This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Vulnerable Web Applications Directory Project/Pages/Offline"
From OWASP
Raul Siles (talk | contribs) (Added XVWA) |
m (Added Alert Labs) (Tag: Visual edit) |
||
(15 intermediate revisions by 5 users not shown) | |||
Line 6: | Line 6: | ||
! scope="col" | Author | ! scope="col" | Author | ||
! scope="col" | Notes | ! scope="col" | Notes | ||
+ | |- | ||
+ | |[https://github.com/Abhi-M/alert-labs Alert Labs] | ||
+ | |PHP | ||
+ | |[https://exploitme.info/alert-labs/ demo] [https://github.com/Abhi-M/alert-labs/archive/master.zip download] [https://exploitme.info/alert-labs/user-guide.php docs] | ||
+ | |Abhi M Balakrishnan | ||
+ | |Focusing only on XSS | ||
+ | |- | ||
+ | | [https://github.com/CSPF-Founder/btslab/ btslab] | ||
+ | | PHP | ||
+ | | | ||
+ | | | ||
+ | | Includes flash-based xss, SSRF, and SSI | ||
|- | |- | ||
| [http://www.badstore.net/ BadStore] | | [http://www.badstore.net/ BadStore] | ||
Line 13: | Line 25: | ||
| | | | ||
|- | |- | ||
− | | [http://code.google.com/p/bodgeit/ BodgeIt Store ] | + | | [http://code.google.com/p/bodgeit/ BodgeIt Store] |
| Java | | Java | ||
| [http://code.google.com/p/bodgeit/downloads/list download] | | [http://code.google.com/p/bodgeit/downloads/list download] | ||
Line 19: | Line 31: | ||
| | | | ||
|- | |- | ||
− | | [http://sechow.com/bricks/index.html Bricks ] | + | | [http://sechow.com/bricks/index.html Bricks] |
| PHP | | PHP | ||
| [http://sechow.com/bricks/download.html download] [http://sechow.com/bricks/docs/ docs] | | [http://sechow.com/bricks/download.html download] [http://sechow.com/bricks/docs/ docs] | ||
Line 31: | Line 43: | ||
| Last updated in 2008 | | Last updated in 2008 | ||
|- | |- | ||
− | | [http://www.itsecgames.com/ bWAPP ] | + | | [http://www.itsecgames.com/ bWAPP] |
| PHP | | PHP | ||
| [http://sourceforge.net/projects/bwapp/files/ download] [http://itsecgames.blogspot.be/2013/01/bwapp-installation.html docs] | | [http://sourceforge.net/projects/bwapp/files/ download] [http://itsecgames.blogspot.be/2013/01/bwapp-installation.html docs] | ||
Line 37: | Line 49: | ||
| | | | ||
|- | |- | ||
− | | [https://github.com/fridaygoldsmith/bwa_cyclone_transfers Cyclone Transfers ] | + | | [https://github.com/fridaygoldsmith/bwa_cyclone_transfers Cyclone Transfers] |
| Ruby on Rails | | Ruby on Rails | ||
| | | | ||
Line 43: | Line 55: | ||
| | | | ||
|- | |- | ||
− | | [http://www.dvwa.co.uk/ Damn Vulnerable Web Application - DVWA ] | + | | [https://github.com/quantumfoam/DVNA/ Damn Vulnerable Node Application - DVNA] |
+ | | Node.js | ||
+ | | [https://github.com/quantumfoam/DVNA/ download] | ||
+ | | Claudio Lacayo | ||
+ | | | ||
+ | |- | ||
+ | | [http://www.dvwa.co.uk/ Damn Vulnerable Web Application - DVWA] | ||
| PHP | | PHP | ||
| [http://code.google.com/p/dvwa/downloads/list download] | | [http://code.google.com/p/dvwa/downloads/list download] | ||
Line 49: | Line 67: | ||
| | | | ||
|- | |- | ||
− | | [http://dvws.secureideas.net/ Damn Vulnerable Web | + | | [http://dvws.secureideas.net/ Damn Vulnerable Web Service - DVWS] |
| PHP | | PHP | ||
| [http://dvws.secureideas.net/downloads/files/dvws.tgz download] | | [http://dvws.secureideas.net/downloads/files/dvws.tgz download] | ||
− | | Secure Ideas | + | | Secure Ideas (depriciated?) |
+ | | | ||
+ | |- | ||
+ | | [https://github.com/snoopysecurity/dvws Damn Vulnerable Web Services - DVWS] | ||
+ | | PHP | ||
+ | | | ||
+ | | snoopysecurity | ||
+ | | | ||
+ | |- | ||
+ | | [https://github.com/secvulture/dvta Damn Vulnerable Thick Client App - DVTA] | ||
+ | | C# .NET | ||
+ | | | ||
+ | | secvulture | ||
| | | | ||
|- | |- | ||
− | | [http://google-gruyere.appspot.com/ Gruyere ] | + | | [http://google-gruyere.appspot.com/ Gruyere] |
| Python | | Python | ||
| [http://google-gruyere.appspot.com/gruyere-code.zip download] | | [http://google-gruyere.appspot.com/gruyere-code.zip download] | ||
Line 61: | Line 91: | ||
| | | | ||
|- | |- | ||
− | | [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project Hackademic Challenges Project ] | + | | [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project Hackademic Challenges Project] |
| PHP | | PHP | ||
| [https://code.google.com/p/owasp-hackademic-challenges/ download] | | [https://code.google.com/p/owasp-hackademic-challenges/ download] | ||
