 8, 2026Updated 2 months ago
- ☆16Jul 17, 2024Updated last year
- Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation☆14Jul 24, 2025Updated 7 months ago
- ☆18Jul 30, 2024Updated last year
- ☆14Feb 4, 2020Updated 6 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- A security-first linter for code that shouldn't need linting☆18Sep 12, 2023Updated 2 years ago
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆23Aug 30, 2024Updated last year
- LC256 - CBM style 256 color SMD computer☆18Jun 15, 2025Updated 8 months ago
- ☆22Feb 3, 2026Updated last month
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- A PoC exploit for CVE-2022-41622 - a CSRF in F5 BIG-IP control plane that leads to remote root☆21Oct 20, 2022Updated 3 years ago
- Additional active scan checks for BURP☆28Oct 3, 2024Updated last year
- ☆25Jun 27, 2024Updated last year
- ☆25Apr 14, 2025Updated 10 months ago
- Security tool against dependency typosquatting attacks☆55Updated this week
- Hijack a slack bot to phish your way in☆57Jul 17, 2025Updated 7 months ago
- ☆23May 22, 2023Updated 2 years ago
- Docker auditing and enumeration script.☆22Oct 7, 2019Updated 6 years ago
- Template for OTC Infrastructure Charts☆12Oct 16, 2025Updated 4 months ago
- Caterpillar is a security scanning library for AI agent skill files (e.g., Claude Code skills) for dangerous or malicious behavior☆38Feb 16, 2026Updated 3 weeks ago
- Protect against subdomain takeover☆95Jul 20, 2025Updated 7 months ago
- OWASP Foundation web repository☆53Dec 21, 2025Updated 2 months ago
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- ☆27Jun 29, 2023Updated 2 years ago
- Knowledge Report Alert & Normalization Generator☆26Feb 11, 2026Updated 3 weeks ago
- ☆28Dec 26, 2025Updated 2 months ago
- Simple S3 Bucket Testing Software☆31Nov 4, 2021Updated 4 years ago
- Unauthenticated enumeration of AWS IAM Roles.☆26Sep 7, 2025Updated 6 months ago
- Screenshot Shenanigans☆26Nov 20, 2017Updated 8 years ago
- Salesforce Policy Deviation Checker☆30Sep 30, 2020Updated 5 years ago
- Demonstrates how a malicious dependency could negatively impact the build output.☆25Aug 11, 2023Updated 2 years ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Nov 30, 2025Updated 3 months ago
- ☆29May 13, 2018Updated 7 years ago
- ☆31Oct 28, 2024Updated last year
- Execute a shell command within Cloud Run☆31Jul 7, 2022Updated 3 years ago
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.☆35Jan 4, 2026Updated 2 months ago
- ☆117Feb 11, 2026Updated 3 weeks ago