DVWA
Damn Vulnerable Web Application (DVWA) (by ethicalhack3r)
vulnerable-AD
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab (by safebuffer)
| DVWA | vulnerable-AD | |
|---|---|---|
| 42 | 14 | |
| 13,236 | 2,275 | |
| 1.7% | 0.0% | |
| 7.7 | 0.0 | |
| 19 days ago | about 2 years ago | |
| PHP | PowerShell | |
| GNU General Public License v3.0 only | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DVWA
Posts with mentions or reviews of DVWA.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2026-04-07.
-
Why I built attack-chain correlation on top of Semgrep and Joern
docker compose up curl -X POST http://localhost:8080/api/scans \ -H "Content-Type: application/json" \ -d '{"repo_url": "https://github.com/digininja/DVWA"}'
-
Zero to Hacker: How I Built a Cybersecurity Lab Without Spending a Penny
📦 DVWA (Damn Vulnerable Web Application) Visit DVWA Simple and effective for learning web-based attacks (like XSS, CSRF, SQLi).
-
Cybersecurity Beginner's Guide: Build Your Own Vulnerable Lab in 5 Minutes (DVWA + More)
Step 2: Deploy DVWA (Damn Vulnerable Web App) DVWA is a classi learning platform containing common vulnerabilities like XSS, SQLi, CSRF, and file upload flaws. ✓Installation Steps:https://github.com/digininja/DVWA.git 1.Move DVWA into ServBay’s root directory (/Applications/ServBay/www/) Then modify the config.inc.php.dist file suffix to config.inc.php, and modify the database user name and password. Other configurations do not need to be changed.
- Build a Cyber Range in 5 Minutes: Unlock Your First Step to Becoming a Hacking Pro! (Save This Guide)
- Montando um laboratório de Pentest com um celular Android e Kali Linux
-
Setting up a pentest lab with an Android Phone and Kali Linux
For this tutorial, I'll be using my personal PC, running a virtualized instance of Kali Linux, and a Samsung Galaxy A23 with Termux installed to host the web application that we will attack. The Samsung Galaxy will run an Apache server that serves DVWA (Damn Vulnerable Web App), an application intentionally built with security flaws so we can practice pentesting in a realistic setting.
- DVWA: Test and Improve Your Web Security Skills with Damn Vulnerable Web App
-
If you're looking for resources pertaining to hands-on practical demonstrations of learned skills and tools/techniques, look no further.
There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop
-
[Question] Best practices and protecting ubuntu
I'd suggest you to download for example a VM of Damn Vulnerable Web Application (https://github.com/digininja/DVWA), learn and practice the attacks, and then try to protect the host from these attacks to prevent or limit access to the system.
-
Web penetration practice
I deployed a Damn Vulnerable Web Application (DVWA) for you, I DM'ed the url and creds. It's a controlled sandbox, intentionally vulnerable app for you to try out your hackerman skills. Go nuts, have fun dude.
vulnerable-AD
Posts with mentions or reviews of vulnerable-AD.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-09.
-
Student 1 Year out from Grad overwhelmed
At one he also mentions Vulnerable-AD, which might be helpful when learning how to identify and respond to AD attacks. This might give you an idea of what other areas/components to focus on with your projects. Good luck!
-
Active Directory Security Tools
VulnerableAD - perfect for creating a vulnerable AD environment - https://github.com/WazeHell/vulnerable-AD
- Failed with 60 points (with Lab report) in first attempt
- Virtual AD environmnet to play with Bloodhound
-
Vulnerable Machines
This is a pretty cool project: https://github.com/WazeHell/vulnerable-AD
-
Test in one month, kinda gave up but also don't want to skip the test nor do I want to completely bomb. I want to at least try, what are some good resources that are either cheaper/free to prepare?
https://github.com/WazeHell/vulnerable-AD for active directory 4 days.
- Can you recommend good active directory labs?
- Need resources for BO and AD study
-
Vulnerable Active Directory Domain Controller for you to attack! Easy, with tools loaded
I created a vulnerable domain controller. I used wazehell's powershell script, so you can do all kinds of attacks.
-
[HELP] :: AD LAB SETUP
I setup automated Chris Longs Detection Lab, to quickly spin up AD environment, AND i took WazeHell's Vulnerable-ad scripts to make the lab vulnerable to all kinds of attacks. Easy and effective lab with a domain controller, 2 servers and a windows 10 client.
What are some alternatives?
When comparing DVWA and vulnerable-AD you can also consider the following projects:
WebGoat - WebGoat is a deliberately insecure application
GOAD - game of active directory
Vulnerable-Web-Application - OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
ADLab - Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.
mutillidae - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
Testimo - Testimo is a PowerShell module for running health checks for Active Directory against a bunch of different tests