Vulnerable Web Application for Testing

Testers always wanted a ground to learn and prosper with their testing methodologies, but there was always a problem as to how and where to test or learn.

Following are a list of Vulnerable web applications and Mobile applications that one can use to learn for their particular interests.

Great Shootout to : Rishabh Dangwal for this amazing post.

 
List of vulnerable web applications and Mobile Applications (please scroll to bottom of page) to pwn and learn.


This will be updated on periodic basis.




Vulnerable Web Applications

Damn Vulnerable Node Application (DVNA) – https://github.com/quantumfoam/DVNA/

Damn Vulnerable Web App (DVWA) – http://www.dvwa.co.uk/

Damn Vulnerable Web Services (DVWS) – http://dvws.professionallyevil.com/

Drunk Admin Web Hacking Challenge –  https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/

Exploit KB Vulnerable Web App – http://exploit.co.il/projects/vuln-web-app/

Foundstone Hackme Bank –  http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx

Foundstone Hackme Books – http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx

Foundstone Hackme Casino –  http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx

Foundstone Hackme Shipping- http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx

Foundstone Hackme Travel – http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

GameOver – http://sourceforge.net/projects/null-gameover/

hackxor – http://hackxor.sourceforge.net/cgi-bin/index.pl

OWASP Security Shepherd – https://www.owasp.org/index.php/OWASP_Security_Shepherd

PentesterLab – https://pentesterlab.com/

PHDays iBank CTF – http://blog.phdays.com/2012/05/once-again-about-remote-banking.html

SecuriBench – http://suif.stanford.edu/~livshits/securibench/

SentinelTestbed – https://github.com/dobin/SentinelTestbed

SocketToMe – http://digi.ninja/projects/sockettome.php

sqli-labs – https://github.com/Audi-1/sqli-labs 

MCIR (Magical Code Injection Rainbow) – https://github.com/SpiderLabs/MCIR

sqlilabs – https://github.com/himadriganguly/sqlilabs

Hackazon – https://github.com/rapid7/hackazon

LAMPSecurity – http://sourceforge.net/projects/lampsecurity/

Moth – http://www.bonsai-sec.com/en/research/moth.php

NOWASP / Mutillidae 2 – http://sourceforge.net/projects/mutillidae/

OWASP BWA – http://code.google.com/p/owaspbwa/

OWASP Hackademic – http://hackademic1.teilar.gr/

OWASP SiteGenerator – https://www.owasp.org/index.php/Owasp_SiteGenerator

OWASP Bricks – http://sourceforge.net/projects/owaspbricks/

VulnApp – http://www.nth-dimension.org.uk/blog.php?id=88

PuzzleMall – http://code.google.com/p/puzzlemall/

WackoPicko – https://github.com/adamdoupe/WackoPicko

WAED – http://www.waed.info

WebGoat.NET – https://github.com/jerryhoff/WebGoat.NET/

WebSecurity Dojo – http://www.mavensecurity.com/web_security_dojo/

XVWA – https://github.com/s4n7h0/xvwa

Zap WAVE – http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip

BadStore – http://www.badstore.net/

BodgeIt Store – http://code.google.com/p/bodgeit/

Butterfly Security Project – http://thebutterflytmp.sourceforge.net/

bWAPP
http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/

Commix – https://github.com/stasinopoulos/commix-testbed

CryptOMG – https://github.com/SpiderLabs/CryptOMG

Vulnerable Mobile Applications

ExploitMe Mobile iPhone Labs http://securitycompass.github.io/iPhoneLabs/

Damn Vulnerable FirefoxOS Application (DVFA) – https://github.com/pwnetrationguru/dvfa/

Damn Vulnerable iOS App (DVIA) http://damnvulnerableiosapp.com/

InsecureBank http://www.paladion.net/downloadapp.html

NcN Wargame http://noconname.org/evento/wargame/

Damn Vulnerable Android App (DVAA)https://code.google.com/p/dvaa/

Hacme Bank Android http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx

OWASP iGoat http://code.google.com/p/owasp-igoat/

OWASP Goatdroid https://github.com/jackMannino/OWASP-GoatDroid-Project

ExploitMe Mobile Android Labs http://securitycompass.github.io/AndroidLabs/