This note contains the vulnerability apps to improve your skill on penetration testing and hacking
- Web Application
- Mobile Applicaton
- Thick Client
- OS and Hardware
- Cyber Physical System
- Cloud Infrastructure
- Cryptocurrency and Blockchain
- Vulnerability as a Service
- Damn Vulnerable Web Application (DVWA)
- Buggy Web Application (bWAPP)
- JuiceShop
- Multilidae II
- Damn Vulnerable WordPress Site (DVWPS)
- Damn Small Vulnerable Web (DSVW)
- WebGoat
- WebGoat.NET
- Peruggia
- PuzzleMail
- Bricks
- Damn Vulnerable Web-Socket (DVWS)
- Damn Vulnerable Node.JS Application (DVNA)
- Damn Vulnerable Python Web App (DVPWA)
- Damn Vulnerable Rails App (DVRA)
- NodeGoat (WebGoat + NodeJS)
- RailsGoat (WebGoat + Ruby & Rails)
- OWASP - SecurityShepherd
- Damn Vulnerable Web Service (DVWS)
- Tiredful API
- Python Vulnerable API
- Websheep
- Damn Vulnerable C# API (DVCsharp-API)
- GraphQL security 101
- Damn Insecure and Vulnerable App (DIVA)
- OWASP MSTG Hacking Playground
- Damn Vulnerable Android App (DVAA)
- Damn Vulnerable FirefoxOS Application (DVFA)
- ExploitMe Mobile Android Labs
- Hacme Bank Android
- InsecureBank
- NcN Wargame
- OWASP Goatdroid
- Damn Vulnerable iOS App (DVIA)
- Damn VUlnerable iOS App + Swift (DVIA-v2)
- OWASP MSTG Hacking Playground
- ExploitMe Mobile iPhone Labs
- OWASP iGoat
- Damn Vulnerable Device Driver (DVDD)
- Damn Vulnerable IoT Device (DVID)
- Damn Vulnerable Router Firmware (DVRF)
- Damn Vulnerable Raspberry Pi (Sticky Fingers DV-PI)
- Damn Vulnerable Cloud Application (DVCA)
- CloudGoat
- Damn Vulnerable Function as a Service (DVFaaS)
- Damn Vulnerable Serverless Application (DVSA)
- Damn Vulnerable Crypto Wallet (DVCW)
- Damn Vulnerable Wallet App (DVWA)
- Damn Vulnerable Block Chain (DVBA)
- Heartbleed - cve-2014-0160 docker
- SambaCry - cve-2017-7494 docker
- Shellshock - cve-2014-6271 docker