Penetration testing commands for Intentionally Vulnerable Applications

Intentionally vulnerable applications are developed to provide a safe environment for practising security assessments and learning exploitation techniques without real-world consequences.

Name	Description	Price
Bodhi	Client-side vulnerability playground, CTF style application, a bot program which simulates the real-world victim	Free
Bust-A-Kube	Intentionally-vulnerable Kubernetes cluster, intended to help people self-train on attacking and defending Kubernetes clusters	Free
bWAPP	Buggy Web Application, insecure webapp for security trainings	Free
DVGA	Damn Vulnerable GraphQL Application, insecure webapp for GraphQL security trainings	Free
DVIA	Damn Vulnerable iOS App, insecure webapp for mobile security trainings	Free
DVWA	Damn Vulnerable Web Application, insecure webapp for security trainings	Free
Google Gruyere	Codelab for white-box and black-box hacking	Free
Hackazon	Intentionally vulnerable web shopping application using modern technologies and containing configurable areas	Free
Metasploitable	VM that is built from the ground up with a large amount of security vulnerabilities	Free
OWASP Juice Shop	Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc.	Free
OWASP Mutillidae II	Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code	Free
OWASP WebGoat	Deliberately insecure web application to teach web application security lessons	Free
simulator	Distributed systems and infrastructure simulator for attacking and debugging Kubernetes, creates a Kubernetes cluster in AWS and runs scenarios which misconfigure it or leave it vulnerable to compromise to train in mitigating against these vulnerabilities	Free
VAmPI	Vulnerable REST API with OWASP top 10 vulnerabilities for security testing	Free
XVNA	Extreme Vulnerable Node Application, insecure webapp for security trainings	Free