N7WEra / PublicVulnerableMachines Public

Notifications You must be signed in to change notification settings
Fork 6
Star 30

Publicly availalbe vulnarble by desgin vm/machines

30 stars 6 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 36 Commits
README.md		README.md

Repository files navigation

Cool things that are vulnerable by design

I will gather here all the machines that I found online (excluding machines on HTB, VulnHub and etc) that are vulnerable by design for training purposes.

Credit to H4x0r101 for the inital list: https://medium.com/@h4x0r101/damn-vulnerable-applications-c4e286832147

Web Applications

Web Application: https://github.com/ethicalhack3r/DVWA

Web Applications: https://github.com/s4n7h0/xvwa

Word Press: https://github.com/vianasw/dvwps

Node JS: https://github.com/appsecco/dvna

Web Sockets: https://hub.docker.com/r/tssoffsec/dvws/

Python: https://github.com/anxolerd/dvpwa

Multiple vulnerable webapps: https://www.vulnhub.com/entry/lab26-11%2C190/

OWASP Juice Shop: https://github.com/bkimminich/juice-shop

Ruby: https://github.com/cktricky/railsgoat

Lesser Known Web Attack Lab: https://github.com/weev3/LKWA

over 50+ examples of vulnerabilities and guides for specific attacks: https://github.com/blabla1337/skf-labs

NotSoCereal-Lab: A Deserialization exploit playground: https://github.com/NotSoSecure/NotSoCereal-Lab

Web Service Applications

Web Service: https://github.com/snoopysecurity/dvws

API: https://github.com/payatu/Tiredful-API/

API: https://github.com/OWASP/crAPI

websheep - API: https://github.com/marmicode/websheep

SSO: https://github.com/0xbharath/vulnerable-sso

Hadoop: https://github.com/wavestone-cdt/hadoop-attack-library/tree/master/Tools%20Techniques%20and%20Procedures/Setting%20up%20an%20Hadoop%20attack%20environment

GraphQL: https://github.com/david3107/graphql-security-labs

Ouath2: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications

Source Code

Source Code: https://github.com/h4x0r101/Damn-Vulnerable-Source-Code

Damn Vulnerable C Program : https://github.com/hardik05/Damn_Vulnerable_C_Program

Terraform : https://github.com/bridgecrewio/terragoat

Thick Client

Thick Client Application: https://github.com/secvulture/dvta

Java EE: https://github.com/appsecco/dvja

NetSPI BetaFast: https://github.com/NetSPI/BetaFast

Mobile Application

iOS Swift: https://github.com/prateek147/DVIA-v2

iOS: https://github.com/prateek147/DVIA

Android: https://github.com/payatu/diva-android

Android: https://hakin9.org/evabs-extremely-vulnerable-android-labs/

Hybrid Mobile Application: https://github.com/logicalhacking/DVHMA

iOS CTF: https://ivrodriguez.com/mobile-ctf/

iOS iGoat: https://github.com/OWASP/igoat

Crypto & Block Chain

Crypto Wallet : https://gitlab.com/badbounty/dvcw

Wallet : https://github.com/genecyber/Damn-Vulnerable-Wallet-App

Block Chain : https://github.com/subashsn/dvba

Cryptoomg: https://github.com/SpiderLabs/CryptOMG/blob/master/README.txt

OS Related

Linux : https://www.vulnhub.com/series/damn-vulnerable-linux-dvl,1/

Linux PrivEsc : https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/

Windows : https://sourceforge.net/projects/dawn-vulnerability-windows/

Device Driver : https://github.com/pwk4m1/Damn_Vulnerable_Device_Driver

Breakout: https://github.com/FuzzySecurity/DefCon24

Memory

MemLabs: https://github.com/stuxnet999/MemLabs/blob/master/README.md

Cloud Infrastructure

Cloud Application: https://github.com/m6a-UdS/dvca

Cloud App (AWS): https://github.com/RhinoSecurityLabs/cloudgoat

Function-as-a-service (AWS Lambda): https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service

Serverless Application: https://github.com/OWASP/DVSA

Kubernetes: https://www.bustakube.com/

Kubernetes Goat: https://github.com/madhuakula/kubernetes-goat

CloudGoat 2 (AWS): https://github.com/RhinoSecurityLabs/cloudgoat

GCP Goat: https://gcpgoat.joshuajebaraj.com/about.html

Azure WebGoat: https://github.com/XMCyber/XMGoat

CI/CD-Goat : https://github.com/cider-security-research/cicd-goat

AWSGoat : https://github.com/ine-labs/AWSGoat

AzureGoat :https://github.com/ine-labs/AzureGoat

IoT and Hardware

IoT: https://github.com/Vulcainreo/DVID

Router: https://github.com/praetorian-code/DVRF

Safe: https://insinuator.net/2016/01/damn-vulnerable-safe/

ICS: https://github.com/ITI/ICS-Security-Tools/tree/master/tools/simulation

SCADA: https://www.slideshare.net/phdays/damn-vulnerable-chemical-process

PI: https://whitedome.com.au/re4son/sticky-fingers-dv-pi/

PI2: http://raspwn.org/

SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network

VoIP: https://www.vulnhub.com/entry/hacklab-vulnvoip,40/

WiFi: https://github.com/sensepost/shinai-fi

WiFi2: http://solstice.sh/workshops/advanced-wireless-attacks/

Bluetoothh: https://github.com/hackgnar/ble_ctf/blob/master/README.md

Cracking passwords

in.security: https://in.security/password-cracking-ctf/

Other

https://www.amanhardikar.com/mindmaps/Practice.html

https://github.com/WazeHell/vulnerable-AD

About

Publicly availalbe vulnarble by desgin vm/machines

Report repository

Releases

No releases published

Packages

No packages published