This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Vulnerable Web Applications Directory Project/Pages/Offline"

From OWASP
Jump to: navigation, search
m (Adding Security Shepherd to List)
m (Added Alert Labs)
 
(19 intermediate revisions by 5 users not shown)
Line 6: Line 6:
 
! scope="col" | Author
 
! scope="col" | Author
 
! scope="col" | Notes
 
! scope="col" | Notes
 +
|-
 +
|[https://github.com/Abhi-M/alert-labs Alert Labs]
 +
|PHP
 +
|[https://exploitme.info/alert-labs/ demo] [https://github.com/Abhi-M/alert-labs/archive/master.zip download] [https://exploitme.info/alert-labs/user-guide.php docs]
 +
|Abhi M Balakrishnan
 +
|Focusing only on XSS
 +
|-
 +
| [https://github.com/CSPF-Founder/btslab/ btslab]
 +
| PHP
 +
|
 +
|
 +
| Includes flash-based xss, SSRF, and SSI
 
|-
 
|-
 
| [http://www.badstore.net/ BadStore]
 
| [http://www.badstore.net/ BadStore]
Line 13: Line 25:
 
|  
 
|  
 
|-
 
|-
| [http://code.google.com/p/bodgeit/ BodgeIt Store ]
+
| [http://code.google.com/p/bodgeit/ BodgeIt Store]
 
| Java
 
| Java
 
| [http://code.google.com/p/bodgeit/downloads/list download]
 
| [http://code.google.com/p/bodgeit/downloads/list download]
| Simon Bennetts
+
|  
|
+
|  
 
|-
 
|-
| [http://sechow.com/bricks/index.html Bricks ]
+
| [http://sechow.com/bricks/index.html Bricks]
 
| PHP
 
| PHP
 
| [http://sechow.com/bricks/download.html download] [http://sechow.com/bricks/docs/ docs]
 
| [http://sechow.com/bricks/download.html download] [http://sechow.com/bricks/docs/ docs]
Line 31: Line 43:
 
| Last updated in 2008
 
| Last updated in 2008
 
|-
 
|-
| [http://www.itsecgames.com/ bWAPP ]
+
| [http://www.itsecgames.com/ bWAPP]
 
| PHP
 
| PHP
 
| [http://sourceforge.net/projects/bwapp/files/ download] [http://itsecgames.blogspot.be/2013/01/bwapp-installation.html docs]
 
| [http://sourceforge.net/projects/bwapp/files/ download] [http://itsecgames.blogspot.be/2013/01/bwapp-installation.html docs]
Line 37: Line 49:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/fridaygoldsmith/bwa_cyclone_transfers Cyclone Transfers ]
+
| [https://github.com/fridaygoldsmith/bwa_cyclone_transfers Cyclone Transfers]
 
| Ruby on Rails
 
| Ruby on Rails
 
|  
 
|  
Line 43: Line 55:
 
|  
 
|  
 
|-
 
|-
| [http://www.dvwa.co.uk/ Damn Vulnerable Web Application - DVWA ]
+
| [https://github.com/quantumfoam/DVNA/ Damn Vulnerable Node Application - DVNA]
 +
| Node.js
 +
| [https://github.com/quantumfoam/DVNA/ download]
 +
| Claudio Lacayo
 +
|
 +
|-
 +
| [http://www.dvwa.co.uk/ Damn Vulnerable Web Application - DVWA]
 
| PHP
 
| PHP
 
| [http://code.google.com/p/dvwa/downloads/list download]
 
| [http://code.google.com/p/dvwa/downloads/list download]
Line 49: Line 67:
 
|  
 
|  
 
|-
 
|-
| [http://dvws.secureideas.net/ Damn Vulnerable Web Services - DVWS ]
+
| [http://dvws.secureideas.net/ Damn Vulnerable Web Service - DVWS]
 
| PHP
 
| PHP
 
| [http://dvws.secureideas.net/downloads/files/dvws.tgz download]
 
| [http://dvws.secureideas.net/downloads/files/dvws.tgz download]
| Secure Ideas
+
| Secure Ideas (depriciated?)
 +
|
 +
|-
 +
| [https://github.com/snoopysecurity/dvws Damn Vulnerable Web Services - DVWS]
 +
| PHP
 +
|
 +
| snoopysecurity
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/OWASP_Faux_Bank_Project  Faux Bank ]
+
| [https://github.com/secvulture/dvta Damn Vulnerable Thick Client App - DVTA]
| ASP
+
| C# .NET
| [https://github.com/thatcoderguy/OWASP-Faux-Bank-ClassicASP download]
+
|  
| OWASP
+
| secvulture
 
