cyber-security-resources/vulnerable_servers/README.md

# Vulnerable Apps, Servers, and Websites

The following is a collection of vulnerable servers (VMs) or websites that you can use to practice your skills (sorted alphabetically).

- [bWAPP ](https://sourceforge.net/projects/bwapp/files/bWAPP)
- [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat)
- [Damn Small Vulnerable Web](https://github.com/stamparm/DSVW)
- [Damn Vulnerable ARM Router (DVAR)](http://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html)
- [Damn Vulnerable iOS Application (DVIA)](http://damnvulnerableiosapp.com)
- [Damn Vulnerable Web App (DVWA)](https://github.com/ethicalhack3r/DVWA)
- [Damn Vulnerable Web Services](https://github.com/snoopysecurity/dvws-node)
- [Damn Vulnerable WordPress](https://github.com/vavkamil/dvwp)
- [DOMXSS](http://www.domxss.com/domxss/)
- [Extreme Vulnerable Node Application(XVNA)](https://github.com/vegabird/xvna)
- [Game of Hacks](http://www.gameofhacks.com)
- [Gruyere](https://google-gruyere.appspot.com)
- [Hack This Site](https://www.hackthissite.org)
- [Hack This](https://www.hackthis.co.uk)
- [Hack Yourself first](https://hack-yourself-first.com/)
- [Hackazon ](https://github.com/rapid7/hackazon)
- [HellBound Hackers](https://www.hellboundhackers.org)
- [Kubernetes Goat](https://github.com/madhuakula/kubernetes-goat)
- [Metasploitable2 ](https://community.rapid7.com/docs/DOC-1875)
- [Metasploitable3 ](https://blog.rapid7.com/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3/)
- [NodeGoat](https://github.com/owasp/nodegoat)
- [Over The Wire Wargames](http://overthewire.org/wargames)
- [OWASP  Juice Shop ](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project)
- [OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae)
- [Peruggia](https://sourceforge.net/projects/peruggia)
- [PortSwigger Web Security Academy](https://portswigger.net/web-security)
- [RailsGoat](https://github.com/OWASP/railsgoat)
- [RootMe](https://www.root-me.org)
- [Server-Side Request Forgery (SSRF) vulnerable Lab](https://github.com/incredibleindishell/SSRF_Vulnerable_Lab)
- [Snyk exploit-workshop](https://github.com/snyk/exploit-workshop)
- [Try2Hack](http://www.try2hack.nl)
- [Vicnum](http://vicnum.ciphertechs.com)
- [Vulnerable Single Sign-On (SSO)](https://github.com/dogangcr/vulnerable-sso)
- [WebGoat](https://github.com/WebGoat/WebGoat)
- [XXE Lab](https://github.com/jbarone/xxelab)

## WebSploit Labs
- [WebSploit Labs (created and maintained by Omar Ωr Santos)](https://websploit.org)
- [Mayhem - vulnerable container created by Omar Ωr for Mayhem 2020](https://websploit.org)
- [RTOV-Hackme - vulnerable container created by Omar Ωr for DEF CON 27](https://websploit.org)
- [RTV-Safemode - vulnerable container created by Omar Ωr for DEF CON Safemode](https://websploit.org)

