Penetration testing commands for Intentionally Vulnerable Applications
Intentionally vulnerable applications are developed to provide a safe environment for practising security assessments and learning exploitation techniques without real-world consequences.
Name | Description | Price |
---|---|---|
Bodhi | Client-side vulnerability playground, CTF style application, a bot program which simulates the real-world victim | Free |
Bust-A-Kube | Intentionally-vulnerable Kubernetes cluster, intended to help people self-train on attacking and defending Kubernetes clusters | Free |
bWAPP | Buggy Web Application, insecure webapp for security trainings | Free |
DVGA | Damn Vulnerable GraphQL Application, insecure webapp for GraphQL security trainings | Free |
DVIA | Damn Vulnerable iOS App, insecure webapp for mobile security trainings | Free |
DVWA | Damn Vulnerable Web Application, insecure webapp for security trainings | Free |
Google Gruyere | Codelab for white-box and black-box hacking | Free |
Hackazon | Intentionally vulnerable web shopping application using modern technologies and containing configurable areas | Free |
Metasploitable | VM that is built from the ground up with a large amount of security vulnerabilities | Free |
OWASP Juice Shop | Insecure web application with >85 challenges; supports CTFs, custom themes, tutorial mode etc. | Free |
OWASP Mutillidae II | Intentionally vulnerable web-application containing some OWASP Top Ten vulnerabilities, with hints and switch for secure version of the code | Free |
OWASP WebGoat | Deliberately insecure web application to teach web application security lessons | Free |
simulator | Distributed systems and infrastructure simulator for attacking and debugging Kubernetes, creates a Kubernetes cluster in AWS and runs scenarios which misconfigure it or leave it vulnerable to compromise to train in mitigating against these vulnerabilities | Free |
VAmPI | Vulnerable REST API with OWASP top 10 vulnerabilities for security testing | Free |
XVNA | Extreme Vulnerable Node Application, insecure webapp for security trainings | Free |