🌐 AI搜索 & 代理 主页
Skip to content

@vulnerable-apps vulnerable-apps

Change the repository type filter

All

    Repositories list

    156 repositories

    • juice-shop

      Public
      OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
      javascriptangular
      TypeScript
      MIT License
      16k1025Updated Dec 28, 2025Dec 28, 2025

    • javaspringvulny

      Public
      javaspringvulny - a Spring Boot web application built wrong on purpose
      Java
      255200Updated Nov 4, 2025Nov 4, 2025

    • damn-vulnerable-MCP-server

      Public
      Damn Vulnerable MCP Server
      Python
      128107Updated Nov 3, 2025Nov 3, 2025

    • verademo

      Public
      A deliberately insecure Java web application
      Java
      MIT License
      5391014Updated Nov 1, 2025Nov 1, 2025

    • vuln_django_play

      Public
      🐛 An intentionally vulnerable Django app
      JavaScript
      34100Updated Jul 24, 2025Jul 24, 2025

    • WebGoat

      Public
      WebGoat is a deliberately insecure application
      JavaScript
      Other
      7.1k101Updated May 7, 2025May 7, 2025

    • salesforce-pentest-series

      Public
      2000Updated Mar 18, 2025Mar 18, 2025

    • vulnerable-rest-api

      Public
      A vulnerable RESTful application written in Node and React based on OWASP API security top 10 2023 edition.
      JavaScript
      MIT License
      50002Updated Jan 17, 2025Jan 17, 2025

    • paas-cloud-goat

      Public
      PaaS Cloud Goat is a simulated vulnerable Salesforce application providing hands-on experience with penetration testing of custom Salesforce applications.
      Apex
      GNU Affero General Public License v3.0
      5000Updated Nov 21, 2024Nov 21, 2024

    • nosql-injection-vulnapp

      Public
      NIVA is a simple web application which is intentionally vulnerable to NoSQL injection. The purpose of this project is to facilitate a better understanding of the NoSQL injection vulnerability among a wide audience of software engineers, security engineers, pentesters, and trainers.
      Java
      MIT License
      26001Updated Nov 12, 2024Nov 12, 2024

    • simple-ssrf

      Public
      Simple deliberately vulnerable API demonstrating Server-Side Request Forgery (SSRF).
      Python
      7004Updated Nov 9, 2024Nov 9, 2024

    • terragoat

      Public
      TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
      terraformtfsecsemgrep
      HCL
      Apache License 2.0
      5.6k000Updated Nov 8, 2024Nov 8, 2024

    • SSRF_Vulnerable_Lab

      Public
      This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
      PHP
      MIT License
      198000Updated Nov 8, 2024Nov 8, 2024

    • Vulnerable-JWT

      Public
      Collection of vulnerable APIs/apps to test JWT attacks
      JavaScript
      10508Updated Oct 31, 2024Oct 31, 2024

    • crazy-vulnerable-nodejs-application

      Public
      CVNA
      JavaScript
      23001Updated Oct 26, 2024Oct 26, 2024

    • yrpreyTasksNodeJS

      Public
      PHP
      7002Updated Oct 20, 2024Oct 20, 2024

    • brokencrystals-demo

      Public
      Mirror of broken crystals, but with specific dockerfiles for easy docker compose
      TypeScript
      MIT License
      5005Updated Oct 17, 2024Oct 17, 2024

    • brokencrystals

      Public
      A Broken Application - Very Vulnerable!
      TypeScript
      MIT License
      302000Updated Oct 16, 2024Oct 16, 2024

    • vuln-graphql-api

      Public
      A very vulnerable implementation of a GraphQL API.
      TypeScript
      93002Updated Oct 11, 2024Oct 11, 2024

    • Tiredful-API-py3-beta

      Public
      Python 3 compatible repo of Tiredful API
      Python
      GNU General Public License v3.0
      10001Updated Oct 9, 2024Oct 9, 2024

    • dvcsharp-api

      Public
      Damn Vulnerable C# Application (API)
      C#
      MIT License
      282000Updated Sep 28, 2024Sep 28, 2024

    • Tiredful-API

      Public
      An intentionally designed broken web application based on REST API.
      Python
      GNU General Public License v3.0
      136000Updated Sep 27, 2024Sep 27, 2024

    • vuln_node_express

      Public
      JavaScript
      368300Updated Sep 27, 2024Sep 27, 2024

    • VulnerableApp

      Public
      OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
      Java
      Apache License 2.0
      602005Updated Sep 27, 2024Sep 27, 2024

    • DVWA

      Public
      Damn Vulnerable Web Application (DVWA)
      PHP
      GNU General Public License v3.0
      4.5k100Updated Sep 27, 2024Sep 27, 2024

    • Remediation-Demo

      Public
      Python
      Apache License 2.0
      1100Updated Sep 19, 2024Sep 19, 2024

    • VulnerableCoreApp

      Public
      Mirror of https://github.com/zsusac/VulnerableCoreApp
      HTML
      3000Updated Sep 19, 2024Sep 19, 2024

    • VulnerableLightApp

      Public
      Vulnerable API for educational purposes
      C#
      GNU General Public License v3.0
      78100Updated Sep 10, 2024Sep 10, 2024

    • grpc-web-playground

      Public
      The main goal of this repo is to learn about the gRPC communication patterns and hunt for vulnerabilities in the gRPC-Web app to improve your hunting skills
      JavaScript
      MIT License
      7002Updated Aug 31, 2024Aug 31, 2024

    • xss-fastapi

      Public
      Recreation of https://xss-game.appspot.com/
      CSS
      Apache License 2.0
      5001Updated Aug 28, 2024Aug 28, 2024