|  
 
|  
 
|-
 
|-
| [http://google-gruyere.appspot.com/ Gruyere ]
+
| [http://google-gruyere.appspot.com/ Gruyere]
 
| Python
 
| Python
 
| [http://google-gruyere.appspot.com/gruyere-code.zip download]
 
| [http://google-gruyere.appspot.com/gruyere-code.zip download]
Line 67: Line 91:
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project Hackademic Challenges Project ]
+
| [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project Hackademic Challenges Project]
 
| PHP
 
| PHP
| [https://github.com/Hackademic/hackademic download]
+
| [https://code.google.com/p/owasp-hackademic-challenges/ download]
 
| OWASP
 
| OWASP
 
|  
 
|  
 +
|-
 +
| [https://github.com/rapid7/hackazon Hackazon]
 +
|
 +
|
 +
| Rapid7
 +
| Has some REST and new-school web components.
 
|-
 
|-
 
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Hacme Bank - Android]
 
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Hacme Bank - Android]
Line 79: Line 109:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx Hacme Bank ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx Hacme Bank]
 
| .NET
 
| .NET
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx download]
Line 85: Line 115:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Books ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Books]
 
| Java
 
| Java
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx download]
Line 91: Line 121:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Casino ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Casino]
 
| Ruby on Rails
 
| Ruby on Rails
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx download]
Line 97: Line 127:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Shipping ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Shipping]
 
| ColdFusion
 
| ColdFusion
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx download]
Line 103: Line 133:
 
|  
 
|  
 
|-
 
|-
| [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Hacme Travel ]
+
| [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Hacme Travel]
 
| C++
 
| C++
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx download]
 
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx download]
Line 115: Line 145:
 
| First 2 levels online, rest offline
 
| First 2 levels online, rest offline
 
|-
 
|-
| [http://bkimminich.github.io/juice-shop Juice Shop ]
+
| [https://www.owasp.org/index.php/OWASP_Juice_Shop_Project Juice Shop]
| Node, Express, Angular
+
| Node/JS
| [https://github.com/bkimminich/juice-shop download] [https://registry.hub.docker.com/u/bkimminich/juice-shop docker image]
+
| [https://github.com/bkimminich/juice-shop download] [https://hub.docker.com/r/bkimminich/juice-shop/ docker] [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop guide]
| Björn Kimminich
+
| OWASP
 
|  
 
|  
 
|-
 
|-
Line 127: Line 157:
 
|  
 
|  
 
|-
 
|-
| [http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 Mutillidae ]
+
| [http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 Mutillidae]
 
| PHP
 
| PHP
 
| [http://www.irongeek.com/mutillidae/ download]
 
| [http://www.irongeek.com/mutillidae/ download]
Line 133: Line 163:
 
|  
 
|  
 
|-
 
|-
| [https://owasp.codeplex.com/ .NET Goat ]
+
| [https://github.com/jerryhoff/WebGoat.NET .NET Goat]
 
| C#
 
| C#
| [https://owasp.codeplex.com/SourceControl/list/changesets# download]
+
| [https://github.com/jerryhoff/WebGoat.NET git repository]
 
| OWASP
 
| OWASP
 
|  
 
|  
 
|-
 
|-
| [http://peruggia.sourceforge.net/ Peruggia ]
+
| [https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project NodeGoat]
 +
| Node.js
 +
| [https://github.com/OWASP/NodeGoat git repository]
 +
| OWASP
 +
|
 +
|-
 +
| [http://peruggia.sourceforge.net/ Peruggia]
 
| PHP
 
| PHP
 
| [http://sourceforge.net/projects/peruggia/files/ download]
 
| [http://sourceforge.net/projects/peruggia/files/ download]
Line 145: Line 181:
 
|  
 
|  
 
|-
 
|-
| [https://code.google.com/p/puzzlemall/ Puzzlemall ]
+
| [https://code.google.com/p/puzzlemall/ Puzzlemall]
 
| Java
 
| Java
 
| [https://code.google.com/p/puzzlemall/downloads/list download] [https://code.google.com/p/puzzlemall/downloads/list docs]
 