## Learning Platforms and VMs
- [VulnHub](https://www.vulnhub.com)
- [Hack the Box](https://www.hackthebox.eu/)
- [TryHackMe](https://tryhackme.com/)
- [eLearn Security](https://www.elearnsecurity.com/)
- [PentesterLab](https://pentesterlab.com/)
vulnerable apps 2017-08-20 21:27:05 -04:00			`# Vulnerable Apps, Servers, and Websites`
adding docker references Adding information about Docker for students to learn how to deploy vulnerable applications in Docker and understand the fundamentals of Linux containers. 2018-05-19 15:16:58 -04:00
Adding vulnerable applications Adding OWASP Juice Shop and sorting all apps alphabetically. 2018-07-27 19:50:52 -04:00			`The following is a collection of vulnerable servers (VMs) or websites that you can use to practice your skills (sorted alphabetically).`
adding docker references Adding information about Docker for students to learn how to deploy vulnerable applications in Docker and understand the fundamentals of Linux containers. 2018-05-19 15:16:58 -04:00
Update README.md 2020-08-13 22:43:22 -04:00			`- [bWAPP ](https://sourceforge.net/projects/bwapp/files/bWAPP)`
			`- [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat)`
			`- [Damn Small Vulnerable Web](https://github.com/stamparm/DSVW)`
			`- [Damn Vulnerable ARM Router (DVAR)](http://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html)`
			`- [Damn Vulnerable iOS Application (DVIA)](http://damnvulnerableiosapp.com)`
			`- [Damn Vulnerable Web App (DVWA)](https://github.com/ethicalhack3r/DVWA)`
Update README.md 2021-08-28 23:37:09 -04:00			`- [Damn Vulnerable Web Services](https://github.com/snoopysecurity/dvws-node)`
Update README.md 2020-08-13 22:43:22 -04:00			`- [Damn Vulnerable WordPress](https://github.com/vavkamil/dvwp)`
			`- [DOMXSS](http://www.domxss.com/domxss/)`
			`- [Extreme Vulnerable Node Application(XVNA)](https://github.com/vegabird/xvna)`
			`- [Game of Hacks](http://www.gameofhacks.com)`
			`- [Gruyere](https://google-gruyere.appspot.com)`
			`- [Hack This Site](https://www.hackthissite.org)`
			`- [Hack This](https://www.hackthis.co.uk)`
Update README.md 2020-08-13 22:44:08 -04:00			`- [Hack Yourself first](https://hack-yourself-first.com/)`
Update README.md 2020-08-13 22:43:22 -04:00			`- [Hackazon ](https://github.com/rapid7/hackazon)`
			`- [HellBound Hackers](https://www.hellboundhackers.org)`
			`- [Kubernetes Goat](https://github.com/madhuakula/kubernetes-goat)`
			`- [Metasploitable2 ](https://community.rapid7.com/docs/DOC-1875)`
			`- [Metasploitable3 ](https://blog.rapid7.com/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3/)`
adding nodegoat and railsgoat adding nodegoat and railsgoat 2020-08-31 00:06:37 -04:00			`- [NodeGoat](https://github.com/owasp/nodegoat)`
Update README.md 2020-08-13 22:43:22 -04:00			`- [Over The Wire Wargames](http://overthewire.org/wargames)`
Update README.md 2020-08-13 22:44:08 -04:00			`- [OWASP Juice Shop ](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project)`
Update README.md 2020-08-13 22:43:22 -04:00			`- [OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae)`
			`- [Peruggia](https://sourceforge.net/projects/peruggia)`
			`- [PortSwigger Web Security Academy](https://portswigger.net/web-security)`
adding nodegoat and railsgoat adding nodegoat and railsgoat 2020-08-31 00:06:37 -04:00			`- [RailsGoat](https://github.com/OWASP/railsgoat)`
Update README.md 2020-08-13 22:43:22 -04:00			`- [RootMe](https://www.root-me.org)`
			`- [Server-Side Request Forgery (SSRF) vulnerable Lab](https://github.com/incredibleindishell/SSRF_Vulnerable_Lab)`
			`- [Snyk exploit-workshop](https://github.com/snyk/exploit-workshop)`
			`- [Try2Hack](http://www.try2hack.nl)`
			`- [Vicnum](http://vicnum.ciphertechs.com)`
			`- [Vulnerable Single Sign-On (SSO)](https://github.com/dogangcr/vulnerable-sso)`
			`- [WebGoat](https://github.com/WebGoat/WebGoat)`
			`- [XXE Lab](https://github.com/jbarone/xxelab)`

			`## WebSploit Labs`
			`- [WebSploit Labs (created and maintained by Omar Ωr Santos)](https://websploit.org)`
Update README.md 2020-08-13 22:45:22 -04:00			`- [Mayhem - vulnerable container created by Omar Ωr for Mayhem 2020](https://websploit.org)`
			`- [RTOV-Hackme - vulnerable container created by Omar Ωr for DEF CON 27](https://websploit.org)`
Update README.md 2020-08-13 22:43:22 -04:00			`- [RTV-Safemode - vulnerable container created by Omar Ωr for DEF CON Safemode](https://websploit.org)`

			`## Learning Platforms and VMs`
			`- [VulnHub](https://www.vulnhub.com)`
			`- [Hack the Box](https://www.hackthebox.eu/)`
			`- [TryHackMe](https://tryhackme.com/)`
			`- [eLearn Security](https://www.elearnsecurity.com/)`
Adding PenstesterLab Adding PenstesterLab 2020-08-16 17:43:11 -04:00			`- [PentesterLab](https://pentesterlab.com/)`