awesome-vulnerable/README.md

# Awesome Vulnerable

[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB. This list aims to help starters as well as pros to test out and enhance their penetration skills.

### Vulnerable Web Applications
- [BadStore](http://www.badstore.net/)
- [BodgeIt Store](http://code.google.com/p/bodgeit/)
- [Butterfly Security Project](http://thebutterflytmp.sourceforge.net/)
- [bWAPP 	](http://www.mmeit.be/bwapp/)
- [bWAPP](http://sourceforge.net/projects/bwapp/files/bee-box/)
- [Commix 	](https://github.com/stasinopoulos/commix-testbed)
- [CryptOMG 	](https://github.com/SpiderLabs/CryptOMG)
- [Damn Vulnerable Node Application(DVNA)](https://github.com/quantumfoam/DVNA/)
- [Damn Vulnerable Web App (DVWA) 	](http://www.dvwa.co.uk/)
- [Damn Vulnerable Web Services (DVWS) 	](http://dvws.professionallyevil.com/)
- [Drunk Admin Web Hacking Challenge 	](https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/)
- [Exploit KB Vulnerable Web App 	](http://exploit.co.il/projects/vuln-web-app/)
- [Foundstone Hackme Bank 	](http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx)
- [Foundstone Hackme Books 	](http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx)
- [Foundstone Hackme Casino 	](http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx)
- [Foundstone Hackme Shipping 	](http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx)
- [Foundstone Hackme Travel 	](http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx)
- [GameOver 	](http://sourceforge.net/projects/null-gameover/)
- [hackxor 	](http://hackxor.sourceforge.net/cgi-bin/index.pl)
- [Hackazon 	](https://github.com/rapid7/hackazon)
- [LAMPSecurity](http://sourceforge.net/projects/lampsecurity/)
- [Moth](http://www.bonsai-sec.com/en/research/moth.php)
- [NOWASP / Mutillidae 2](http://sourceforge.net/projects/mutillidae/)
- [OWASP BWA 	](http://code.google.com/p/owaspbwa/)
- [OWASP Hackademic 	](http://hackademic1.teilar.gr/)
- [OWASP SiteGenerator 	](https://www.owasp.org/index.php/Owasp_SiteGenerator)
- [OWASP Bricks 	](http://sourceforge.net/projects/owaspbricks/)
- [OWASP Security Shepherd 	](https://www.owasp.org/index.php/OWASP_Security_Shepherd)
- [PentesterLab 	](https://pentesterlab.com/)
- [PHDays iBank CTF 	](http://blog.phdays.com/2012/05/once-again-about-remote-banking.html)
- [SecuriBench 	](http://suif.stanford.edu/~livshits/securibench/)
- [SentinelTestbed 	](https://github.com/dobin/SentinelTestbed)
- [SocketToMe](http://digi.ninja/projects/sockettome.php)
- [sqli-labs](https://github.com/Audi-1/sqli-labs)
- [MCIR (Magical Code Injection Rainbow)](https://github.com/SpiderLabs/MCIR)
- [sqlilabs](https://github.com/himadriganguly/sqlilabs)
- [VulnApp](http://www.nth-dimension.org.uk/blog.php?id=88)
- [PuzzleMall](http://code.google.com/p/puzzlemall/)
- [WackoPicko](https://github.com/adamdoupe/WackoPicko)
- [WAED](http://www.waed.info)
- [WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET/)
- [WebSecurity Dojo](http://www.mavensecurity.com/web_security_dojo/)
- [XVWA](https://github.com/s4n7h0/xvwa)
- [Zap WAVE](http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip)

### Sites for Downloading Older Versions of Various Software
- [Exploit-DB 	](http://www.exploit-db.com/)
- [Old Apps 	](http://www.oldapps.com/)
- [Old Version 	](http://www.oldversion.com/)
- [VirtualHacking Repo 	 ](sourceforge.net/projects/virtualhacking/files/apps%40realworld/)

