Search Results for "vulnerable machine"
Sort By:
Showing 26 open source projects for "vulnerable machine"
View related business solutions-
Run applications fast and securely in a fully managed environmentRun frontend and backend services, batch jobs, deploy websites and applications, and queue processing workloads without the need to manage infrastructure.
-
MicroStation by Bentley Systems is the trusted computer-aided design (CAD) software built specifically for infrastructure design.MicroStation is the only computer-aided design software for infrastructure design, helping architects and engineers like you bring their vision to life, present their designs to their clients, and deliver their projects to the community.
-
1
DVWA
PHP/MySQL web application
...Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode. -
2
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" Will also run on the ProxMox server to understand how to do it pls refer to the doc in the zip named "Cybersecurity Lab Deployment on Proxmox" The default login and password is administrator: password. ...
-
3
Suricata Anti-DDoS Lab
Suricata VMware VM dor IDS practicing
Suricata Anti-DDoS Security Lab (Debian 13 VMware Virtual Machine): Preconfigured VMware virtual machine for educational network security monitoring and intrusion detection using Suricata. Designed for hands-on IDS and SOC-style training in a controlled lab environment. Includes the following integrated services: + Suricata – network intrusion detection and traffic inspection + EveBox – alert visualisation and event analysis + DVWA – vulnerable web application for traffic generation and testing + phpMyAdmin – database management and inspection Default setup demonstrates DDoS-related detection scenarios, but the lab is fully customisable for other network-based attacks. ... -
4
paramspider
Mine parameterized URLs from web archives for security testing
...These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance. -
Securden Privileged Account ManagerDiscover and manage administrator, service, and web app passwords, keys, and identities. Automate management with approval workflows. Centrally control, audit, monitor, and record all access to critical IT assets.
-
5
An intentionally designed vulnerable machine 'boot2root' challenge for beginners. Setup You will need Virtual Box or VMWare Player to import the OVA file included in this repository. I have tested this using Windows 10 and VirtualBox version 7. 1. Set the network adapter to host-only or bridge mode, so that you can launch the virtual machine. 2.
-
6
Slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP
Slipstream (also referred to as “NAT Slipstreaming”) is a proof-of-concept exploit framework that allows an attacker to remotely access any TCP or UDP service running on a victim machine inside a NAT (behind a router/firewall) simply by tricking the target to visit a malicious website. It works by abusing the NAT’s Application Level Gateway (ALG) logic and connection tracking, combined with browser capabilities like WebRTC, precise packet fragmentation or boundary control, and packet... -
7
Log4jScanner
A log4j vulnerability filesystem scanner and Go package
...Clear, machine-readable output allows the tool to plug into CI/CD checks and fleet-wide inventory jobs. For responders, it reduces time-to-visibility by surfacing exactly which paths and bundles require patching or remediation. It’s a pragmatic addition to defense-in-depth programs that need verifiable evidence of exposure without deploying agents. -
8
waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
...By leveraging archived data, waybackurls helps identify hidden attack surfaces, legacy APIs, and forgotten resources that could be vulnerable. Its design is intentionally simple and efficient, focusing on delivering large volumes of URLs quickly with minimal configuration. The output can be combined with other tools for further analysis, such as filtering parameters or probing endpoints. -
9
Metasploitable2-gohack
Customized Metasploitable2 VM for Beginners
This customized version of the open source Metasploitable2 virtual machine is specially modified to make it more user-friendly for beginners and K-12 hacking camps under the GenCyber program and similar middle- and high-school ethical hacking programs. This version was developed by Bryson Payne and is used in the book "Go H*ck Yourself" (Go Hack Yourself), by No Starch Press. Most of the changes are to DVWA, relabeled "Darn Vulnerable Web App" for the K-12 audience. ... -
Get full visibility and control over your tasks and projects with Wrike.Wrike offers world-class features that empower cross-functional, distributed, or growing teams take their projects from the initial request stage all the way to tracking work progress and reporting results.
