cyber-security-resources/vulnerable_servers/README.md

# Vulnerable Apps, Servers, and Websites

The following is a collection of vulnerable servers (VMs) or websites that you can use to practice your skills (sorted alphabetically).

- bWAPP : <https://sourceforge.net/projects/bwapp/files/bWAPP>
- Damn Vulnerable ARM Router (DVAR): <http://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html>
- Damn Vulnerable iOS Application (DVIA): <http://damnvulnerableiosapp.com>
- Damn Vulnerable Web App (DVWA): <https://github.com/ethicalhack3r/DVWA>
- DOMXSS: <http://www.domxss.com/domxss/>
- Game of Hacks: <http://www.gameofhacks.com>
- Gruyere: <https://google-gruyere.appspot.com>
- Hack the Box: <https://www.hackthebox.eu/>
- Hack This Site: <https://www.hackthissite.org>
- Hack This: <https://www.hackthis.co.uk>
- Hack Yourself first <https://hack-yourself-first.com/>
- Hackazon : <https://github.com/rapid7/hackazon>
- HellBound Hackers: <https://www.hellboundhackers.org>
- Metasploitable2 : <https://community.rapid7.com/docs/DOC-1875>
- Metasploitable3 : <https://blog.rapid7.com/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3/>
- Over The Wire Wargames: <http://overthewire.org/wargames>
- OWASP  Juice Shop : https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
- OWASP Mutillidae II: <https://sourceforge.net/projects/mutillidae>
- Peruggia: <https://sourceforge.net/projects/peruggia>
- RootMe: <https://www.root-me.org>
- Samurai Web Testing Framework: <http://www.samurai-wtf.org/>
- Try2Hack: <http://www.try2hack.nl>
- Vicnum: <http://vicnum.ciphertechs.com>
- VulnHub:https://www.vulnhub.com
- Web Security Dojo: <https://www.mavensecurity.com/resources/web-security-dojo>
- WebSploit Labs (created and maintained by Omar Ωr Santos): https://websploit.h4cker.org
- WebGoat: <https://github.com/WebGoat/WebGoat>
- PortSwigger Web Security Academy: <https://portswigger.net/web-security>