There are 10 repositories under vulnerable-web-app topic.
Vulnerable app with examples showing how to not use secrets
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
Vulnerable Banking Suite
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).
A simple PHP application to learn SQL Injection detection and exploitation techniques.
A server vulnerable to XXE that can be used to test payloads using the xxer tool.
The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site
This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.
OWASP Foundation Web Respository
Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.
A website developed with Nodejs. This website includes server side prototype pollution vulnerability
Vulnerable API for educational purposes
⛔️deprecated and replaced by https://github.com/marmicode/websheep
A TUI enviorment for vulnerable app containers.
A very vulnerable "medical" web app. Just look at the name.
Intentionally vulnerable Python / Flask application, built for educational purposes.
📧 [Research] E-Mail Injection: Vulnerable applications
A really cool community web application... that's vulnerable (Made for CNY Hackathon 2019)
Vulnerable REST based PHP webservice deployed in Docker
Small forum website for practicing basic web exploits.
IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.
A buffer overflow vulnerable CGI program
Erlik 2 - Vulnerable-Flask-App
A Website with vulnerabilities
This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you
Bash script to install docker and OWASPs juice-shop vulnerable webapp. Run this and browse to http://localhost:3000
Vulnerable web application created by students using Travis CI, Docker, Flask, and Agile
"InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.