### Sites by Vendors of Security Testing Software
- [Acunetix acuforum 	](http://testasp.vulnweb.com/)
- [Acunetix acublog 	](http://testaspnet.vulnweb.com/)
- [Acunetix acuart 	](http://testphp.vulnweb.com/)
- [Cenzic crackmebank 	](http://crackme.cenzic.com)
- [HP freebank 	](http://zero.webappsecurity.com)
- [IBM altoromutual 	](http://demo.testfire.net/)
- [Mavituna testsparker 	](http://aspnet.testsparker.com)
- [Mavituna testsparker 	](http://php.testsparker.com)
- [NTOSpider Test Site 	](http://www.webscantest.com/)

### Sites for Improving Your Hacking Skills
- [Embedded Security CTF 	](https://microcorruption.com)
- [EnigmaGroup 	](http://www.enigmagroup.org/)
- [Escape 	](http://escape.alf.nu/)
- [Google Gruyere 	](http://google-gruyere.appspot.com/)
- [Gh0st Lab 	](http://www.gh0st.net/)
- [Hack This Site 	](http://www.hackthissite.org/)
- [HackThis 	](http://www.hackthis.co.uk/)
- [HackQuest 	](http://www.hackquest.com/)
- [Hack.me 	](https://hack.me)
- [Hacking-Lab 	](https://www.hacking-lab.com)
- [Hacker Challenge 	](http://www.dareyourmind.net/)
- [Hacker Test 	](http://www.hackertest.net/)
- [hACME Game 	](http://www.hacmegame.org/)
- [Halls Of Valhalla 	](http://halls-of-valhalla.org/beta/challenges)
- [Hax.Tor 	](http://hax.tor.hu/)
- [OverTheWire 	](http://www.overthewire.org/wargames/)
- [PentestIT 	](http://www.pentestit.ru/en/)
- [CSC Play on Demand 	](https://pod.cybersecuritychallenge.org.uk/)
- [pwn0 	](https://pwn0.com/home.php)
- [RootContest 	](http://rootcontest.com/)
- [Root Me 	](http://www.root-me.org/?lang=en)
- [Security Treasure Hunt 	](http://www.securitytreasurehunt.com/)
- [Smash The Stack 	](http://www.smashthestack.org/)
- [SQLZoo 	](http://sqlzoo.net/hack/)
- [TheBlackSheep and Erik 	](http://www.bright-shadows.net/)
- [ThisIsLegal 	](http://thisislegal.com/)
- [Try2Hack 	](http://www.try2hack.nl/)
- [WabLab 	](http://www.wablab.com/hackme)
- [XSS: Can You XSS This? 	](http://canyouxssthis.com/HTMLSanitizer/)
- [XSS Game 	](https://xss-game.appspot.com/)
- [XSS: ProgPHP 	](http://xss.progphp.com/)

### Lab
- [binjitsu 	](https://github.com/binjitsu/binjitsu)
- [CTFd 	](https://github.com/isislab/CTFd)
- [Mellivora 	](https://github.com/Nakiami/mellivora)
- [NightShade 	](https://github.com/UnrealAkama/NightShade)
- [MCIR 	](https://github.com/SpiderLabs/MCIR)
- [Docker 	](https://www.docker.com/)
- [Vagrant 	](https://www.vagrantup.com/)
- [NETinVM 	](http://informatica.uv.es/~carlos/docencia/netinvm/)
- [SmartOS 	](https://smartos.org/)
- [SmartDataCenter 	](https://github.com/joyent/sdc)
- [vSphere Hypervisor 	](https://www.vmware.com/products/vsphere-hypervisor/)
- [GNS3 	](http://sourceforge.net/projects/gns-3/)
- [OCCP 	](https://opencyberchallenge.net/)
- [XAMPP 	](https://www.apachefriends.org/index.html)

Your contributions are always welcome!
Update README.md 2019-08-11 04:09:03 -04:00			`# Awesome Vulnerable`

			`[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)`

			`A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB. This list aims to help starters as well as pros to test out and enhance their penetration skills.`

