Awesome Damn Vulnerable Applications

✍︎

This list is a compilation of the various types of applications which is intentionally made insecure and famously known as “Damn Vulnerable”. These application are made to help security enthusiasts learn / sharpen their skills in the field of information security and penetration testing.

Disclaimer : The projects and its credit goes to the creators of these amazing projects

Web Applications

• Web Application : https://github.com/ethicalhack3r/DVWA
• Word Press : https://github.com/vianasw/dvwps
• Node JS : https://github.com/appsecco/dvna
• Web Sockets : https://hub.docker.com/r/tssoffsec/dvws/
• Python : https://github.com/anxolerd/dvpwa
• Ruby on Rails : https://github.com/guilleiguaran/dvra
• Ruby on Rails : https://git.logicalhacking.com/BrowserSecurity/DVGM
• GraphQL : https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application

Web Service Applications

• Web Service : https://github.com/snoopysecurity/dvws
• API : https://github.com/payatu/Tiredful-API/
• C# API Only : https://github.com/appsecco/dvcsharp-api

Source Code

• Source Code : https://github.com/h4x0r101/Damn-Vulnerable-Source-Code

Thick Client

• Thick Client Application : https://github.com/secvulture/dvta
• Java EE : https://github.com/appsecco/dvja

Mobile Application

• iOS Swift : https://github.com/prateek147/DVIA-v2
• iOS: https://github.com/prateek147/DVIA
• Android : https://github.com/payatu/diva-android
• Hybrid Mobile Application : https://github.com/logicalhacking/DVHMA

Crypto & Block Chain

• Crypto Wallet : https://gitlab.com/badbounty/dvcw
• Wallet : https://github.com/genecyber/Damn-Vulnerable-Wallet-App
• Block Chain : https://github.com/subashsn/dvba

OS Related

• Linux : https://www.vulnhub.com/series/damn-vulnerable-linux-dvl,1/
• Windows : https://sourceforge.net/projects/dawn-vulnerability-windows/
• Device Driver : https://github.com/pwk4m1/Damn_Vulnerable_Device_Driver

Cloud Infrastructure

• Cloud Application : https://github.com/m6a-UdS/dvca
• Cloud App (AWS) : https://github.com/RhinoSecurityLabs/cloudgoat
• Function-as-a-service (AWS Lambda) : https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service
• Serverless Application : https://github.com/OWASP/DVSA
• Functions as a Service : https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service

IoT and Hardware

• IoT : https://github.com/Vulcainreo/DVID
• Router : https://github.com/praetorian-code/DVRF
• Safe : https://insinuator.net/2016/01/damn-vulnerable-safe/
• SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process
• PI : https://whitedome.com.au/re4son/sticky-fingers-dv-pi/
• SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network
• VoIP : https://www.vulnhub.com/entry/hacklab-vulnvoip,40/

— — — — — — — — — 2025 Updates — — — — — — — —

Active Directory

• Vulnerable AD Game of Active Directory : https://github.com/Orange-Cyberdefense/GOAD
• Vulnerable AD Lab : https://github.com/M507/Vulnerable-AD-Lab

Artificial Intelligence (Large Language Model)

• Vulnerable LLM Project : https://github.com/harishsg993010/DamnVulnerableLLMProject
• Vulnerable LLM Agent : https://github.com/ReversecLabs/damn-vulnerable-llm-agent
• Vulnerable Bank Application with LLM Capabilities : https://github.com/Commando-X/vuln-bank