Explore 16 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
Deliberately vulnerable web application for security professionals to practice attack techniques.
Deliberately vulnerable web application for security professionals to practice attack techniques.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.
DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
Vulnerable web application for beginners in penetration testing.
Vulnerable web application for beginners in penetration testing.