Search Results for "vulnerable pentesting lab"
Sort By:
Showing 16 open source projects for "vulnerable pentesting lab"
View related business solutions-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
Build Securely on AWS with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
1
Hullu Vulnerable System
Pentesting OVA, suits VMware or VirtualBox
Hullu is a custom-built lightweight offensive security training VM based on Alpine Linux. It's intended for educational use, penetration testing practice, and Capture The Flag (CTF)-style scenarios in isolated virtual lab environments. Pre-installed Tools and Services: + Web Stack: - Python3 + Flask - Apache2 with HTTPS - PHP + MySQL (MariaDB) - phpMyAdmin - FlaskVA (Python-based vulnerable app) https://github.com/kaledaljebur/FlaskVA - DVWA (PHP-based vulnerable app) https://github.com/digininja/DVWA + Protocols Simulated: - HTTP / HTTPS - SSH / SFTP - SMB (under constructions) - DNS (under constructions) - FTP / FTPS (under constructions) + In FlaskVA (Python-based): - SQL Injection - Command Injection - File Upload (with SUID exploit vector) - XSS - SSRF - IDOR This is the first version of Hullu, more details are coming. ... -
2
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" Will also run on the ProxMox server to understand how to do it pls refer to the doc in the zip named "Cybersecurity Lab Deployment on Proxmox" The default login and password is administrator: password. ...
-
3
GOAD (Game of Active Directory)
game of active directory
GOAD (Gather Open Attack Data) is a security reconnaissance framework for collecting, enriching, and visualizing open-source intelligence (OSINT) around hosts, domains, and certificates. It automates queries to certificate transparency logs, passive DNS, subdomain enumeration, web endpoints, and other public threat feeds. The tool aggregates results into structured formats and can produce interactive graphs to highlight relationships between entities (e.g. domain → IP → cert → ASN). Analysts... -
4
Splunk Attack Range
A tool that allows you to create vulnerable environments
The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
5
Suricata Anti-DDoS Lab
Suricata VMware VM dor IDS practicing
Suricata Anti-DDoS Security Lab (Debian 13 VMware Virtual Machine): Preconfigured VMware virtual machine for educational network security monitoring and intrusion detection using Suricata. Designed for hands-on IDS and SOC-style training in a controlled lab environment. Includes the following integrated services: + Suricata – network intrusion detection and traffic inspection + EveBox – alert visualisation and event analysis + DVWA – vulnerable web application for traffic generation and testing + phpMyAdmin – database management and inspection Default setup demonstrates DDoS-related detection scenarios, but the lab is fully customisable for other network-based attacks. ... -
6
vulnerable-AD
Create a vulnerable active directory
...The project can create user objects with default or weak passwords, inject passwords into object descriptions, disable SMB signing, and manipulate ACLs to reproduce real-world privilege escalation and persistence scenarios. A convenience wrapper and examples make it straightforward to deploy in a local lab: you can install AD services, run the script on a domain controller, and generate hundreds of vulnerable accounts and conditions for testing. The repository emphasizes full coverage of the listed attack types and includes options to randomize which weakness -
7
VPLE
Vulnerable Pentesting Lab Environment
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" The default login and password is administrator: password. -
8
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server.
-
9
...Use this link to download: https://github.com/sh4hin/Androl4b Tools: APKStudio ByteCodeViewer Lobotomy Mobile Security Framework (MobSF) DroidBox Dorzer APKtool AndroidStudio ClassyShark BurpSuite Wireshark Smartphone Pentest Framework (SPF) Metasploit Labs: Damn Insecure and vulnerable App for Android(DIVA) InsecureBankv2 https://github.com/sh4hin/Androl4b The tools directory contains tools and frameworks. Labs are in Lab directory. username : andro password : androlab
-
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
Java Vulnerable Lab - Pentesting Lab
a deliberately vulnerable Web application
This is Vulnerable Web Application developed for course by Cyber Security and Privacy Foundation (www.cysecurity.org) for Java programmers The full course on Hacking and Securing Web Java Programs is available in https://www.udemy.com/hacking-securing-java-web-programming/ WAR file: ---------- https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download Virtualbox VM... -
11
BTS Pentesting Lab
BTS Pentesting Lab - a deliberately vulnerable Web application
BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities. Currently, the app contains the following types of vulnerabilities: *SQL Injection *XSS(includes Flash Based xss) *CSRF *Clickjacking *SSRF *File Inclusion * Code Execution *Insecure Direct Object Reference *Unrestricted File Upload vulnerability *Open URL Redirection *Server Side Includes(SSI) Injection and more... ... -
12
Web Pentesting Environment
Vulnerable Virtual Machine to Learn
WPE aims to help the beginners Web Penetration Testing to develop their skills * Web pentesting Enviromint :-: user:"ahmad.ninja" pass:"hacking15.org" 1. Environment to simulate the real live app (webs & mobile) but it focused on "web app". 2. This is the half of our project the other one will be on YouTube as "Video Tutorials" Which aim to help you to start your Pentesting career or develop it 3. The videos will be in English but articles will be written in Arabic 4. For instant... -
13
hNix OS
A vulnerable lab for IT Security professionals & students
A vulnerable toolkit & lab for IT Security Professionals, Hackers and Students. This is a Linux based Operating System & has been developed for those concerned with IT Security. Contains various software, exploits and is vulnerable to attacks. This project is a fork of the project MyLab@Home developed by Huzaib Shafi (http://www.shafihuzaib.com) -
14
Revenssis Ethical Hacking Suite
Fully featured network, wireless and web app pentesting suite.
Nicknamed as the "Smartphone Version of Backtrack", Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode & Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat... etc). All these fitting in an application approx. 10MB (post installation). -
15
SkunxTools
WebApp Pentest Tool
This is an Alpha version of what is to become an all in one tool for pentesting of web applications. In its current phase it currently scans google dorks and tests for sql vulnerabilities. Once urls are harvested from google dorks they are saved to a log file for future reference. One a sql check is run, the vulnerable URLs are saved to a seperate log file. View the readme in /docs for more information. -
16
Damn Vulnerable Windows (DVW) is a training and educational tool for IT security researchers and students. It aims to provide an insecure suite of Microsoft Windows platform packages with known security vulnerabilities which may be exploited in a lab
- Previous
- You're on page 1
- Next