| [https://code.google.com/p/puzzlemall/downloads/list download] [https://code.google.com/p/puzzlemall/downloads/list docs]
Line 151: Line 187:
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project Rails Goat ]
+
| [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project Rails Goat]
 
| Ruby on Rails
 
| Ruby on Rails
 
| [https://github.com/OWASP/railsgoat/archive/master.zip download] [http://railsgoat.cktricky.com/getting_started.html docs]
 
| [https://github.com/OWASP/railsgoat/archive/master.zip download] [http://railsgoat.cktricky.com/getting_started.html docs]
Line 169: Line 205:
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/OWASP_Security_Shepherd#tab=Main Security Shepherd]
+
| [https://www.owasp.org/index.php/OWASP_Security_Shepherd Security Shepherd]
 
| Java
 
| Java
 
| [https://sourceforge.net/projects/owaspshepherd/ download]
 
| [https://sourceforge.net/projects/owaspshepherd/ download]
 
| OWASP
 
| OWASP
 
|  
 
|  
 +
|-
 +
| [https://github.com/sqlmapproject/testenv SQL injection test environment]
 +
| PHP
 +
|
 +
|
 +
| SQLmap Project
 
|-
 
|-
 
| [https://github.com/Audi-1/sqli-labs SQLI-labs]
 
| [https://github.com/Audi-1/sqli-labs SQLI-labs]
Line 181: Line 223:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/SpiderLabs/SQLol SQLol ]
+
| [https://github.com/SpiderLabs/SQLol SQLol]
 
| PHP
 
| PHP
 
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]
 
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]
Line 187: Line 229:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/sakti/twitterlike twitterlike ]
+
| [https://github.com/SpiderLabs/SQLol SQLol]
 +
| PHP
 +
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]
 +
|
 +
|
 +
|-
 +
| [https://github.com/sakti/twitterlike twitterlike]
 
| PHP
 
| PHP
 
| [https://github.com/sakti/twitterlike git repository]
 
| [https://github.com/sakti/twitterlike git repository]
Line 193: Line 241:
 
|  
 
|  
 
|-
 
|-
| [http://www.nth-dimension.org.uk/blog.php?id=88 VulnApp ]
+
| [http://www.nth-dimension.org.uk/blog.php?id=88 VulnApp]
 
| .NET
 
| .NET
 
| [http://projects.nth-dimension.org.uk/dir?d=VulnApp CVS download] [http://projects.nth-dimension.org.uk/rptview?rn=6 vulns]
 
| [http://projects.nth-dimension.org.uk/dir?d=VulnApp CVS download] [http://projects.nth-dimension.org.uk/rptview?rn=6 vulns]
|
 
|
 
|-
 
| [http://kanishkashowto.com/2014/06/30/vulnerawa-vulnerable-website/ Vulnerawa ]
 
|
 
| [http://sourceforge.net/projects/vulnerawa/ download]
 
 
|  
 
|  
 
|  
 
|  
Line 211: Line 253:
 
|  
 
|  
 
|-
 
|-
| [https://github.com/adamdoupe/WackoPicko WackoPicko ]
+
|[https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Application Vulnerable Web Application Project]
 +
|PHP
 +
|[https://github.com/OWASP/Vulnerable-Web-Application Github]
 +
|[https://github.com/hummingbirdscyber/ Hummingbirds Cyber Security Community]
 +
|
 +
|-
 +
| [https://github.com/adamdoupe/WackoPicko WackoPicko]
 
| PHP
 
| PHP
 
| [https://github.com/adamdoupe/WackoPicko/zipball/master download] [http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf whitepaper]
 
| [https://github.com/adamdoupe/WackoPicko/zipball/master download] [http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf whitepaper]
Line 217: Line 265:
 
|  
 
|  
 
|-
 
|-
| [https://code.google.com/p/wavsep/ Wavsep - Web Application Vulnerability Scanner Evaluation Project ]
+
| [https://github.com/sectooladdict/wavsep WAVSEP - Web Application Vulnerability Scanner Evaluation Project]
 
| Java
 
| Java
| [https://code.google.com/p/wavsep/downloads/list download] [https://code.google.com/p/wavsep/downloads/list docs]
+
| [https://sourceforge.net/projects/wavsep/ download (builds)] [https://code.google.com/p/wavsep/downloads/list download (old)] [https://github.com/sectooladdict/wavsep/wiki wiki]
|  
+
| Shay Chen
 
