List of Vulnerable Web/Mobile/OS Projects – 2018 Update

Testers usually maintain a library of the current and historical operating systems. When testing Microsoft operating systems, Windows XP is used as the reference standard to test vulnerabilities. Although Windows XP will be deprecated in 2014 and no longer supported by Microsoft, it will remain on many networks in servers and workstations as well as embedded in devices such as printers and point-of-sale terminals.

Similarly, the web-based applications can be useful to support enterprise testing as well as specific attacks against web applications.

It seem counterintuitive to the majority of practices that security professionals carry out each day, but most core ideas to create a secure machine are the same as those to create a vulnerable machine.

Following are a list of Working 60+ Vulnerable Web Applications, Mobile Applications and Linux based OS that one can use to learn for their particular interests.

S.No Name Link Type
1 Damn Vulnerable NodeJS Application (DVNA) https://github.com/appsecco/dvna Web
2 Damn Vulnerable Web Application (DVWA) https://github.com/ethicalhack3r/DVWA Web
3 Damn Vulnerable Web Sockets (DVWS) https://github.com/interference-security/DVWS/ Web
4 Damn Vulnerable Web Services (DVWS) https://github.com/snoopysecurity/dvws Web
5 OWASP Hackademic Challenges https://code.google.com/archive/p/owasp-hackademic-challenges/ Web
6 OWASP Vulnerable Web Applications Directory Project (VWAD) https://github.com/OWASP/OWASP-VWAD Web
7 Vulnerable App & Attacker App https://github.com/clarkio/vulnerable-app Web
8 Vulnerable Node https://github.com/cr0hn/vulnerable-node Web
9 Rails Vulnerable https://github.com/jobertabma/vulnerable Web
10 Vulnerable Java based Web Application https://github.com/CSPF-Founder/JavaVulnerableLab Web
11 WebGoat https://github.com/WebGoat/WebGoat Web
12 WackoPicko https://github.com/adamdoupe/WackoPicko Web
13 The BodgeIt Store https://github.com/psiinon/bodgeit Web
14 OWASP Juice Shop https://github.com/bkimminich/juice-shop Web
15 Hackxor https://sourceforge.net/projects/hackxor/ Web
16 OWASP Mutillidae II https://sourceforge.net/projects/mutillidae/ Web
17 exploit.co.il Vulnerable Web https://sourceforge.net/projects/exploitcoilvuln/ Web
18 GameOver https://sourceforge.net/projects/null-gameover/ Web
19 OWASP Security Shepherd https://github.com/OWASP/SecurityShepherd Web
20 PuzzleMall https://code.google.com/archive/p/puzzlemall/ Web
21 OWASP Bricks https://sourceforge.net/projects/owaspbricks/ Web
22 SQLI Labs https://github.com/Audi-1/sqli-labs Web
23 SocketToMe https://digi.ninja/projects/sockettome.php Web
24 SentinelTestbed https://github.com/dobin/SentinelTestbed Web
25 SQL Injection Labs https://github.com/himadriganguly/sqlilabs Web
26 Hackazon https://github.com/rapid7/hackazon Web
27 LAMP Security https://sourceforge.net/projects/lampsecurity/ Web
28 Moth http://www.bonsai-sec.com/en/research/moth.php Web
29 OWASP Broken Web Applications (BWA) Project https://code.google.com/archive/p/owaspbwa/ Web
30 Magical Code Injection Rainbow (MCIR) https://github.com/SpiderLabs/MCIR Web
31 Web Security Dojo https://sourceforge.net/projects/websecuritydojo/ Web
32 OWASP WebGoat .Net https://github.com/jerryhoff/WebGoat.NET/ Web
33 Stanford SecuriBench https://suif.stanford.edu/~livshits/securibench/ Web
34 PentesterLab https://pentesterlab.com/ Web
35 Xtreme Vulnerable Web Application (XVWA) https://github.com/s4n7h0/xvwa Web
36 VulnApp https://www.nth-dimension.org.uk/blog.php?id=88 Web
37 OWASP SiteGenerator https://www.owasp.org/index.php/OWASP_SiteGenerator Web
38 Hackxor https://hackxor.net/ Web
39 The ButterFly – Security Project https://sourceforge.net/projects/thebutterflytmp/ Web
40 Bwapp https://sourceforge.net/projects/bwapp/files/bee-box/ web
41 Command injection Test Environment (Commix Testbed) https://github.com/commixproject/commix-testbed Web
42 CryptOMG https://github.com/SpiderLabs/CryptOMG Web
43 iPhone Labs https://github.com/SecurityCompass/iPhoneLabs Mobile
44 Android Labs https://github.com/securitycompass/AndroidLabs Mobile
45 Damn Vulnerable iOS App (DVIA) https://github.com/prateek147/DVIA Mobile
46 Damn Vulnerable iOS App (DVIA) https://github.com/prateek147/DVIA-v2 Mobile
47 Damn Vulnerable Android App (DVAA) https://code.google.com/archive/p/dvaa/ Mobile
48 OWASP iGoat https://code.google.com/archive/p/owasp-igoat/ Mobile
49 OWASP GoatDroid Project https://github.com/jackMannino/OWASP-GoatDroid-Project Mobile
50 Damn Vulnerable Linux – Virtual Hacking Lab https://sourceforge.net/projects/virtualhacking/files/os/dvl/ OS
51 Holynix https://sourceforge.net/projects/holynix/ OS
52 Kioptrix http://www.kioptrix.com/blog/test-page/ OS
53 Metasploitable https://sourceforge.net/projects/virtualhacking/files/os/metasploitable/ OS
54 Metasploitable2 https://sourceforge.net/projects/metasploitable/ OS
55 Goatse Linux https://neutronstar.org/goatselinux.html OS
56 PwnOS http://www.pwnos.com/ OS
57 HackLAB http://www.rebootuser.com/?page_id=1041 OS
58 SecGame – Sauron http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html OS
59 The Hacker Games https://www.scriptjunkie.us/2012/04/the-hacker-games/ OS
60 Bitnami Application Catalog https://bitnami.com/stacks OS
61 OSBoxes https://www.osboxes.org/ OS
62 VulnHub https://www.vulnhub.com/ OS
63 Open Cyber Challenge Platform (OCCP) https://opencyberchallenge.net/ OS
64 Damn Vulnerable Router Firmware Project (DVRF) https://github.com/praetorian-inc/DVRF Others

 

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts