Difference between revisions of "OWASP Vulnerable Web Applications Directory Project/Pages/Offline"

From OWASP
Jump to: navigation, search
(v20160122 - Added DVNA & NodeGoat)
m (Added Alert Labs)
 
(13 intermediate revisions by 5 users not shown)
Line 6: Line 6:
 
! scope="col" | Author
 
! scope="col" | Author
 
! scope="col" | Notes
 
! scope="col" | Notes
 +
|-
 +
|[https://github.com/Abhi-M/alert-labs Alert Labs]
 +
|PHP
 +
|[https://exploitme.info/alert-labs/ demo] [https://github.com/Abhi-M/alert-labs/archive/master.zip download] [https://exploitme.info/alert-labs/user-guide.php docs]
 +
|Abhi M Balakrishnan
 +
|Focusing only on XSS
 +
|-
 +
| [https://github.com/CSPF-Founder/btslab/ btslab]
 +
| PHP
 +
|
 +
|
 +
| Includes flash-based xss, SSRF, and SSI
 
|-
 
|-
 
| [http://www.badstore.net/ BadStore]
 
| [http://www.badstore.net/ BadStore]
Line 13: Line 25:
 
|  
 
|  
 
|-
 
|-
| [http://code.google.com/p/bodgeit/ BodgeIt Store ]
+
| [http://code.google.com/p/bodgeit/ BodgeIt Store]
 
| Java
 
| Java
 
| [http://code.google.com/p/bodgeit/downloads/list download]
 
| [http://code.google.com/p/bodgeit/downloads/list download]
Line 19: Line 31:
 
|  
 
|  
 
|-
 
|-
| [http://sechow.com/bricks/index.html Bricks ]
+
| [http://sechow.com/bricks/index.html Bricks]
 
| PHP
 
| PHP
 
| [http://sechow.com/bricks/download.html download] [http://sechow.com/bricks/docs/ docs]
 
| [http://sechow.com/bricks/download.html download] [http://sechow.com/bricks/docs/ docs]
Line 31: Line 43:
 
| Last updated in 2008
 
| Last updated in 2008
 
|-
 
|-
| [http://www.itsecgames.com/ bWAPP ]
+
| [http://www.itsecgames.com/ bWAPP]
 
| PHP
 
| PHP
 
| [http://sourceforge.net/projects/bwapp/files/ download] [http://itsecgames.blogspot.be/2013/01/bwapp-installation.html docs]
 
| [http://sourceforge.net/projects/bwapp/files/ download] [http://itsecgames.blogspot.be/2013/01/bwapp-installation.html docs]
Line 37: Line 49:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/fridaygoldsmith/bwa_cyclone_transfers Cyclone Transfers ]
+
| [https://github.com/fridaygoldsmith/bwa_cyclone_transfers Cyclone Transfers]
 
| Ruby on Rails
 
| Ruby on Rails
 
|  
 
|  
Line 43: Line 55:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/quantumfoam/DVNA/ Damn Vulnerable Node Application - DVNA ]
+
| [https://github.com/quantumfoam/DVNA/ Damn Vulnerable Node Application - DVNA]
 
| Node.js
 
| Node.js
 
| [https://github.com/quantumfoam/DVNA/ download]
 
| [https://github.com/quantumfoam/DVNA/ download]
Line 49: Line 61:
 
|  
 
|  
 
|-
 
|-
| [http://www.dvwa.co.uk/ Damn Vulnerable Web Application - DVWA ]
+
| [http://www.dvwa.co.uk/ Damn Vulnerable Web Application - DVWA]
 
| PHP
 
| PHP
 
| [http://code.google.com/p/dvwa/downloads/list download]
 
| [http://code.google.com/p/dvwa/downloads/list download]
Line 55: Line 67:
 
|  
 
|  
 
|-
 
|-
| [http://dvws.secureideas.net/ Damn Vulnerable Web Services - DVWS ]
+
| [http://dvws.secureideas.net/ Damn Vulnerable Web Service - DVWS]
 
| PHP
 
| PHP
 
| [http://dvws.secureideas.net/downloads/files/dvws.tgz download]
 
| [http://dvws.secureideas.net/downloads/files/dvws.tgz download]
| Secure Ideas
+
| Secure Ideas (depriciated?)
 
|  
 
|  
 
|-
 
|-
| [http://google-gruyere.appspot.com/ Gruyere ]
+
| [https://github.com/snoopysecurity/dvws Damn Vulnerable Web Services - DVWS]
 +
| PHP
 +
|
 +
| snoopysecurity
 +
|
 +
|-
 +
| [https://github.com/secvulture/dvta Damn Vulnerable Thick Client App - DVTA]
 +
| C# .NET
 +
|
 +
| secvulture
 +
|
 +
|-
 +
| [http://google-gruyere.appspot.com/ Gruyere]
 
| Python
 
| Python
 
| [http://google-gruyere.appspot.com/gruyere-code.zip download]
 
| [http://google-gruyere.appspot.com/gruyere-code.zip download]
Line 67: Line 91:
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project Hackademic Challenges Project ]
+
| [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project Hackademic Challenges Project]
 
| PHP
 
| PHP
 
| [https://code.google.com/p/owasp-hackademic-challenges/ download]
 
| [https://code.google.com/p/owasp-hackademic-challenges/ download]
 
| OWASP
 
| OWASP
 
|  
 
|  
 +
|-
 +
| [https://github.com/rapid7/hackazon Hackazon]
 +
|
 +
|
 +
| Rapid7
 +
| Has some REST and new-school web components.
 
|-
 
|-
 
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Hacme Bank - Android]
 
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Hacme Bank - Android]
Line 79: Line 109:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx Hacme Bank ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx Hacme Bank]
 
| .NET
 
| .NET
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx download]
Line 85: Line 115:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Books ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Books]
 
| Java
 
| Java
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx download]
Line 91: Line 121:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Casino ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Casino]
 
| Ruby on Rails
 
| Ruby on Rails
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx download]
Line 97: Line 127:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Shipping ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Shipping]
 
| ColdFusion
 
| ColdFusion
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx download]
Line 103: Line 133:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Hacme Travel ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Hacme Travel]
 
| C++
 
| C++
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx download]
Line 115: Line 145:
 
| First 2 levels online, rest offline
 
| First 2 levels online, rest offline
 
|-
 
|-
| [http://bkimminich.github.io/juice-shop/; Juice Shop]
+
| [https://www.owasp.org/index.php/OWASP_Juice_Shop_Project Juice Shop]
| Node
+
| Node/JS
| [https://github.com/bkimminich/juice-shop download]
+
| [https://github.com/bkimminich/juice-shop download] [https://hub.docker.com/r/bkimminich/juice-shop/ docker] [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop guide]
| [https://github.com/bkimminich; Bjorn Kimminich]
+
| OWASP
 
|  
 
|  
 
|-
 
|-
Line 127: Line 157:
 
|  
 
|  
 
|-
 
|-
| [http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 Mutillidae ]
+
| [http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 Mutillidae]
 
| PHP
 
| PHP
 
| [http://www.irongeek.com/mutillidae/ download]
 
| [http://www.irongeek.com/mutillidae/ download]
Line 133: Line 163:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/jerryhoff/WebGoat.NET .NET Goat ]
+
| [https://github.com/jerryhoff/WebGoat.NET .NET Goat]
 
| C#
 
| C#
 
| [https://github.com/jerryhoff/WebGoat.NET git repository]
 
| [https://github.com/jerryhoff/WebGoat.NET git repository]
Line 139: Line 169:
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project NodeGoat ]
+
| [https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project NodeGoat]
 
| Node.js
 
| Node.js
 
| [https://github.com/OWASP/NodeGoat git repository]
 
| [https://github.com/OWASP/NodeGoat git repository]
Line 145: Line 175:
 
|  
 
|  
 
|-
 
|-
| [http://peruggia.sourceforge.net/ Peruggia ]
+
| [http://peruggia.sourceforge.net/ Peruggia]
 
| PHP
 
| PHP
 
| [http://sourceforge.net/projects/peruggia/files/ download]
 
| [http://sourceforge.net/projects/peruggia/files/ download]
Line 151: Line 181:
 
|  
 
|  
 
|-
 
|-
| [https://code.google.com/p/puzzlemall/ Puzzlemall ]
+
| [https://code.google.com/p/puzzlemall/ Puzzlemall]
 
| Java
 
| Java
 
| [https://code.google.com/p/puzzlemall/downloads/list download] [https://code.google.com/p/puzzlemall/downloads/list docs]
 
| [https://code.google.com/p/puzzlemall/downloads/list download] [https://code.google.com/p/puzzlemall/downloads/list docs]
Line 157: Line 187:
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project Rails Goat ]
+
| [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project Rails Goat]
 
| Ruby on Rails
 
| Ruby on Rails
 
| [https://github.com/OWASP/railsgoat/archive/master.zip download] [http://railsgoat.cktricky.com/getting_started.html docs]
 
| [https://github.com/OWASP/railsgoat/archive/master.zip download] [http://railsgoat.cktricky.com/getting_started.html docs]
Line 193: Line 223:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/SpiderLabs/SQLol SQLol ]
+
| [https://github.com/SpiderLabs/SQLol SQLol]
 
| PHP
 
| PHP
 
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]
 
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]
Line 199: Line 229:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/SpiderLabs/SQLol SQLol ]
+
| [https://github.com/SpiderLabs/SQLol SQLol]
 
| PHP
 
| PHP
 
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]
 
