There are 3 repositories under vulnerable-application topic.
Oversecured Vulnerable Android App
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
Oversecured Vulnerable iOS App
This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
GCP GOAT is the vulnerable application for learn the GCP Security
Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code
VulnerableApp-facade is probably most modern lightweight distributed farm of Vulnerable Applications built for handling wide range of vulnerabilities across tech stacks.
Examples of different vulnerabilities, in a variety of languages, shapes and sizes.
Wingkalabs (Linux) Wingkalabs es una máquina Virtual Linux intencionalmente vulnerable. Esta máquina virtual se puede utilizar para realizar entrenamientos de seguridad, probar herramientas de seguridad y practicar técnicas comunes de pruebas de penetración.
Docker container for running OWASP WebGoat.NET application
OWASP Foundation Web Respository
Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
Rebujito is a fork of IppSec.Rocks and serves as a repo for hacking tools and other resources such as vulnerable apps, cheatsheets or methodologies.
vvmlist is a list of vulnerable virtual machines with their attributes.
A TUI enviorment for vulnerable app containers.
testcases developed for research
📧 [Research] E-Mail Injection: Vulnerable applications
Bootstrap various intentionally vulnerable web apps with Docker Compose
Vulnerable Grade Management System
This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you
Vulnerable web app made for CNY Hackathon
WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2022-46169). Run it at your own risk!
The Vulnerable API Python Application is a purposely flawed Python app that uses Flask, Jinja, and SQLite3. It contains intentional security vulnerabilities like XSS, SQLi, HHI, LFI, RFI, and SSTI. The project aims to serve as an educational tool to learn about and test automated API scanners. Use responsibly in controlled environments only.
zipdu is a webservice implementation vulnerable to zip bombs and directory traversals. Written in multiple different languages
This is a vulnerable Flask web application designed to provide a lab environment for people who want to improve their web penetration testing skills. It includes multiple types of vulnerabilities for you to practice exploiting.