Search Results for "xxe vulnerable application"

Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language.

XSRFProbe is an advanced security auditing toolkit designed to detect and analyze Cross Site Request Forgery (CSRF/XSRF) vulnerabilities in web applications. It uses an automated crawling engine that continuously scans a target application, collects forms and endpoints, and evaluates them for potential CSRF weaknesses. XSRFProbe performs numerous systematic checks to determine whether a web endpoint is vulnerable, including inspection of anti-CSRF tokens, cookie validation behavior, and request forgery scenarios. It also analyzes the strength and randomness of security tokens using algorithms such as entropy calculations to determine whether tokens can be predicted or forged. ...

A deliberately vulnerable Node.js application designed for security training, helping developers understand common web vulnerabilities and how to mitigate them.

Firing Range is an intentionally vulnerable web application designed to evaluate the real-world effectiveness of web security scanners and training exercises. Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed content problems. ...

Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server.

Flashbang is an open-source Flash-security helper tool designed to extract and display flashVars from a SWF that is “naked” (i.e. not wrapped in a bigger application) so that security testers can begin analysis (e.g. for XSS or other vectors) without decompiling the whole SWF. It is built atop Mozilla’s Shumway project. It works in modern browsers via HTML/JS, can also be run locally, and does not upload SWFs to servers (processing stays local). It is still considered alpha quality. Clone...

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific...

Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.