			`### Vulnerable Web Applications`
Update README.md 2019-08-11 04:11:14 -04:00			`- [BadStore](http://www.badstore.net/)`
Update README.md 2019-08-11 04:13:16 -04:00			`- [BodgeIt Store](http://code.google.com/p/bodgeit/)`
Update README.md 2019-08-11 04:11:14 -04:00			`- [Butterfly Security Project](http://thebutterflytmp.sourceforge.net/)`
			`- [bWAPP ](http://www.mmeit.be/bwapp/)`
			`- [bWAPP](http://sourceforge.net/projects/bwapp/files/bee-box/)`
			`- [Commix ](https://github.com/stasinopoulos/commix-testbed)`
			`- [CryptOMG ](https://github.com/SpiderLabs/CryptOMG)`
			`- [Damn Vulnerable Node Application(DVNA)](https://github.com/quantumfoam/DVNA/)`
			`- [Damn Vulnerable Web App (DVWA) ](http://www.dvwa.co.uk/)`
			`- [Damn Vulnerable Web Services (DVWS) ](http://dvws.professionallyevil.com/)`
			`- [Drunk Admin Web Hacking Challenge ](https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/)`
			`- [Exploit KB Vulnerable Web App ](http://exploit.co.il/projects/vuln-web-app/)`
			`- [Foundstone Hackme Bank ](http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx)`
			`- [Foundstone Hackme Books ](http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx)`
			`- [Foundstone Hackme Casino ](http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx)`
			`- [Foundstone Hackme Shipping ](http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx)`
			`- [Foundstone Hackme Travel ](http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx)`
			`- [GameOver ](http://sourceforge.net/projects/null-gameover/)`
			`- [hackxor ](http://hackxor.sourceforge.net/cgi-bin/index.pl)`
			`- [Hackazon ](https://github.com/rapid7/hackazon)`
			`- [LAMPSecurity](http://sourceforge.net/projects/lampsecurity/)`
			`- [Moth](http://www.bonsai-sec.com/en/research/moth.php)`
			`- [NOWASP / Mutillidae 2](http://sourceforge.net/projects/mutillidae/)`
			`- [OWASP BWA ](http://code.google.com/p/owaspbwa/)`
			`- [OWASP Hackademic ](http://hackademic1.teilar.gr/)`
			`- [OWASP SiteGenerator ](https://www.owasp.org/index.php/Owasp_SiteGenerator)`
			`- [OWASP Bricks ](http://sourceforge.net/projects/owaspbricks/)`
			`- [OWASP Security Shepherd ](https://www.owasp.org/index.php/OWASP_Security_Shepherd)`
			`- [PentesterLab ](https://pentesterlab.com/)`
			`- [PHDays iBank CTF ](http://blog.phdays.com/2012/05/once-again-about-remote-banking.html)`
			`- [SecuriBench ](http://suif.stanford.edu/~livshits/securibench/)`
			`- [SentinelTestbed ](https://github.com/dobin/SentinelTestbed)`
			`- [SocketToMe](http://digi.ninja/projects/sockettome.php)`
			`- [sqli-labs](https://github.com/Audi-1/sqli-labs)`
			`- [MCIR (Magical Code Injection Rainbow)](https://github.com/SpiderLabs/MCIR)`
			`- [sqlilabs](https://github.com/himadriganguly/sqlilabs)`
			`- [VulnApp](http://www.nth-dimension.org.uk/blog.php?id=88)`
			`- [PuzzleMall](http://code.google.com/p/puzzlemall/)`
			`- [WackoPicko](https://github.com/adamdoupe/WackoPicko)`
			`- [WAED](http://www.waed.info)`
			`- [WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET/)`
			`- [WebSecurity Dojo](http://www.mavensecurity.com/web_security_dojo/)`
			`- [XVWA](https://github.com/s4n7h0/xvwa)`
			`- [Zap WAVE](http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip)`
Update README.md 2019-08-11 04:13:16 -04:00
			`### Sites for Downloading Older Versions of Various Software`
			`- [Exploit-DB ](http://www.exploit-db.com/)`
			`- [Old Apps ](http://www.oldapps.com/)`
			`- [Old Version ](http://www.oldversion.com/)`
			`- [VirtualHacking Repo ](sourceforge.net/projects/virtualhacking/files/apps%40realworld/)`
Update README.md 2019-08-11 04:24:31 -04:00
			`### Sites by Vendors of Security Testing Software`
			`- [Acunetix acuforum ](http://testasp.vulnweb.com/)`
			`- [Acunetix acublog ](http://testaspnet.vulnweb.com/)`
			`- [Acunetix acuart ](http://testphp.vulnweb.com/)`
			`- [Cenzic crackmebank ](http://crackme.cenzic.com)`
			`- [HP freebank ](http://zero.webappsecurity.com)`
			`- [IBM altoromutual ](http://demo.testfire.net/)`
			`- [Mavituna testsparker ](http://aspnet.testsparker.com)`
			`- [Mavituna testsparker ](http://php.testsparker.com)`
			`- [NTOSpider Test Site ](http://www.webscantest.com/)`

