Search Results for "vulnerable machine"
Sort By:
Showing 21 open source projects for "vulnerable machine"
View related business solutions-
The Most Powerful Software Platform for EHSQ and ESG ManagementChoose from a complete set of software solutions across EHSQ that address all aspects of top performing Environmental, Health and Safety, and Quality management programs.
-
Premier Construction SoftwareRated #1 Construction Accounting Software by Forbes Advisor in 2022 & 2023. Our modern SAAS solution is designed to meet the needs of General Contractors, Developers/Owners, Homebuilders & Specialty Contractors.
-
1
DVWA
PHP/MySQL web application
...Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode. -
2
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" Will also run on the ProxMox server to understand how to do it pls refer to the doc in the zip named "Cybersecurity Lab Deployment on Proxmox" The default login and password is administrator: password. ...
-
3
Suricata Anti-DDoS Lab
Suricata VMware VM dor IDS practicing
Suricata Anti-DDoS Security Lab (Debian 13 VMware Virtual Machine): Preconfigured VMware virtual machine for educational network security monitoring and intrusion detection using Suricata. Designed for hands-on IDS and SOC-style training in a controlled lab environment. Includes the following integrated services: + Suricata – network intrusion detection and traffic inspection + EveBox – alert visualisation and event analysis + DVWA – vulnerable web application for traffic generation and testing + phpMyAdmin – database management and inspection Default setup demonstrates DDoS-related detection scenarios, but the lab is fully customisable for other network-based attacks. ... -
4
paramspider
Mine parameterized URLs from web archives for security testing
...These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance. -
Failed Payment Recovery for Subscription BusinessesFlexPay’s innovative platform uses multiple technologies to achieve the highest number of retained customers, resulting in reduced involuntary churn, longer life span after recovery, and higher revenue. Leading brands like LegalZoom, Hooked on Phonics, and ClinicSense trust FlexPay to recover failed payments, reduce churn, and increase customer lifetime value.
-
5
An intentionally designed vulnerable machine 'boot2root' challenge for beginners. Setup You will need Virtual Box or VMWare Player to import the OVA file included in this repository. I have tested this using Windows 10 and VirtualBox version 7. 1. Set the network adapter to host-only or bridge mode, so that you can launch the virtual machine. 2.
-
6
Slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP
Slipstream (also referred to as “NAT Slipstreaming”) is a proof-of-concept exploit framework that allows an attacker to remotely access any TCP or UDP service running on a victim machine inside a NAT (behind a router/firewall) simply by tricking the target to visit a malicious website. It works by abusing the NAT’s Application Level Gateway (ALG) logic and connection tracking, combined with browser capabilities like WebRTC, precise packet fragmentation or boundary control, and packet... -
7
Log4jScanner
A log4j vulnerability filesystem scanner and Go package
...Clear, machine-readable output allows the tool to plug into CI/CD checks and fleet-wide inventory jobs. For responders, it reduces time-to-visibility by surfacing exactly which paths and bundles require patching or remediation. It’s a pragmatic addition to defense-in-depth programs that need verifiable evidence of exposure without deploying agents. -
8
waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain
...By leveraging archived data, waybackurls helps identify hidden attack surfaces, legacy APIs, and forgotten resources that could be vulnerable. Its design is intentionally simple and efficient, focusing on delivering large volumes of URLs quickly with minimal configuration. The output can be combined with other tools for further analysis, such as filtering parameters or probing endpoints. -
9
VPLE
Vulnerable Pentesting Lab Environment
VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" The default login and password is administrator: password. -
Agentic AI SRE built for Engineering and DevOps teams.NeuBird AI's agentic AI SRE delivers autonomous incident resolution, helping team cut MTTR up to 90% and reclaim engineering hours lost to troubleshooting.
-
10
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible... -
11
Metasploitable
Metasploitable is an intentionally vulnerable Linux virtual machine
This is Metasploitable2 (Linux) Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin. Never expose this VM to an untrusted network (use NAT or Host-only mode if you have any questions what that means). To contact the developers, please send email to msfdev@metasploit.com -
12
LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
-
13
Vulnerable Operating Systems
deliberately vulnerable operating systems
VulnOS are a series of deliberately vulnerable operating systems packed as virtual machines to teach Offensive IT Security and to enhance penetration testing skills. For educational purposes! -
14
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
-
15
ODS3 Virtual Machine Challenge
Virtual Machine Image To Test Penetration Skills
The ODS3 Virtual Machine Challenge are downloadable images that can be run as VMWare or VirtualBox instances. The Idea behind the challenge is to test and exercise web application penetration testing in a controlled environment. These images are great for cyber security students, penetration testers and hobbyist. Care should be taken if installed on an Internet access host as the application are purposely vulnerable to attack and exploitation. -
16
xxe
Intentionally vulnerable web services exploitable with XXE
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located. This zipped Ubuntu VM is set up as a Capture the Flag with those that successfully exploit the XXE vulnerability... -
17
smurfedBTR1
this is a root to boot vmware vulnerable images
the goal is to get the flag in the root directory. /root/ -
18
Web Pentesting Environment
Vulnerable Virtual Machine to Learn
WPE aims to help the beginners Web Penetration Testing to develop their skills * Web pentesting Enviromint :-: user:"ahmad.ninja" pass:"hacking15.org" 1. Environment to simulate the real live app (webs & mobile) but it focused on "web app". 2. This is the half of our project the other one will be on YouTube as "Video Tutorials" Which aim to help you to start your Pentesting career or develop it 3. The videos will be in English but articles will be written in Arabic 4. For instant... -
19
Linux Exploit Suggester
Linux Exploit Suggester; based on operating system release number
Linux Exploit Suggester is a lightweight Perl script designed to help security testers quickly identify local Linux kernel privilege-escalation candidates by matching the host’s kernel/OS release string against a curated list of known vulnerable versions. It runs uname -r by default (or accepts a manual -k kernel string) and prints a suggestive, human-readable list of possible exploit names, CVEs, and references that match that kernel version. The tool intentionally keeps its logic simple:... -
20
No Exploiting Me
Vulnerable VM with some focus on NoSQL
This vulnerable VM is meant to act as a practice virtual machine for security researchers to start looking at identifying and exploiting vulnerabilities in NoSQL, PHP and the underlying OS (Debian). -
21
This Java based API lets you introduce capcha to you J2EE 1.3 + compliant Web Applications and supportive to frameworks like Struts, JSF so that you do not have to worry about having to write your own code for capcha.
- Previous
- You're on page 1
- Next
