awesome-vulnerable-apps
Interlace
| awesome-vulnerable-apps | Interlace | |
|---|---|---|
| 7 | 1 | |
| 846 | 1,172 | |
| - | - | |
| 4.5 | 0.0 | |
| 17 days ago | 6 days ago | |
| Python | ||
| Creative Commons Zero v1.0 Universal | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-vulnerable-apps
- The next step
-
Where to practice Owasp mobile top 10 vulnerabilities?-
As well as a whole list of vulnerable applications for different fields, including mobile of course: https://github.com/vavkamil/awesome-vulnerable-apps
-
Juice shop
OWAS PJuice Shop is awesome, you can find more apps for practice here https://github.com/vavkamil/awesome-vulnerable-apps/
-
Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
https://github.com/vavkamil/awesome-vulnerable-apps#owasp-to... :
> OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
And there's a book, an Open Source Official Companion Guide book titled "Pwning Juice Shop":
- How to practice hacking topics
- Need some resources
-
Does doing CTF help?
It depends on how the CTF is designed. I would suggest to rather try the "vulnerable by design" exercises which I'm collecting here https://github.com/vavkamil/awesome-vulnerable-apps
Interlace
-
Make-My-Threads
How is this different from interlace
What are some alternatives?
bounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
GRecon - Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against your scope.
awesome-ethical-hacking-resources - 😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
awesome-bugbounty-tools - A curated list of various bug bounty tools
pentest-everything - This is my penetration testing cheatsheet
Android-InsecureBankv2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
OSCP-BoF - This is a walkthrough about understanding the #BoF machine present in the #OSCP exam.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
graphw00f - graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.