awesome-vulnerable-apps
bounty-targets-data
awesome-vulnerable-apps | bounty-targets-data | |
---|---|---|
7 | 1 | |
846 | 2,985 | |
- | - | |
4.5 | 0.0 | |
17 days ago | 6 days ago | |
Creative Commons Zero v1.0 Universal | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-vulnerable-apps
- The next step
-
Where to practice Owasp mobile top 10 vulnerabilities?-
As well as a whole list of vulnerable applications for different fields, including mobile of course: https://github.com/vavkamil/awesome-vulnerable-apps
-
Juice shop
OWAS PJuice Shop is awesome, you can find more apps for practice here https://github.com/vavkamil/awesome-vulnerable-apps/
-
Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
https://github.com/vavkamil/awesome-vulnerable-apps#owasp-to... :
> OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
And there's a book, an Open Source Official Companion Guide book titled "Pwning Juice Shop":
- How to practice hacking topics
- Need some resources
-
Does doing CTF help?
It depends on how the CTF is designed. I would suggest to rather try the "vulnerable by design" exercises which I'm collecting here https://github.com/vavkamil/awesome-vulnerable-apps
bounty-targets-data
-
Mass testing for bugs
There's also this to have a look at.
What are some alternatives?
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
ssti-payloads - 🎯 Server Side Template Injection Payloads
awesome-ethical-hacking-resources - 😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
qubes-issues - The Qubes OS Project issue tracker
awesome-bugbounty-tools - A curated list of various bug bounty tools
dora - Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Interlace - Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
jsprit - jsprit is a java based, open source toolkit for solving rich vehicle routing problems
Android-InsecureBankv2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
discord-bugs-exploits - A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Galaxy-Bugbounty-Checklist - Tips and Tutorials for Bug Bounty and also Penetration Tests.