WackoPicko Vulnerable Website Logo

WackoPicko Vulnerable Website

0
Free
Visit Website

WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners. WackoPicko is now included as an application in the OWASP Broken Web Applications Project which is a Virtual Machine with numerous intentionally vulnerable applications. For easy access, a Docker image has been created for WackoPicko, allowing users to run it with a simple command.

FEATURES

ALTERNATIVES

A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.

Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security

A fake Django admin login screen to detect and notify admins of attempted unauthorized access

IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.

Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.

A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.

A web-based tool for instrumenting and analyzing Android applications using Flask, Jinja, and Redis.

An insecure web application with multiple vulnerable web service components for learning real-world web service vulnerabilities.