| OWASP | | OWASP | ||
| | | | ||
+ | |- | ||
+ | | [https://github.com/rapid7/hackazon Hackazon] | ||
+ | | | ||
+ | | | ||
+ | | Rapid7 | ||
+ | | Has some REST and new-school web components. | ||
|- | |- | ||
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Hacme Bank - Android] | | [http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Hacme Bank - Android] | ||
Line 73: | Line 109: | ||
| | | | ||
|- | |- | ||
− | | [http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx Hacme Bank ] | + | | [http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx Hacme Bank] |
| .NET | | .NET | ||
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx download] | | [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx download] | ||
Line 79: | Line 115: | ||
| | | | ||
|- | |- | ||
− | | [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Books ] | + | | [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Books] |
| Java | | Java | ||
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx download] | | [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx download] | ||
Line 85: | Line 121: | ||
| | | | ||
|- | |- | ||
− | | [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Casino ] | + | | [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Casino] |
| Ruby on Rails | | Ruby on Rails | ||
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx download] | | [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx download] | ||
Line 91: | Line 127: | ||
| | | | ||
|- | |- | ||
− | | [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Shipping ] | + | | [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Shipping] |
| ColdFusion | | ColdFusion | ||
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx download] | | [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx download] | ||
Line 97: | Line 133: | ||
| | | | ||
|- | |- | ||
− | | [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Hacme Travel ] | + | | [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Hacme Travel] |
| C++ | | C++ | ||
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx download] | | [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx download] | ||
Line 108: | Line 144: | ||
| | | | ||
| First 2 levels online, rest offline | | First 2 levels online, rest offline | ||
+ | |- | ||
+ | | [https://www.owasp.org/index.php/OWASP_Juice_Shop_Project Juice Shop] | ||
+ | | Node/JS | ||
+ | | [https://github.com/bkimminich/juice-shop download] [https://hub.docker.com/r/bkimminich/juice-shop/ docker] [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop guide] | ||
+ | | OWASP | ||
+ | | | ||
|- | |- | ||
| [http://sourceforge.net/projects/lampsecurity/ LampSecurity] | | [http://sourceforge.net/projects/lampsecurity/ LampSecurity] | ||
Line 115: | Line 157: | ||
| | | | ||
|- | |- | ||
− | | [http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 Mutillidae ] | + | | [http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 Mutillidae] |
| PHP | | PHP | ||
| [http://www.irongeek.com/mutillidae/ download] | | [http://www.irongeek.com/mutillidae/ download] | ||
Line 121: | Line 163: | ||
| | | | ||
|- | |- | ||
− | | [https://github.com/jerryhoff/WebGoat.NET .NET Goat ] | + | | [https://github.com/jerryhoff/WebGoat.NET .NET Goat] |
| C# | | C# | ||
| [https://github.com/jerryhoff/WebGoat.NET git repository] | | [https://github.com/jerryhoff/WebGoat.NET git repository] | ||
Line 127: | Line 169: | ||
| | | | ||
|- | |- | ||
− | | [http://peruggia.sourceforge.net/ Peruggia ] | + | | [https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project NodeGoat] |
+ | | Node.js | ||
+ | | [https://github.com/OWASP/NodeGoat git repository] | ||
+ | | OWASP | ||
+ | | | ||
+ | |- | ||
+ | | [http://peruggia.sourceforge.net/ Peruggia] | ||
| PHP | | PHP | ||
| [http://sourceforge.net/projects/peruggia/files/ download] | | [http://sourceforge.net/projects/peruggia/files/ download] | ||
Line 133: | Line 181: | ||
| | | | ||
|- | |- | ||
− | | [https://code.google.com/p/puzzlemall/ Puzzlemall ] | + | | [https://code.google.com/p/puzzlemall/ Puzzlemall] |
| Java | | Java | ||
