awesome-vulnerable/README.md

# Awesome Vulnerable

[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB. This list aims to help starters as well as pros to test out and enhance their penetration skills.

### Vulnerable Web Applications
[BadStore](http://www.badstore.net/)
[BodgeIt Store](http://code.google.com/p/bodgeit/0
[Butterfly Security Project](http://thebutterflytmp.sourceforge.net/)
[bWAPP 	](http://www.mmeit.be/bwapp/)
[bWAPP](http://sourceforge.net/projects/bwapp/files/bee-box/)
[Commix 	](https://github.com/stasinopoulos/commix-testbed)
[CryptOMG 	](https://github.com/SpiderLabs/CryptOMG)
[Damn Vulnerable Node Application(DVNA)](https://github.com/quantumfoam/DVNA/)
[Damn Vulnerable Web App (DVWA) 	](http://www.dvwa.co.uk/)
[Damn Vulnerable Web Services (DVWS) 	](http://dvws.professionallyevil.com/)
[Drunk Admin Web Hacking Challenge 	](https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/)
[Exploit KB Vulnerable Web App 	](http://exploit.co.il/projects/vuln-web-app/)
[Foundstone Hackme Bank 	](http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx)
[Foundstone Hackme Books 	](http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx)
[Foundstone Hackme Casino 	](http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx)
[Foundstone Hackme Shipping 	](http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx)
[Foundstone Hackme Travel 	](http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx)
[GameOver 	](http://sourceforge.net/projects/null-gameover/)
[hackxor 	](http://hackxor.sourceforge.net/cgi-bin/index.pl)
[Hackazon 	](https://github.com/rapid7/hackazon)
[LAMPSecurity](http://sourceforge.net/projects/lampsecurity/)
[Moth](http://www.bonsai-sec.com/en/research/moth.php)
[NOWASP / Mutillidae 2](http://sourceforge.net/projects/mutillidae/)
[OWASP BWA 	](http://code.google.com/p/owaspbwa/)
[OWASP Hackademic 	](http://hackademic1.teilar.gr/)
[OWASP SiteGenerator 	](https://www.owasp.org/index.php/Owasp_SiteGenerator)
[OWASP Bricks 	](http://sourceforge.net/projects/owaspbricks/)
[OWASP Security Shepherd 	](https://www.owasp.org/index.php/OWASP_Security_Shepherd)
[PentesterLab 	](https://pentesterlab.com/)
[PHDays iBank CTF 	](http://blog.phdays.com/2012/05/once-again-about-remote-banking.html)
[SecuriBench 	](http://suif.stanford.edu/~livshits/securibench/)
[SentinelTestbed 	](https://github.com/dobin/SentinelTestbed)
[SocketToMe](http://digi.ninja/projects/sockettome.php)
[sqli-labs](https://github.com/Audi-1/sqli-labs)
[MCIR (Magical Code Injection Rainbow)](https://github.com/SpiderLabs/MCIR)
[sqlilabs](https://github.com/himadriganguly/sqlilabs)
[VulnApp](http://www.nth-dimension.org.uk/blog.php?id=88)
[PuzzleMall](http://code.google.com/p/puzzlemall/)
[WackoPicko](https://github.com/adamdoupe/WackoPicko)
[WAED](http://www.waed.info)
[WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET/)
[WebSecurity Dojo](http://www.mavensecurity.com/web_security_dojo/)
[XVWA](https://github.com/s4n7h0/xvwa)
[Zap WAVE](http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip)
Update README.md 2019-08-11 04:09:03 -04:00			`# Awesome Vulnerable`

			`[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)`

			`A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB. This list aims to help starters as well as pros to test out and enhance their penetration skills.`

			`### Vulnerable Web Applications`
			`[BadStore](http://www.badstore.net/)`
			`[BodgeIt Store](http://code.google.com/p/bodgeit/0`
			`[Butterfly Security Project](http://thebutterflytmp.sourceforge.net/)`
			`[bWAPP ](http://www.mmeit.be/bwapp/)`
			`[bWAPP](http://sourceforge.net/projects/bwapp/files/bee-box/)`
			`[Commix ](https://github.com/stasinopoulos/commix-testbed)`
			`[CryptOMG ](https://github.com/SpiderLabs/CryptOMG)`
			`[Damn Vulnerable Node Application(DVNA)](https://github.com/quantumfoam/DVNA/)`
			`[Damn Vulnerable Web App (DVWA) ](http://www.dvwa.co.uk/)`
			`[Damn Vulnerable Web Services (DVWS) ](http://dvws.professionallyevil.com/)`
			`[Drunk Admin Web Hacking Challenge ](https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/)`
			`[Exploit KB Vulnerable Web App ](http://exploit.co.il/projects/vuln-web-app/)`
			`[Foundstone Hackme Bank ](http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx)`
			`[Foundstone Hackme Books ](http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx)`
			`[Foundstone Hackme Casino ](http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx)`
			`[Foundstone Hackme Shipping ](http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx)`
			`[Foundstone Hackme Travel ](http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx)`
			`[GameOver ](http://sourceforge.net/projects/null-gameover/)`
			`[hackxor ](http://hackxor.sourceforge.net/cgi-bin/index.pl)`
			`[Hackazon ](https://github.com/rapid7/hackazon)`
			`[LAMPSecurity](http://sourceforge.net/projects/lampsecurity/)`
			`[Moth](http://www.bonsai-sec.com/en/research/moth.php)`
			`[NOWASP / Mutillidae 2](http://sourceforge.net/projects/mutillidae/)`
			`[OWASP BWA ](http://code.google.com/p/owaspbwa/)`
			`[OWASP Hackademic ](http://hackademic1.teilar.gr/)`
			`[OWASP SiteGenerator ](https://www.owasp.org/index.php/Owasp_SiteGenerator)`
			`[OWASP Bricks ](http://sourceforge.net/projects/owaspbricks/)`
			`[OWASP Security Shepherd ](https://www.owasp.org/index.php/OWASP_Security_Shepherd)`
			`[PentesterLab ](https://pentesterlab.com/)`
			`[PHDays iBank CTF ](http://blog.phdays.com/2012/05/once-again-about-remote-banking.html)`
			`[SecuriBench ](http://suif.stanford.edu/~livshits/securibench/)`
			`[SentinelTestbed ](https://github.com/dobin/SentinelTestbed)`
			`[SocketToMe](http://digi.ninja/projects/sockettome.php)`
			`[sqli-labs](https://github.com/Audi-1/sqli-labs)`
			`[MCIR (Magical Code Injection Rainbow)](https://github.com/SpiderLabs/MCIR)`
			`[sqlilabs](https://github.com/himadriganguly/sqlilabs)`
			`[VulnApp](http://www.nth-dimension.org.uk/blog.php?id=88)`
			`[PuzzleMall](http://code.google.com/p/puzzlemall/)`
			`[WackoPicko](https://github.com/adamdoupe/WackoPicko)`
			`[WAED](http://www.waed.info)`
			`[WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET/)`
			`[WebSecurity Dojo](http://www.mavensecurity.com/web_security_dojo/)`
			`[XVWA](https://github.com/s4n7h0/xvwa)`
			`[Zap WAVE](http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip)`