List of Vulnerable Web/Mobile/OS Projects

Testers usually maintain a library of the current and historical operating systems. When testing Microsoft operating systems, Windows XP is used as the reference standard to test vulnerabilities. Although Windows XP will be deprecated in 2014 and no longer supported by Microsoft, it will remain on many networks in servers and workstations as well as embedded in devices such as printers and point-of-sale terminals.

Similarly, the web-based applications can be useful to support enterprise testing as well as specific attacks against web applications.

It seem counterintuitive to the majority of practices that security professionals carry out each day, but most core ideas to create a secure machine are the same as those to create a vulnerable machine.

Following are a list of Working 60+ Vulnerable Web Applications, Mobile Applications and Linux based OS that one can use to learn for their particular interests.

S.No	Name	Link	Type
1	Damn Vulnerable NodeJS Application (DVNA)	https://github.com/appsecco/dvna	Web
2	Damn Vulnerable Web Application (DVWA)	https://github.com/ethicalhack3r/DVWA	Web
3	Damn Vulnerable Web Sockets (DVWS)	https://github.com/interference-security/DVWS/	Web
4	Damn Vulnerable Web Services (DVWS)	https://github.com/snoopysecurity/dvws	Web
5	OWASP Hackademic Challenges	https://code.google.com/archive/p/owasp-hackademic-challenges/	Web
6	OWASP Vulnerable Web Applications Directory Project (VWAD)	https://github.com/OWASP/OWASP-VWAD	Web
7	Vulnerable App & Attacker App	https://github.com/clarkio/vulnerable-app	Web
8	Vulnerable Node	https://github.com/cr0hn/vulnerable-node	Web
9	Rails Vulnerable	https://github.com/jobertabma/vulnerable	Web
10	Vulnerable Java based Web Application	https://github.com/CSPF-Founder/JavaVulnerableLab	Web
11	WebGoat	https://github.com/WebGoat/WebGoat	Web
12	WackoPicko	https://github.com/adamdoupe/WackoPicko	Web
13	The BodgeIt Store	https://github.com/psiinon/bodgeit	Web
14	OWASP Juice Shop	https://github.com/bkimminich/juice-shop	Web
15	Hackxor	https://sourceforge.net/projects/hackxor/	Web
16	OWASP Mutillidae II	https://sourceforge.net/projects/mutillidae/	Web
17	exploit.co.il Vulnerable Web	https://sourceforge.net/projects/exploitcoilvuln/	Web
18	GameOver	https://sourceforge.net/projects/null-gameover/	Web
19	OWASP Security Shepherd	https://github.com/OWASP/SecurityShepherd	Web
20	PuzzleMall	https://code.google.com/archive/p/puzzlemall/	Web
21	OWASP Bricks	https://sourceforge.net/projects/owaspbricks/	Web
22	SQLI Labs	https://github.com/Audi-1/sqli-labs	Web
23	SocketToMe	https://digi.ninja/projects/sockettome.php	Web
24	SentinelTestbed	https://github.com/dobin/SentinelTestbed	Web
25	SQL Injection Labs	https://github.com/himadriganguly/sqlilabs	Web
26	Hackazon	https://github.com/rapid7/hackazon	Web
27	LAMP Security	https://sourceforge.net/projects/lampsecurity/	Web
28	Moth	http://www.bonsai-sec.com/en/research/moth.php	Web
29	OWASP Broken Web Applications (BWA) Project	https://code.google.com/archive/p/owaspbwa/	Web
30	Magical Code Injection Rainbow (MCIR)	https://github.com/SpiderLabs/MCIR	Web
31	Web Security Dojo	https://sourceforge.net/projects/websecuritydojo/	Web
32	OWASP WebGoat .Net	https://github.com/jerryhoff/WebGoat.NET/	Web
33	Stanford SecuriBench	https://suif.stanford.edu/~livshits/securibench/	Web
34	PentesterLab	https://pentesterlab.com/	Web
35	Xtreme Vulnerable Web Application (XVWA)	https://github.com/s4n7h0/xvwa	Web
36	VulnApp	https://www.nth-dimension.org.uk/blog.php?id=88	Web
37	OWASP SiteGenerator	https://www.owasp.org/index.php/OWASP_SiteGenerator	Web
38	Hackxor	https://hackxor.net/	Web
39	The ButterFly – Security Project	https://sourceforge.net/projects/thebutterflytmp/	Web
40	Bwapp	https://sourceforge.net/projects/bwapp/files/bee-box/	web
41	Command injection Test Environment (Commix Testbed)	https://github.com/commixproject/commix-testbed	Web
42	CryptOMG	https://github.com/SpiderLabs/CryptOMG	Web
43	iPhone Labs	https://github.com/SecurityCompass/iPhoneLabs	Mobile
44	Android Labs	https://github.com/securitycompass/AndroidLabs	Mobile
45	Damn Vulnerable iOS App (DVIA)	https://github.com/prateek147/DVIA	Mobile
46	Damn Vulnerable iOS App (DVIA)	https://github.com/prateek147/DVIA-v2	Mobile
47	Damn Vulnerable Android App (DVAA)	https://code.google.com/archive/p/dvaa/	Mobile
48	OWASP iGoat	https://code.google.com/archive/p/owasp-igoat/	Mobile
49	OWASP GoatDroid Project	https://github.com/jackMannino/OWASP-GoatDroid-Project	Mobile
50	Damn Vulnerable Linux – Virtual Hacking Lab	https://sourceforge.net/projects/virtualhacking/files/os/dvl/	OS
51	Holynix	https://sourceforge.net/projects/holynix/	OS
52	Kioptrix	http://www.kioptrix.com/blog/test-page/	OS
53	Metasploitable	https://sourceforge.net/projects/virtualhacking/files/os/metasploitable/	OS
54	Metasploitable2	https://sourceforge.net/projects/metasploitable/	OS
55	Goatse Linux	https://neutronstar.org/goatselinux.html	OS
56	PwnOS	http://www.pwnos.com/	OS
57	HackLAB	http://www.rebootuser.com/?page_id=1041	OS
58	SecGame – Sauron	http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html	OS
59	The Hacker Games	https://www.scriptjunkie.us/2012/04/the-hacker-games/	OS
60	Bitnami Application Catalog	https://bitnami.com/stacks	OS
61	OSBoxes	https://www.osboxes.org/	OS
62	VulnHub	https://www.vulnhub.com/	OS
63	Open Cyber Challenge Platform (OCCP)	https://opencyberchallenge.net/	OS
64	Damn Vulnerable Router Firmware Project (DVRF)	https://github.com/praetorian-inc/DVRF	Others

You may also like:

List of Vulnerable Web/Mobile/OS Projects – 2018 Update

Sarcastic Writer

Related Posts