Search Results for "vulnerable application"
Sort By:
Showing 34 open source projects for "vulnerable application"
View related business solutions-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
-
AI-based, Comprehensive Service Management for Businesses and IT ProvidersChangeGear provides IT staff with the functions required to manage everything from ticketing to incident, change and asset management and more. ChangeGear includes a virtual agent, self-service portals and AI-based features to support analyst and end user productivity.
-
1
Damn Vulnerable GraphQL Application
Vulnerable implementation of Facebook's GraphQL technology
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. DVGA has numerous flaws, such as Injections, Code Executions, Bypasses, Denial of Service, and more. See the full list under the Scenarios section. A public Postman collection is also available to replay solutions to the challenges. -
2
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. -
3
pagodo
Automate Google Hacking Database scraping and searching
pagodo automates Google searching for potentially vulnerable web pages and applications on the Internet. It replaces manually performing Google dork searches with a web GUI browser. There are 2 parts. The first is ghdb_scraper.py that retrieves the latest Google dorks and the second portion is pagodo.py that leverages the information gathered by ghdb_scraper.py. This version of pagodo also supports native HTTP(S) and SOCKS5 application support, so no more wrapping it in a tool like proxychains4 if you need proxy support. ... -
4
ThreatMapper
Open source cloud native security observability platform
Thousands of companies trust Deepfence to secure their most critical cloud workloads and applications with a unified platform. Experience rapid threat detection and remediation, while significantly reducing non-critical security alerts by 90%. Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk of exploit. It uncovers vulnerable software components, exposed secrets, and deviations from good security practices. ThreatMapper uses a... -
Dominate AI Search ResultsAthenaHQ is a cutting-edge platform for Generative Engine Optimization (GEO), designed to help brands optimize their visibility and performance across AI-driven search platforms like ChatGPT, Google AI, and more.
-
5
KubeClarity
KubeClarity is a tool for detection and management of vulnerabilities
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection. KubeClarity includes a CLI that can be run locally and especially useful for CI/CD pipelines. It allows to analyze images and directories to generate... -
6
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" Will also run on the ProxMox server to understand how to do it pls refer to the doc in the zip named "Cybersecurity Lab Deployment on Proxmox" The default login...
-
7
Suricata Anti-DDoS Lab
Suricata VMware VM dor IDS practicing
...Includes the following integrated services: + Suricata – network intrusion detection and traffic inspection + EveBox – alert visualisation and event analysis + DVWA – vulnerable web application for traffic generation and testing + phpMyAdmin – database management and inspection Default setup demonstrates DDoS-related detection scenarios, but the lab is fully customisable for other network-based attacks. Suitable for students, educators, workshops, and self-study Intended for learning and training purposes only (not for production use) Project repository: https://github.com/kaledaljebur/suricata-anti-ddos For questions, feedback, or support, please contact: Kaled Aljebur via GitHub issues -
8
Vulnerable Web Apps
Vulnerable Web Apps virtual appliance to learn application security.
Hello! My name is Manuel Santander. I teach at local Universities courses about web application security. I prefer to teach my students in a practical way, where they are able to interact with specific cases, learn the vulnerabilities and perform asessments. There were not that many alternatives for virtual appliances that covers what I wanted to teach, so I decided to mount my own appliance. Last version is an Ubuntu 22.04 server appliance, which includes the following applications: Version 4 Running on port 80: - bWAPP - Damn Vulnerable Web Application - OWASP Hackademic - OWASP Mutillidae Running on port 81: - Hackazon Running on port 82: - Conviso Vulnerable Web App Running on port 83: - Generic University Running on port 3000: - OWASP Juice Shop Running on port 9000: - Authlab">
-
9
Slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP
Slipstream (also referred to as “NAT Slipstreaming”) is a proof-of-concept exploit framework that allows an attacker to remotely access any TCP or UDP service running on a victim machine inside a NAT (behind a router/firewall) simply by tricking the target to visit a malicious website. It works by abusing the NAT’s Application Level Gateway (ALG) logic and connection tracking, combined with browser capabilities like WebRTC, precise packet fragmentation or boundary control, and packet... -
Yeastar: Business Phone System and Unified CommunicationsUser-friendly, optimized, and scalable, the Yeastar P-Series Phone System redefines business connectivity by bringing together calling, meetings, omnichannel messaging, and integrations in one simple platform—removing the limitations of distance, platforms, and systems.
