matt-

TheGreatEscape

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

ast-flow-graph

Creates a CFG from JavaScript source code.

dhis2-core

DHIS2 Core. Written in Java. Contains the service layer and Web API.

explore

Community-curated topic and collection pages on GitHub

extract-zip

Zip extraction written in pure JavaScript. Extracts a zip into a directory.

faction

Pen Test Report Generation and Assessment Collaboration

goof

Super vulnerable todo list application

grok

A tool to build beautiful documentation from TypeScript declaration files

Kudobot

Local-Mock-Server

This is a Electron app for spinning up a local mock server quickly

matt-

NodeTestBench

Intentionally Vulnerable Node Applications

odoo

Odoo. Open Source Apps To Grow Your Business.

pencilblue

Business class content management for Node.js (plugins, server cluster management, data-driven pages)

pong

The classic game pong, revisited

rengine

reNgine is an automated reconnaissance framework meant for information gathering during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.

sample-nodejs

⛵ App Platform sample Node.js application.

security-wg

Node.js Security Working Group

server

The core infrastructure backend (API, database, Docker, etc).

simple-gradle-codemod-tutorial

An example codemodder codemod

spring-petclinic

A sample Spring-based application

threat-dragon-core

OWASP Threat Dragon core files

VulnerableApp

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

WebGoat

WebGoat is a deliberately insecure application

wg2

workflow_test

WorkForwTests

writehat

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

zulip

Zulip server and webapp - powerful open source team chat

zulip-desktop

Zulip Desktop Client