๐Ÿ“ฆ shieldfy / AVWA

Advanced Vulnerable Web Application (AVWA)

โ˜… 14 stars โ‘‚ 2 forks ๐Ÿ‘ 14 watching โš–๏ธ MIT License
AVWA
๐Ÿ“ฅ Clone https://github.com/shieldfy/AVWA.git
HTTPS git clone https://github.com/shieldfy/AVWA.git
SSH git clone git@github.com:shieldfy/AVWA.git
CLI gh repo clone shieldfy/AVWA
ZIP Desktop VS Code
Eslam Salem Eslam Salem first commit dc80bb7 8 years ago ๐Ÿ“ History
๐Ÿ“‚ master View all commits โ†’
๐Ÿ“„ LICENSE
๐Ÿ“„ README.md
๐Ÿ“„ README.md

Advanced Vulnerable Web Application (AVWA)

Advanced Vulnerable Web Application (AVWA) is a very vulnerable web application focus on modern advanced vulerabilities.

The main goal is to be an aid for security professionals , pentesters and web developers to test their security skills in a legal environment And learn about new vulnerabilities and exploit in today world.

WARNING!

Advanced Vulnerable Web Application is not safe! Do not upload it to your hosting provider's public html folder or any Internet facing servers , as they will be compromised.

Roadmap

We want it to cover all modern vulnerabilities , includes and not limited to

  • API Security ( JWT Security , OAuth Flows .. etc )
  • CRLF / Header Injection
  • Advanced XSS ( CSP bypass , Cross Origin issues .. etc )
  • XXE
  • Object Injection / Use After Free Vulnerabilities
  • Template Injection RCE
  • Advanced SQL Injection ( 2nd order , error based , blind SQLI )
  • ReDoS attack / Format String Attack
  • Server Side Request Forgery ( SSRF )

Inspiration

Highly inspired from vulnerable web application for pentesters (DVWA , Webgoat .. etc)

Contributions

AVWA is in very early stage , All ideas are welcome .. just open issue in this repo with prefix [IDEA] , and we will discuss it in public to implement it. or drop us an email at opensource@shieldfy.io