-
10
Confused
Tool to check for dependency confusion vulnerabilities
A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt, JavaScript (npm) package.json, PHP (composer) composer.json or MVN (maven) pom.xml. confused simply reads through a dependency definition file of an application and checks the public package repositories for each dependency entry in that file. It will proceed to report all the package names that are not found in the public repositories - a state that implies that a package might be vulnerable to this kind of attack, while this vector has not yet been exploited. -
11
InjuredAndroid
Vulnerable Android application that shows examples of vulnerabilities
A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. -
12
VPLE
Vulnerable Pentesting Lab Environment
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" The default login and password is administrator: password. List Of All Labs in one VM:- 1. Web-DVWA 2. Mutillidae 3. Webgoat 4. Bwapp 5. Juice-shop 6.... -
13
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible...">
-
14
NodeGoat
The OWASP NodeGoat project
A deliberately vulnerable Node.js application designed for security training, helping developers understand common web vulnerabilities and how to mitigate them. -
15
Firing Range
Firing Range is a test bed for web application security scanners
Firing Range is an intentionally vulnerable web application designed to evaluate the real-world effectiveness of web security scanners and training exercises. Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed content problems. ... -
16
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server.
-
17
Vulnerable Operating Systems
deliberately vulnerable operating systems
VulnOS are a series of deliberately vulnerable operating systems packed as virtual machines to teach Offensive IT Security and to enhance penetration testing skills. For educational purposes! -
18
VulnerableHero
Vulnerable Application for Education Purposes Only
OVA file with ready to go vulnerable application. This application contains a variety of security issues and should only be run in a safe environment. For education purposes only. Enjoy! Virtual Machine Login Creds: user: vhero pass: vhero Code on github: https://github.com/JakeBernier/VHero -
19
In this package, it contain compilation of vulnerable web applications and various version of CMS for penetration testing. It is based on XAMPP for Windows OS For detail or updates, please visit http://www.facebook.com/SYWorks
-
20
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
-
21
XSS-Scanner
Powerful XSS Scanner based on Selenium Web Driver
Are you sure that your application is safe? Cross-site scripting (XSS) is the most prevalent web application security flaw. XSS scanner walks through all reachable pages of your web-site and checks all forms that can be potentially vulnerable. XSS-Scanner is a multi-threading app that works in parallel in several browser windows to save time and improve efficiency. -
22
Flashbang
Project "Flashbang" - An open-source Flash-security helper
Flashbang is an open-source Flash-security helper tool designed to extract and display flashVars from a SWF that is “naked” (i.e. not wrapped in a bigger application) so that security testers can begin analysis (e.g. for XSS or other vectors) without decompiling the whole SWF. It is built atop Mozilla’s Shumway project. It works in modern browsers via HTML/JS, can also be run locally, and does not upload SWFs to servers (processing stays local). It is still considered alpha quality. Clone... -
23
Java Remote Terminal
A web browser based terminal for Unix
This is a Java based web application can be deployed in any Servlet container. Once the web application is deployed in the target servlet container, a web browser can be used to issue various Unix commands to the remote machine. This can be used as simple administration tool or this even can be used as an attacking tool in a vulnerable application server. -
24
Java Vulnerable Lab - Pentesting Lab
a deliberately vulnerable Web application
This is Vulnerable Web Application developed for course by Cyber Security and Privacy Foundation (www.cysecurity.org) for Java programmers The full course on Hacking and Securing Web Java Programs is available in https://www.udemy.com/hacking-securing-java-web-programming/ WAR file: ---------- https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download Virtualbox VM file: -------------------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download Credentials for the VM: ------------------------ Username: root Password: cspf Stand-alone file: (Run the Jar file directly) -------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download -
25
xxe
Intentionally vulnerable web services exploitable with XXE
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located. This zipped Ubuntu VM is set up as a Capture the Flag with those that successfully exploit the XXE vulnerability...