| [https://code.google.com/p/puzzlemall/downloads/list download] [https://code.google.com/p/puzzlemall/downloads/list docs] | | [https://code.google.com/p/puzzlemall/downloads/list download] [https://code.google.com/p/puzzlemall/downloads/list docs] | ||
Line 139: | Line 187: | ||
| | | | ||
|- | |- | ||
− | | [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project Rails Goat ] | + | | [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project Rails Goat] |
| Ruby on Rails | | Ruby on Rails | ||
| [https://github.com/OWASP/railsgoat/archive/master.zip download] [http://railsgoat.cktricky.com/getting_started.html docs] | | [https://github.com/OWASP/railsgoat/archive/master.zip download] [http://railsgoat.cktricky.com/getting_started.html docs] | ||
Line 175: | Line 223: | ||
| | | | ||
|- | |- | ||
− | | [https://github.com/SpiderLabs/SQLol SQLol ] | + | | [https://github.com/SpiderLabs/SQLol SQLol] |
| PHP | | PHP | ||
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download] | | [https://github.com/SpiderLabs/SQLol/archive/master.zip download] | ||
Line 181: | Line 229: | ||
| | | | ||
|- | |- | ||
− | | [https://github.com/SpiderLabs/SQLol SQLol ] | + | | [https://github.com/SpiderLabs/SQLol SQLol] |
| PHP | | PHP | ||
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download] | | [https://github.com/SpiderLabs/SQLol/archive/master.zip download] | ||
Line 187: | Line 235: | ||
| | | | ||
|- | |- | ||
− | | [https://github.com/sakti/twitterlike twitterlike ] | + | | [https://github.com/sakti/twitterlike twitterlike] |
| PHP | | PHP | ||
| [https://github.com/sakti/twitterlike git repository] | | [https://github.com/sakti/twitterlike git repository] | ||
Line 193: | Line 241: | ||
| | | | ||
|- | |- | ||
− | | [http://www.nth-dimension.org.uk/blog.php?id=88 VulnApp ] | + | | [http://www.nth-dimension.org.uk/blog.php?id=88 VulnApp] |
| .NET | | .NET | ||
| [http://projects.nth-dimension.org.uk/dir?d=VulnApp CVS download] [http://projects.nth-dimension.org.uk/rptview?rn=6 vulns] | | [http://projects.nth-dimension.org.uk/dir?d=VulnApp CVS download] [http://projects.nth-dimension.org.uk/rptview?rn=6 vulns] | ||
Line 205: | Line 253: | ||
| | | | ||
|- | |- | ||
− | | [https://github.com/adamdoupe/WackoPicko WackoPicko ] | + | |[https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Application Vulnerable Web Application Project] |
+ | |PHP | ||
+ | |[https://github.com/OWASP/Vulnerable-Web-Application Github] | ||
+ | |[https://github.com/hummingbirdscyber/ Hummingbirds Cyber Security Community] | ||
+ | | | ||
+ | |- | ||
+ | | [https://github.com/adamdoupe/WackoPicko WackoPicko] | ||
| PHP | | PHP | ||
| [https://github.com/adamdoupe/WackoPicko/zipball/master download] [http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf whitepaper] | | [https://github.com/adamdoupe/WackoPicko/zipball/master download] [http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf whitepaper] | ||
Line 211: | Line 265: | ||
| | | | ||
|- | |- | ||
− | | [https://github.com/sectooladdict/wavsep WAVSEP - Web Application Vulnerability Scanner Evaluation Project ] | + | | [https://github.com/sectooladdict/wavsep WAVSEP - Web Application Vulnerability Scanner Evaluation Project] |
| Java | | Java | ||
| [https://sourceforge.net/projects/wavsep/ download (builds)] [https://code.google.com/p/wavsep/downloads/list download (old)] [https://github.com/sectooladdict/wavsep/wiki wiki] | | [https://sourceforge.net/projects/wavsep/ download (builds)] [https://code.google.com/p/wavsep/downloads/list download (old)] [https://github.com/sectooladdict/wavsep/wiki wiki] | ||
Line 217: | Line 271: | ||
| | | | ||
|- | |- | ||
− | | [https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat ] | + | | [https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat] |
| Java | | Java | ||
| [http://code.google.com/p/webgoat/downloads/list download] [https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents guide] | | [http://code.google.com/p/webgoat/downloads/list download] [https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents guide] | ||
+ | | OWASP | ||
+ | | | ||
+ | |- | ||
+ | | [https://www.owasp.org/index.php/WebGoatPHP WebGoatPHP] | ||
+ | | PHP | ||
+ | | [https://github.com/OWASP/OWASPWebGoatPHP download] [https://github.com/OWASP/OWASPWebGoatPHP/blob/master/README.md guide] | ||
| OWASP | | OWASP | ||
| | | |