#Owasp-top-10

Showing 45 of 45 repositories tagged #owasp-top-10, ranked by stars

juice-shop
juice-shop
juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Score
100
★ 13.5k ⑂ 18.6k +3/day
TypeScript
xalgord
xalgord
Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.

Score
87
★ 1.8k ⑂ 297
webpwnized
webpwnized
mutillidae

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

Score
97
★ 1.5k ⑂ 561 +2/day
PHP
akto-api-security
akto-api-security
akto

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Score
95
★ 1.5k ⑂ 285
Java
roottusk
roottusk
vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Score
100
★ 1.3k ⑂ 337 +2/day
HTML
Zeyad-Azima
Zeyad-Azima
Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

Score
90
★ 1.2k ⑂ 244 +1/day
globocom
globocom
secDevLabs

A laboratory for learning secure web and mobile development in a practical manner.

Score
77
★ 976 ⑂ 463
PHP
appsecco
appsecco
dvna

Damn Vulnerable NodeJS Application

Score
82
★ 778 ⑂ 919
SCSS
bmarsh9
bmarsh9
gapps

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking

Score
92
★ 685 ⑂ 150 +2/day
HTML
ossamayasserr
ossamayasserr
WebAppPentestRoadmap

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

Score
64
★ 447 ⑂ 87
Python
cerberauth
cerberauth
vulnapi

API Security Vulnerability Scanner designed to help you secure your APIs.

Score
85
★ 275 ⑂ 37 +1/day
Go
ivan-sincek
ivan-sincek
forbidden

Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.

Score
79
★ 257 ⑂ 48
Python
errorfiathck
errorfiathck
IDOR-Forge

IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Score
67
★ 236 ⑂ 43 +2/day
Python
OWASP
OWASP
ASST

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.

Score
62
★ 189 ⑂ 40
JavaScript
moeinfatehi
moeinfatehi
Backup-Finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

Score
46
★ 166 ⑂ 27 +1/day
Java
yevh
yevh
VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

Score
0
★ 166 ⑂ 24
moeinfatehi
moeinfatehi
Admin-Panel_Finder

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

Score
41
★ 122 ⑂ 21
Java
moeinfatehi
moeinfatehi
xss_vulnerability_challenges

this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.

Score
36
★ 118 ⑂ 16
PHP
dipakpanchal05
dipakpanchal05
CVE-2022-23808

phpMyAdmin XSS

Score
38
★ 114 ⑂ 23
Soham7-dev
Soham7-dev
AspGoat

AspGoat is an intentionally vulnerable ASP.NET Core application for learning and practicing web application security.

Score
69
★ 106 ⑂ 91
JavaScript
abunuwas
abunuwas
fencer

Automated API security testing

Score
31
★ 87 ⑂ 12
Python
Whyiest
Whyiest
Juice-Shop-Write-up

Non-official write up for the Juice-Shop CTF

Score
33
★ 80 ⑂ 19
Python
OWASP
OWASP
www-project-citizen-development-top10-security-risks

OWASP Citizen Development Top 10

Score
72
★ 76 ⑂ 26
HTML
snsttr
snsttr
diwa

A Deliberately Insecure Web Application

Score
59
★ 73 ⑂ 90
PHP
presidio-oss
presidio-oss
cline-based-code-generator

VS Code extension that streamlines development workflows through AI-powered task execution, intelligent file management, and automated code generation. Built on Cline, it integrates with various LLMs to enhance productivity and code quality while simplifying complex development tasks.

Score
100
★ 66 ⑂ 53 +1/day
TypeScript
Aif4thah
Aif4thah
VulnerableLightApp

Vulnerable API for research and education

Score
74
★ 57 ⑂ 83
C#
moeinfatehi
moeinfatehi
file_upload_vulnerability_scenarios

This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).

Score
23
★ 56 ⑂ 6
PHP
n4itr0-07
n4itr0-07
SecToolkit

Welcome SecToolkit repository! This is a comprehensive collection of cybersecurity and bug bounty hunting topics. Here, you'll find a variety of resources, notes, and practical projects aimed at enhancing knowledge and skills in identifying and mitigating security vulnerabilities.

