Skip to content
@vulnerable-apps

vulnerable-apps

Over 100 forks of deliberately vulnerable web applications and APIs.

Pinned Loading

  1. awesome-vulnerable awesome-vulnerable Public template

    Forked from kaiiyer/awesome-vulnerable

    A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

    40 12

  2. vuln_node_express vuln_node_express Public

    Forked from kaakaww/vuln_node_express

    JavaScript 2 17

  3. dvpwa dvpwa Public

    Forked from anxolerd/dvpwa

    Damn Vulnerable Python Web App

    Python 3 20

  4. javaspringvulny javaspringvulny Public

    Forked from kaakaww/javaspringvulny

    javaspringvulny - a Spring Boot web application built wrong on purpose

    Java 1 19

  5. VulnLab VulnLab Public

    Forked from Yavuzlar/VulnLab

    CSS 3 4

Repositories

Showing 10 of 156 repositories
  • juice-shop Public Forked from juice-shop/juice-shop

    OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

    vulnerable-apps/juice-shop’s past year of commit activity
    TypeScript 1 MIT 14,224 0 11 Updated Aug 28, 2025
  • verademo Public Forked from veracode/verademo

    A deliberately insecure Java web application

    vulnerable-apps/verademo’s past year of commit activity
    Java 1 MIT 478 0 11 Updated Aug 23, 2025
  • damn-vulnerable-MCP-server Public Forked from harishsg993010/damn-vulnerable-MCP-server

    Damn Vulnerable MCP Server

    vulnerable-apps/damn-vulnerable-MCP-server’s past year of commit activity
    Python 1 102 0 6 Updated Jul 28, 2025
  • vuln_django_play Public Forked from kaakaww/vuln_django_play

    🐛 An intentionally vulnerable Django app

    vulnerable-apps/vuln_django_play’s past year of commit activity
    JavaScript 1 35 0 0 Updated Jul 24, 2025
  • WebGoat Public Forked from WebGoat/WebGoat

    WebGoat is a deliberately insecure application

    vulnerable-apps/WebGoat’s past year of commit activity
    JavaScript 1 6,759 0 1 Updated May 7, 2025
  • salesforce-pentest-series Public Forked from V-i-x-x/salesforce-pentest-series
    vulnerable-apps/salesforce-pentest-series’s past year of commit activity
    0 2 0 0 Updated Mar 18, 2025
  • vulnerable-rest-api Public Forked from bnematzadeh/vulnerable-rest-api

    A vulnerable RESTful application written in Node and React based on OWASP API security top 10 2023 edition.

    vulnerable-apps/vulnerable-rest-api’s past year of commit activity
    JavaScript 0 MIT 45 0 2 Updated Jan 17, 2025
  • paas-cloud-goat Public Forked from Coalfire-Research/paas-cloud-goat

    PaaS Cloud Goat is a simulated vulnerable Salesforce application providing hands-on experience with penetration testing of custom Salesforce applications.

    vulnerable-apps/paas-cloud-goat’s past year of commit activity
    Apex 0 AGPL-3.0 5 0 0 Updated Nov 21, 2024
  • nosql-injection-vulnapp Public Forked from aabashkin/nosql-injection-vulnapp

    NIVA is a simple web application which is intentionally vulnerable to NoSQL injection. The purpose of this project is to facilitate a better understanding of the NoSQL injection vulnerability among a wide audience of software engineers, security engineers, pentesters, and trainers.

    vulnerable-apps/nosql-injection-vulnapp’s past year of commit activity
    Java 0 MIT 22 0 1 Updated Nov 12, 2024
  • simple-ssrf Public

    Simple deliberately vulnerable API demonstrating Server-Side Request Forgery (SSRF).

    vulnerable-apps/simple-ssrf’s past year of commit activity
    Python 0 7 0 4 Updated Nov 9, 2024
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…