-
10
VPLE
Vulnerable Pentesting Lab Environment
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" The default login and password is administrator: password. -
11
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible... -
12
Metasploitable
Metasploitable is an intentionally vulnerable Linux virtual machine
This is Metasploitable2 (Linux) Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin. Never expose this VM to an untrusted network (use NAT or Host-only mode if you have any questions what that means). To contact the developers, please send email to msfdev@metasploit.com -
13
LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
-
14
Vulnerable Operating Systems
deliberately vulnerable operating systems
VulnOS are a series of deliberately vulnerable operating systems packed as virtual machines to teach Offensive IT Security and to enhance penetration testing skills. For educational purposes! -
15
Androl4b AndroL4b is an android security virtual machine based on ubuntu Mate, includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis. Use this link to download: https://github.com/sh4hin/Androl4b Tools: APKStudio ByteCodeViewer Lobotomy Mobile Security Framework (MobSF) DroidBox Dorzer APKtool AndroidStudio ClassyShark BurpSuite Wireshark Smartphone Pentest Framework (SPF) Metasploit Labs: Damn Insecure and vulnerable App for Android(DIVA) InsecureBankv2 https://github.com/sh4hin/Androl4b The tools directory contains tools and frameworks. ...
-
16
VulnerableHero
Vulnerable Application for Education Purposes Only
OVA file with ready to go vulnerable application. This application contains a variety of security issues and should only be run in a safe environment. For education purposes only. Enjoy! Virtual Machine Login Creds: user: vhero pass: vhero Code on github: https://github.com/JakeBernier/VHero -
17
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
-
18
Java Remote Terminal
A web browser based terminal for Unix
This is a Java based web application can be deployed in any Servlet container. Once the web application is deployed in the target servlet container, a web browser can be used to issue various Unix commands to the remote machine. This can be used as simple administration tool or this even can be used as an attacking tool in a vulnerable application server. -
19
ODS3 Virtual Machine Challenge
Virtual Machine Image To Test Penetration Skills
The ODS3 Virtual Machine Challenge are downloadable images that can be run as VMWare or VirtualBox instances. The Idea behind the challenge is to test and exercise web application penetration testing in a controlled environment. These images are great for cyber security students, penetration testers and hobbyist. Care should be taken if installed on an Internet access host as the application are purposely vulnerable to attack and exploitation. -
20
xxe
Intentionally vulnerable web services exploitable with XXE
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located. This zipped Ubuntu VM is set up as a Capture the Flag with those that successfully exploit the XXE vulnerability... -
21
smurfedBTR1
this is a root to boot vmware vulnerable images
the goal is to get the flag in the root directory. /root/ -
22
Web Pentesting Environment
Vulnerable Virtual Machine to Learn
WPE aims to help the beginners Web Penetration Testing to develop their skills * Web pentesting Enviromint :-: user:"ahmad.ninja" pass:"hacking15.org" 1. Environment to simulate the real live app (webs & mobile) but it focused on "web app". 2. This is the half of our project the other one will be on YouTube as "Video Tutorials" Which aim to help you to start your Pentesting career or develop it 3. The videos will be in English but articles will be written in Arabic 4. For instant... -
23
Linux Exploit Suggester
Linux Exploit Suggester; based on operating system release number
Linux Exploit Suggester is a lightweight Perl script designed to help security testers quickly identify local Linux kernel privilege-escalation candidates by matching the host’s kernel/OS release string against a curated list of known vulnerable versions. It runs uname -r by default (or accepts a manual -k kernel string) and prints a suggestive, human-readable list of possible exploit names, CVEs, and references that match that kernel version. The tool intentionally keeps its logic simple:... -
24
No Exploiting Me
Vulnerable VM with some focus on NoSQL
This vulnerable VM is meant to act as a practice virtual machine for security researchers to start looking at identifying and exploiting vulnerabilities in NoSQL, PHP and the underlying OS (Debian). -
25
Malware Classifier
Perform quick, easy classification of binaries for malware analysis.
Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable. Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.” The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs. ...