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]
Line 205: Line 235:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/sakti/twitterlike twitterlike ]
+
| [https://github.com/sakti/twitterlike twitterlike]
 
| PHP
 
| PHP
 
| [https://github.com/sakti/twitterlike git repository]
 
| [https://github.com/sakti/twitterlike git repository]
Line 211: Line 241:
 
|  
 
|  
 
|-
 
|-
| [http://www.nth-dimension.org.uk/blog.php?id=88 VulnApp ]
+
| [http://www.nth-dimension.org.uk/blog.php?id=88 VulnApp]
 
| .NET
 
| .NET
 
| [http://projects.nth-dimension.org.uk/dir?d=VulnApp CVS download] [http://projects.nth-dimension.org.uk/rptview?rn=6 vulns]
 
| [http://projects.nth-dimension.org.uk/dir?d=VulnApp CVS download] [http://projects.nth-dimension.org.uk/rptview?rn=6 vulns]
Line 223: Line 253:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/adamdoupe/WackoPicko WackoPicko ]
+
|[https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Application Vulnerable Web Application Project]
 +
|PHP
 +
|[https://github.com/OWASP/Vulnerable-Web-Application Github]
 +
|[https://github.com/hummingbirdscyber/ Hummingbirds Cyber Security Community]
 +
|
 +
|-
 +
| [https://github.com/adamdoupe/WackoPicko WackoPicko]
 
| PHP
 
| PHP
 
| [https://github.com/adamdoupe/WackoPicko/zipball/master download] [http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf whitepaper]
 
| [https://github.com/adamdoupe/WackoPicko/zipball/master download] [http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf whitepaper]
Line 229: Line 265:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/sectooladdict/wavsep WAVSEP - Web Application Vulnerability Scanner Evaluation Project ]
+
| [https://github.com/sectooladdict/wavsep WAVSEP - Web Application Vulnerability Scanner Evaluation Project]
 
| Java
 
| Java
 
| [https://sourceforge.net/projects/wavsep/ download (builds)] [https://code.google.com/p/wavsep/downloads/list download (old)] [https://github.com/sectooladdict/wavsep/wiki wiki]
 
| [https://sourceforge.net/projects/wavsep/ download (builds)] [https://code.google.com/p/wavsep/downloads/list download (old)] [https://github.com/sectooladdict/wavsep/wiki wiki]
Line 235: Line 271:
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat ]
+
| [https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
 
| Java
 
| Java
 
| [http://code.google.com/p/webgoat/downloads/list download] [https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents guide]
 
| [http://code.google.com/p/webgoat/downloads/list download] [https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents guide]
 +
| OWASP
 +
|
 +
|-
 +
| [https://www.owasp.org/index.php/WebGoatPHP WebGoatPHP]
 +
| PHP
 +
| [https://github.com/OWASP/OWASPWebGoatPHP download] [https://github.com/OWASP/OWASPWebGoatPHP/blob/master/README.md guide]
 
| OWASP
 
| OWASP
 
|  
 
|  

Latest revision as of 13:05, 26 November 2019

App Name / Link Technology Other links Author Notes
Alert Labs PHP demo download docs Abhi M Balakrishnan Focusing only on XSS
btslab PHP Includes flash-based xss, SSRF, and SSI
BadStore Perl(CGI)
BodgeIt Store Java download
Bricks PHP download docs OWASP
Butterfly Security Project PHP download Last updated in 2008
bWAPP PHP download docs
Cyclone Transfers Ruby on Rails
Damn Vulnerable Node Application - DVNA Node.js download Claudio Lacayo
Damn Vulnerable Web Application - DVWA PHP download RandomStorm
Damn Vulnerable Web Service - DVWS PHP download Secure Ideas (depriciated?)
Damn Vulnerable Web Services - DVWS PHP snoopysecurity
Damn Vulnerable Thick Client App - DVTA C# .NET secvulture
Gruyere Python download Google
Hackademic Challenges Project PHP download OWASP
Hackazon Rapid7 Has some REST and new-school web components.
Hacme Bank - Android McAfee / Foundstone
Hacme Bank .NET download McAfee / Foundstone
Hacme Books Java download McAfee / Foundstone
Hacme Casino Ruby on Rails download McAfee / Foundstone
Hacme Shipping ColdFusion download McAfee / Foundstone
Hacme Travel C++ download McAfee / Foundstone
hackxor First 2 levels online, rest offline
Juice Shop Node/JS download docker guide OWASP
LampSecurity PHP
Mutillidae PHP download
.NET Goat C# git repository OWASP
NodeGoat Node.js git repository OWASP
Peruggia PHP download
Puzzlemall Java download docs
Rails Goat Ruby on Rails download docs OWASP
SecuriBench Java Stanford
SecuriBench Micro Java download Stanford
Security Shepherd Java download OWASP
SQL injection test environment PHP SQLmap Project
SQLI-labs PHP download blog
SQLol PHP download
SQLol PHP download
twitterlike PHP git repository Sakti Dwi Cahyono
VulnApp .NET CVS download vulns
Vulnerable Web App Exploit.co.il
Vulnerable Web Application Project PHP Github Hummingbirds Cyber Security Community
WackoPicko PHP download whitepaper
WAVSEP - Web Application Vulnerability Scanner Evaluation Project Java download (builds) download (old) wiki Shay Chen
WebGoat Java download guide OWASP
WebGoatPHP PHP download guide OWASP
WIVET - Web Input Vector Extractor Teaser download tests
Xtreme Vulnerable Web Application (XVWA) PHP/MySQL download @s4n7h0, @samanL33T