Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Best hands-on lab for learning the fundamentals of cybersecurity and penetration testing workflows also packaged as Docker containers for fast, safe setup.

Sample vulnerable code and its exploit code

Damn Vulnerable Java (EE) Application

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

VyAPI - A cloud based vulnerable hybrid Android App

Conviso Vulnerable Web Application is the OSS project from the Conviso Application Security for the community. The project represents a vulnerable web application to practice security testing and improve your learning in AppSec..

gRPC Goat is a "Vulnerable by Design" lab created to provide an interactive, hands-on playground for learning and practicing gRPC security.

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

📧 [Research] E-Mail Injection: Vulnerable applications

OWASP Foundation Web Respository

An intentionally vulnerable AI chatbot to learn and practice AI Security.

This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you

File Content Disclosure on Rails Test Case - CVE-2019-5418

Several snippets of vulnerable code in different programming languages.

IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.

Another vulnerable application for practicing web penetration testing.

Deliberately vulnerable REST API for OWASP Top 10 (2023) security testing and learning.

Sample Spring API for testing

Sistema de notas propositalmente vulnerável para educação em segurança cibernética e testes de penetração - contém 12+ vulnerabilidades web intencionais (SQL Injection, XSS, Path Traversal, Command Injection, etc.)