|  
 
|  
 
|-
 
|-
| [https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat ]
+
| [https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]
 
| Java
 
| Java
 
| [http://code.google.com/p/webgoat/downloads/list download] [https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents guide]
 
| [http://code.google.com/p/webgoat/downloads/list download] [https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents guide]
Line 229: Line 277:
 
|  
 
|  
 
|-
 
|-
| [https://owasp.codeplex.com/ WebGoat.NET]
+
| [https://www.owasp.org/index.php/WebGoatPHP WebGoatPHP]
| C#
+
| PHP
| [https://owasp.codeplex.com/SourceControl/list/changesets# download]
+
| [https://github.com/OWASP/OWASPWebGoatPHP download] [https://github.com/OWASP/OWASPWebGoatPHP/blob/master/README.md guide]
 
| OWASP
 
| OWASP
 
|  
 
|  
Line 239: Line 287:
 
| [http://www.webguvenligi.org/projeler/wivet download] [https://code.google.com/p/wivet/downloads/list?can=1&q= tests]
 
| [http://www.webguvenligi.org/projeler/wivet download] [https://code.google.com/p/wivet/downloads/list?can=1&q= tests]
 
|  
 
|  
 +
|
 +
|-
 +
| [https://github.com/s4n7h0/xvwa Xtreme Vulnerable Web Application (XVWA)]
 +
| PHP/MySQL
 +
| [https://github.com/s4n7h0/xvwa download]
 +
| @s4n7h0, @samanL33T
 
|  
 
|  
 
|-
 
|-
 
|}
 
|}

Latest revision as of 19:05, 26 November 2019

App Name / Link Technology Other links Author Notes
Alert Labs PHP demo download docs Abhi M Balakrishnan Focusing only on XSS
btslab PHP Includes flash-based xss, SSRF, and SSI
BadStore Perl(CGI)
BodgeIt Store Java download
Bricks PHP download docs OWASP
Butterfly Security Project PHP download Last updated in 2008
bWAPP PHP download docs
Cyclone Transfers Ruby on Rails
Damn Vulnerable Node Application - DVNA Node.js download Claudio Lacayo
Damn Vulnerable Web Application - DVWA PHP download RandomStorm
Damn Vulnerable Web Service - DVWS PHP download Secure Ideas (depriciated?)
Damn Vulnerable Web Services - DVWS PHP snoopysecurity
Damn Vulnerable Thick Client App - DVTA C# .NET secvulture
Gruyere Python download Google
Hackademic Challenges Project PHP download OWASP
Hackazon Rapid7 Has some REST and new-school web components.
Hacme Bank - Android McAfee / Foundstone
Hacme Bank .NET download McAfee / Foundstone
Hacme Books Java download McAfee / Foundstone
Hacme Casino Ruby on Rails download McAfee / Foundstone
Hacme Shipping ColdFusion download McAfee / Foundstone
Hacme Travel C++ download McAfee / Foundstone
hackxor First 2 levels online, rest offline
Juice Shop Node/JS download docker guide OWASP
LampSecurity PHP
Mutillidae PHP download
.NET Goat C# git repository OWASP
NodeGoat Node.js git repository OWASP
Peruggia PHP download
Puzzlemall Java download docs
Rails Goat Ruby on Rails download docs OWASP
SecuriBench Java Stanford
SecuriBench Micro Java download Stanford
Security Shepherd Java download OWASP
SQL injection test environment PHP SQLmap Project
SQLI-labs PHP download blog
SQLol PHP download
SQLol PHP download
twitterlike PHP git repository Sakti Dwi Cahyono
VulnApp .NET CVS download vulns
Vulnerable Web App Exploit.co.il
Vulnerable Web Application Project PHP Github Hummingbirds Cyber Security Community
WackoPicko PHP download whitepaper
WAVSEP - Web Application Vulnerability Scanner Evaluation Project Java download (builds) download (old) wiki Shay Chen
WebGoat Java download guide OWASP
WebGoatPHP PHP download guide OWASP
WIVET - Web Input Vector Extractor Teaser download tests
Xtreme Vulnerable Web Application (XVWA) PHP/MySQL download @s4n7h0, @samanL33T