A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
☆53Mar 29, 2023Updated 3 years ago
Alternatives and similar repositories for awesome-vulnerable
Users that are interested in awesome-vulnerable are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation☆15Jul 24, 2025Updated 9 months ago
- ☆16Jul 17, 2024Updated last year
- ☆14Feb 4, 2020Updated 6 years ago
- A security-first linter for code that shouldn't need linting☆18Sep 12, 2023Updated 2 years ago
- A fast, customizable service detection tool powered by a flexible fingerprint system. It helps you identify services, APIs, and network c…☆44Apr 23, 2026Updated last week
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Protect against subdomain takeover☆95Updated this week
- Screenshot Shenanigans☆25Nov 20, 2017Updated 8 years ago
- OWASP Foundation web repository☆63Apr 7, 2026Updated 3 weeks ago
- Offensive Assembly code snippets.☆13Jul 12, 2023Updated 2 years ago
- Small wiki for Mobile Application Penetration Testing Tools☆12Apr 8, 2021Updated 5 years ago
- Security tool against dependency typosquatting attacks☆55Apr 21, 2026Updated last week
- ☆22Feb 3, 2026Updated 2 months ago
- Additional active scan checks for BURP☆28Oct 3, 2024Updated last year
- Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"☆16Apr 10, 2025Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- The aim of the project is to develop intentionally vulnerable source code in various languages.☆16Mar 3, 2026Updated last month
- ☆14Jan 8, 2026Updated 3 months ago
- Very loud vBulletin exploit☆14Aug 12, 2020Updated 5 years ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- ☆18Jul 30, 2024Updated last year
- We borrow the concept of 'personas' from UX/service design and apply it to threat actors to improve understanding between security, techn…☆11Jun 17, 2020Updated 5 years ago
- ☆116Feb 11, 2026Updated 2 months ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Jul 9, 2023Updated 2 years ago
- Differential CPU fuzzing framework from the paper "RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabiliti…☆26Mar 1, 2026Updated 2 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Nov 30, 2025Updated 5 months ago
- ☆10Mar 25, 2025Updated last year
- littleoldearthquake☆12Jul 15, 2014Updated 11 years ago
- A structure-aware HTTP fuzzing library☆220Jan 12, 2026Updated 3 months ago
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆23Aug 30, 2024Updated last year
- A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system☆206May 11, 2023Updated 2 years ago
- Scripts I have made for blue team☆16Apr 1, 2018Updated 8 years ago
- ☆93Dec 15, 2025Updated 4 months ago
- ☆42Mar 21, 2026Updated last month
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- WebSocket REPL for pentesters☆235Jul 24, 2024Updated last year
- Analyzes AdminSDHolder permissions & compares with default baseline or a previous run, to detect potential backdoor/excessive persistent …☆16Apr 8, 2025Updated last year
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- ☆18Apr 16, 2025Updated last year
- This is a phishing ready platform. Unlike other phishing methods, EvilnoVNC allows you to bypass 2FA using a real browser via noVNC conn…☆10Apr 7, 2023Updated 3 years ago
- A Repo for the Magnetic case of the Sweep keyboard☆16Nov 19, 2023Updated 2 years ago
- DC619/DC858 Mainframe Environment/Lab☆11Dec 9, 2021Updated 4 years ago