Awesome Vulnerable

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB. This list aims to help starters as well as pros to test out and enhance their penetration skills.

Contents

• Vulnerable Web Applications
• Sites by Vendors of Security Testing Software
• Sites for Downloading Older Versions of Various Software
• Sites for Improving Your Hacking Skills
• Labs
• Mobile Apps

Vulnerable Web Applications

• BadStore - Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.
• BodgeIt Store - The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
• Butterfly Security Project - The ButterFly project is an educational environment intended to give an insight into common web application and PHP vulnerabilities. The environment also includes examples demonstrating how such vulnerabilities are mitigated.
• bWAPP - bee-box is a custom Linux VM pre-installed with bWAPP.
• CloudGoat - CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
• Commix - A collection of web pages, vulnerable to command injection flaws.
• CryptOMG - CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.
• Damn Vulnerable Cloud Application - Damn Vulnerable Cloud Application
• Damn Vulnerable Node Application(DVNA) - Damn Vulnerable NodeJS Application
• Damn Vulnerable Web App (DVWA) - Damn Vulnerablbe Web Application
• Damn Vulnerable Web Services (DVWS) - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
• Foundstone Hackme Bank - Free McAfee tools to aid in your security protection.
• Foundstone Hackme Books - Free McAfee tools to aid in your security protection.
• Foundstone Hackme Casino - Free McAfee tools to aid in your security protection.
• Foundstone Hackme Shipping - Free McAfee tools to aid in your security protection.
• Foundstone Hackme Travel - Free McAfee tools to aid in your security protection.
• GameOver - Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work.
• hackxor - Hackxor is a realistic web application hacking game, designed to help players of all abilities develop their skills. All the missions are based on real vulnerabilities I've personally found while doing pentests, bug bounty hunting, and research.
• Hackazon - A modern vulnerable web app
• LAMPSecurity
• Moth
• NOWASP / Mutillidae 2
• OWASP BWA
• OWASP Hackademic
• OWASP SiteGenerator
• OWASP Bricks
• OWASP Security Shepherd
• PentesterLab
• PHDays iBank CTF
• SecuriBench
• SentinelTestbed
• SocketToMe
• sqli-labs
• MCIR (Magical Code Injection Rainbow)
• sqlilabs
• VulnApp
• PuzzleMall
• WackoPicko
• WAED
• WebGoat.NET
• WebSecurity Dojo
• XVWA
• Zap WAVE

Sites for Downloading Older Versions of Various Software

• Exploit-DB
• Old Apps
• Old Version
• VirtualHacking Repo
• All Version

Sites by Vendors of Security Testing Software

• Acunetix acuforum
• Acunetix acublog
• Acunetix acuart
• Cenzic crackmebank
• HP freebank
• IBM altoromutual
• Mavituna testsparker
• Mavituna testsparker
• NTOSpider Test Site

Sites for Improving Your Hacking Skills

• Embedded Security CTF
• EnigmaGroup
• Escape
• Google Gruyere
• Gh0st Lab
• Hack The Box
• Hack This Site
• HackThis
• HackQuest
• Hack.me
• Hacking-Lab
• Hacker Challenge
• Hacker Test
• hACME Game
• Halls Of Valhalla
• Hax.Tor
• Metasploit Unleashed
• OverTheWire
• PentestIT
• CSC Play on Demand
• pwn0
• RootContest
• Root Me
• Security Treasure Hunt
• Smash The Stack
• SQLZoo
• TheBlackSheep and Erik
• ThisIsLegal
• Try2Hack
• WabLab
• XSS: Can You XSS This?
• XSS Game
• XSS: ProgPHP

Labs

• CTFd - CTFs as you need them
• Mellivora - Mellivora is a CTF engine written in PHP
• Metasploitable2 - Metasploitable is an intentionally vulnerable Linux virtual machine
• NightShade - A simple capture the flag framework.
• MCIR - The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.
• Vagrant - Development Environments Made Easy
• NETinVM - A tool for teaching and learning about systems, networks and security
• SmartOS - Converged Container and Virtual Machine Hypervisor
• SmartDataCenter - Joyent Triton DataCenter: a cloud management platform with first class support for containers.
• vSphere Hypervisor - vSphere Hypervisor is a bare-metal hypervisor that virtualizes servers; allowing you to consolidate your applications while saving time and money managing your IT infrastructure.
• GNS3 - Build, Design and Test your network in a risk-free virtual environment and access the largest networking community to help.
• OCCP - A free, configurable, open-source virtualization platform for cyber security educators and challenge event coordinators.
• XAMPP - XAMPP is a completely free, easy to install Apache distribution containing MariaDB, PHP, and Perl. The XAMPP open source package has been set up to be incredibly easy to install and to use.

Mobile Apps

• Damn Vulnerable Android App (DVAA)
• Damn Vulnerable FirefoxOS Application (DVFA)
• Damn Vulnerable iOS App (DVIA)
• ExploitMe Mobile Android Labs
• ExploitMe Mobile iPhone Labs
• Hacme Bank Android
• InsecureBank
• NcN Wargame
• OWASP iGoat
• OWASP Goatdroid

Here are some of the ways to contribute to this project:

Add your name to the CONTRIBUTORS.md file
Add any new useful links to resources with respect to pentesting and vulnerable testintg environments

Make a pull request and wait for it to be merged!

Getting started

Fork this repository (Click the Fork button in the top right of this page, click your Profile Image)
Clone your fork down to your local machine

git clone https://github.com/your-username/awesome-vulnerable.git

Create a branch

git checkout -b branch-name

Make your changes (choose from any task below)
Commit and push

git add .

git commit -m 'Commit message'

git push origin branch-name

Create a new pull request from your forked repository (Click the New Pull Request button located at the top of your repo)
Wait for your PR review and merge approval!
Star this repository if you had fun!

Contributions are always appreciated