Score
26
★ 50 ⑂ 12
zAbuQasem
zAbuQasem
MyNotes

My notes from courses,books ..etc

Score
51
★ 49 ⑂ 5
Python
Ninja-Yubaraj
Ninja-Yubaraj
SQL-Injection-Payloads-List

SQL Injection Payloads List.

Score
18
★ 43 ⑂ 9
koalalab-inc
koalalab-inc
bolt

Secure GitHub actions with 1 line of code

Score
0
★ 38 ⑂ 3
JavaScript
toxy4ny
toxy4ny
kevlar-benchmark

Kevlar Benchmark: OWASP Top 10 for Agentic Apps (AI-Agents) 2026 a Red Team Benchmark

Score
54
★ 36 ⑂ 4
Python
webpwnized
webpwnized
mutillidae-dockerhub

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.

Score
21
★ 33 ⑂ 18
Shell
Aftab700
Aftab700
DVWA-Writeup

This repository contains writeups for Damn Vulnerable Web Application (DVWA). --------------------------------- Updated writeups and blogs are at: https://github.com/Aftab700/aftab700.github.io

Score
44
★ 30 ⑂ 6
HTML
xiabai2004
xiabai2004
RayScan

RayScan 1.0 — 开箱即用的 Web 漏洞扫描器 | SQL注入 / XSS / 命令注入 / LFI / SSRF / XXE / RCE / API安全 | 11个检测模块 | CLI + Web UI 双模式 | Metasploitable 2 实战验证发现83漏洞

Score
56
★ 25 ⑂ 1 +1/day
Python
GURPREETKAURJETHRA
GURPREETKAURJETHRA
LLM-SECURITY

Securing LLM's Against Top 10 OWASP Large Language Model Vulnerabilities 2024

Score
0
★ 23 ⑂ 6
Malwareman007
Malwareman007
Hacking_Tools

All Type Of Tools written in multipule language .

Score
8
★ 22 ⑂ 6
Python
mudassiralladatkhan
mudassiralladatkhan
AspGoat

🔒 Intentionally vulnerable ASP.NET Core app for hands-on web security & penetration testing practice

Score
49
★ 21 ⑂ 1
JavaScript
luigiurbano
luigiurbano
Reinforced-Wavsep

A reinforced version of the Wavsep evaluation platform.

Score
10
★ 18 ⑂ 9
Java
filipkarc
filipkarc
ssti-flask-hacking-playground

App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

Score
5
★ 17 ⑂ 5
Python
Lodoelama
Lodoelama
Columbia-University-Cybersecurity-Program

This repository documents my hands on experience and assignments during the Columbia University Cybersecurity Program. It includes home labs related to network security, penetration testing, and defensive security

Score
3
★ 16 ⑂ 4 +1/day
Shell
nybble04
nybble04
cybersec-notes

My cyber security notes.

Score
0
★ 14 ⑂ 1
ShubhamJagtap2000
ShubhamJagtap2000
Cross-site-Scripting

🐞 Understand how cross-site scripting occurs, how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.

Score
15
★ 13 ⑂ 1
JavaScript
FoxVR-sudo
FoxVR-sudo
Bug-Bounty-Arsenal-v.3

Authorized web application security testing platform built with Django, React, Celery, and Redis.

Score
28
★ 12 ⑂ 0
Python
Mr-Infect
Mr-Infect
AI-cyber-range

AI Cyber Range – OWASP Top 10 for LLMs is a cutting-edge AI Penetration Testing Lab engineered to simulate real-world LLM vulnerabilities in a safe, automated, Docker-powered environment.

Score
13
★ 11 ⑂ 1
Python
Related Topics
#owasp#penetration-testing#security#cybersecurity#hacking#bugbounty#application-security#appsec#owasp-top-ten#pentesting#bug-bounty

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly