Educational
Explore 104 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
An online cybersecurity education platform offering structured learning paths, hands-on labs, and certification preparation for individuals and organizations.
An online cybersecurity education platform offering structured learning paths, hands-on labs, and certification preparation for individuals and organizations.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.
The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.
The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
An educational cybersecurity knowledge repository that compiles and presents hacking and cybersecurity information in an accessible format for learning purposes.
An educational cybersecurity knowledge repository that compiles and presents hacking and cybersecurity information in an accessible format for learning purposes.
An educational repository providing structured lab materials and scripts for learning container technologies and their internal mechanisms.
An educational repository providing structured lab materials and scripts for learning container technologies and their internal mechanisms.
mkCTF is a framework for creating and managing jeopardy-style CTF challenges with configurable structure and automated deployment capabilities.
mkCTF is a framework for creating and managing jeopardy-style CTF challenges with configurable structure and automated deployment capabilities.
An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.
An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
A lightweight CTF platform with simple setup and difficulty-based scoring that removes timezone advantages from competitions.
A lightweight CTF platform with simple setup and difficulty-based scoring that removes timezone advantages from competitions.
WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.
WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
Educational resource collection providing learning materials and online tools for understanding AT&T assembly language and x86 assembly programming.
Educational resource collection providing learning materials and online tools for understanding AT&T assembly language and x86 assembly programming.
A security dataset and CTF platform available in full (16.4GB) and attack-only (3.2GB) versions, pre-indexed for Splunk to help security professionals practice analysis skills.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
A Node.js CLI tool that automates the setup of CTF events using OWASP Juice Shop challenges across multiple CTF frameworks.
A Node.js CLI tool that automates the setup of CTF events using OWASP Juice Shop challenges across multiple CTF frameworks.
A web-based tool that scrapes and organizes CTF writeups from ctftime.org with prioritization features and a local database for easy access.
A web-based tool that scrapes and organizes CTF writeups from ctftime.org with prioritization features and a local database for easy access.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.
An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A collection of hands-on workshops and educational content focused on AWS security services, techniques, and best practices through practical scenarios.
A collection of hands-on workshops and educational content focused on AWS security services, techniques, and best practices through practical scenarios.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
A lightweight CTF platform inspired by motherfuckingwebsite.com that provides simple hosting capabilities for cybersecurity competitions with equal-point scoring and minimal setup requirements.
A lightweight CTF platform inspired by motherfuckingwebsite.com that provides simple hosting capabilities for cybersecurity competitions with equal-point scoring and minimal setup requirements.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
MiniCPS is a framework for real-time Cyber-Physical Systems simulation that supports physical process and control device simulation along with network emulation capabilities.
MiniCPS is a framework for real-time Cyber-Physical Systems simulation that supports physical process and control device simulation along with network emulation capabilities.
OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.
OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A collection of CTF writeups from various competitions including picoCTF, GLUG, TUCTF, and HackTheBox challenges, providing detailed solutions and explanations for cybersecurity competition problems.
A collection of CTF writeups from various competitions including picoCTF, GLUG, TUCTF, and HackTheBox challenges, providing detailed solutions and explanations for cybersecurity competition problems.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
SecGen is an open-source framework that automatically generates vulnerable virtual machines and hacking challenges for cybersecurity education and penetration testing training.
SecGen is an open-source framework that automatically generates vulnerable virtual machines and hacking challenges for cybersecurity education and penetration testing training.
An educational project that teaches data analysis techniques for cybersecurity applications using Python tools like IPython, Pandas, and Scikit Learn through practical exercises and realistic scenarios.
An educational project that teaches data analysis techniques for cybersecurity applications using Python tools like IPython, Pandas, and Scikit Learn through practical exercises and realistic scenarios.
A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.
A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
An open-source introductory book about cryptography that provides educational content on fundamental cryptographic concepts and principles.
An open-source introductory book about cryptography that provides educational content on fundamental cryptographic concepts and principles.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A community-maintained archive of CTF write-ups and source files from cybersecurity competitions held in 2013.
A community-maintained archive of CTF write-ups and source files from cybersecurity competitions held in 2013.
A collection of command reference cheatsheets for penetration testing tools and security utilities, designed to help security professionals quickly recall important but infrequently used commands.
A collection of command reference cheatsheets for penetration testing tools and security utilities, designed to help security professionals quickly recall important but infrequently used commands.
A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.
A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.
FBCTF is a platform for hosting Jeopardy and King of the Hill style Capture the Flag competitions with support for various scales and participation models.
FBCTF is a platform for hosting Jeopardy and King of the Hill style Capture the Flag competitions with support for various scales and participation models.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
A collection of CTF challenge write-ups and solutions from the SababaSec cybersecurity team covering competitions from 2019 to 2022.
A collection of CTF challenge write-ups and solutions from the SababaSec cybersecurity team covering competitions from 2019 to 2022.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
A practical security handbook for .NET developers covering essential security controls, cryptographic functions, and secure coding practices.
A practical security handbook for .NET developers covering essential security controls, cryptographic functions, and secure coding practices.
A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.
A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.
A collaborative repository containing CTF competition write-ups and source files from 2016, providing accessible solutions and educational resources for cybersecurity challenges.
A collaborative repository containing CTF competition write-ups and source files from 2016, providing accessible solutions and educational resources for cybersecurity challenges.
A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.
A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.
A centralized repository containing CTF source files and write-ups from 2015 competitions, providing accessible documentation and solutions for cybersecurity challenges.
A centralized repository containing CTF source files and write-ups from 2015 competitions, providing accessible documentation and solutions for cybersecurity challenges.
HackTheArch is an open-source Ruby on Rails-based scoring server platform designed for hosting and managing Cyber Capture the Flag competitions with web-based problem management and hint systems.
A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.
A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A nodejs web application honeypot designed for small environments like Raspberry Pi to capture and analyze malicious web-based attacks.
CTFd is a web-based framework for creating and managing Capture The Flag cybersecurity competitions with customizable challenges, scoring systems, and team management capabilities.
CTFd is a web-based framework for creating and managing Capture The Flag cybersecurity competitions with customizable challenges, scoring systems, and team management capabilities.
A hands-on cybersecurity laboratory environment for Gray Hat Hacking Chapter 29 that creates virtualized Docker and Kali Linux machines using Terraform for practical security training exercises.
A hands-on cybersecurity laboratory environment for Gray Hat Hacking Chapter 29 that creates virtualized Docker and Kali Linux machines using Terraform for practical security training exercises.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.
A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
secrepo.com is a curated repository providing access to various cybersecurity datasets including Snort logs, LANL datasets, and other security research data for analysis and testing purposes.
A categorized collection of bug bounty write-ups that documents real-world vulnerability discoveries and exploitation techniques across various security flaw types.
A categorized collection of bug bounty write-ups that documents real-world vulnerability discoveries and exploitation techniques across various security flaw types.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
A repository containing writeups and solutions from various Capture The Flag cybersecurity competitions spanning from 2015 to 2021.
A repository containing writeups and solutions from various Capture The Flag cybersecurity competitions spanning from 2015 to 2021.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
A collection of detailed CTF challenge writeups organized by category, providing explanations of problems and their solutions for educational purposes.
A collection of detailed CTF challenge writeups organized by category, providing explanations of problems and their solutions for educational purposes.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
A community-maintained glossary that defines and explains cybersecurity acronyms and terminology to help users understand security concepts beyond buzzwords.
A community-maintained glossary that defines and explains cybersecurity acronyms and terminology to help users understand security concepts beyond buzzwords.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.
A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
Teaching Security provides educational resources and lessons for teaching cybersecurity concepts to high school students.
Teaching Security provides educational resources and lessons for teaching cybersecurity concepts to high school students.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.