			`### Sites for Improving Your Hacking Skills`
			`- [Embedded Security CTF ](https://microcorruption.com)`
			`- [EnigmaGroup ](http://www.enigmagroup.org/)`
			`- [Escape ](http://escape.alf.nu/)`
			`- [Google Gruyere ](http://google-gruyere.appspot.com/)`
			`- [Gh0st Lab ](http://www.gh0st.net/)`
			`- [Hack This Site ](http://www.hackthissite.org/)`
			`- [HackThis ](http://www.hackthis.co.uk/)`
			`- [HackQuest ](http://www.hackquest.com/)`
			`- [Hack.me ](https://hack.me)`
			`- [Hacking-Lab ](https://www.hacking-lab.com)`
			`- [Hacker Challenge ](http://www.dareyourmind.net/)`
			`- [Hacker Test ](http://www.hackertest.net/)`
			`- [hACME Game ](http://www.hacmegame.org/)`
			`- [Halls Of Valhalla ](http://halls-of-valhalla.org/beta/challenges)`
			`- [Hax.Tor ](http://hax.tor.hu/)`
			`- [OverTheWire ](http://www.overthewire.org/wargames/)`
			`- [PentestIT ](http://www.pentestit.ru/en/)`
			`- [CSC Play on Demand ](https://pod.cybersecuritychallenge.org.uk/)`
			`- [pwn0 ](https://pwn0.com/home.php)`
			`- [RootContest ](http://rootcontest.com/)`
			`- [Root Me ](http://www.root-me.org/?lang=en)`
			`- [Security Treasure Hunt ](http://www.securitytreasurehunt.com/)`
			`- [Smash The Stack ](http://www.smashthestack.org/)`
			`- [SQLZoo ](http://sqlzoo.net/hack/)`
			`- [TheBlackSheep and Erik ](http://www.bright-shadows.net/)`
			`- [ThisIsLegal ](http://thisislegal.com/)`
			`- [Try2Hack ](http://www.try2hack.nl/)`
			`- [WabLab ](http://www.wablab.com/hackme)`
			`- [XSS: Can You XSS This? ](http://canyouxssthis.com/HTMLSanitizer/)`
			`- [XSS Game ](https://xss-game.appspot.com/)`
			`- [XSS: ProgPHP ](http://xss.progphp.com/)`

			`### Lab`
			`- [binjitsu ](https://github.com/binjitsu/binjitsu)`
			`- [CTFd ](https://github.com/isislab/CTFd)`
			`- [Mellivora ](https://github.com/Nakiami/mellivora)`
			`- [NightShade ](https://github.com/UnrealAkama/NightShade)`
			`- [MCIR ](https://github.com/SpiderLabs/MCIR)`
			`- [Docker ](https://www.docker.com/)`
			`- [Vagrant ](https://www.vagrantup.com/)`
			`- [NETinVM ](http://informatica.uv.es/~carlos/docencia/netinvm/)`
			`- [SmartOS ](https://smartos.org/)`
			`- [SmartDataCenter ](https://github.com/joyent/sdc)`
			`- [vSphere Hypervisor ](https://www.vmware.com/products/vsphere-hypervisor/)`
			`- [GNS3 ](http://sourceforge.net/projects/gns-3/)`
			`- [OCCP ](https://opencyberchallenge.net/)`
Update README.md 2019-08-11 04:25:03 -04:00			`- [XAMPP ](https://www.apachefriends.org/index.html)`
Update README.md 2019-08-11 04:24:31 -04:00
			`Your contributions are always welcome!`