A list of web application security
This list is for anyone wishing to learn about web application security but do not have a starting point.
You can help by sending Pull Requests to add more information.
If you're not inclined to make PRs you can tweet me at @infoslack
.git
repositories available in publicdocker pull kalilinux/kali-linux-docker
official Kali Linux
docker pull blackarchlinux/blackarch
official BlackArch Linux
docker pull owasp/zap2docker-stable
- official OWASP ZAP
docker pull wpscanteam/wpscan
- official WPScan
docker pull metasploitframework/metasploit-framework
- docker-metasploit
docker pull citizenstig/dvwa
- Damn Vulnerable Web Application (DVWA)
docker pull bkimminich/juice-shop
OWASP Juice Shop
docker pull wpscanteam/vulnerablewordpress
- Vulnerable WordPress Installation
docker pull hmlio/vaas-cve-2014-6271
- Vulnerability as a service: Shellshock
docker pull hmlio/vaas-cve-2014-0160
- Vulnerability as a service: Heartbleed
docker pull opendns/security-ninjas
- Security Ninjas
docker pull noncetonic/archlinux-pentest-lxde:1.0
- Arch Linux Penetration Tester
docker pull diogomonica/docker-bench-security
- Docker Bench for Security
docker pull ismisepaul/securityshepherd
- OWASP Security Shepherd
docker pull danmx/docker-owasp-webgoat
- OWASP WebGoat Project docker image
docker pull docker pull jeroenwillemsen/wrongsecrets
- OWASP WrongSecrets Project docker image
docker pull citizenstig/nowasp
- OWASP Mutillidae II Web Pen-Test Practice Application
docker pull aaaguirre/pentest
- Docker for pentest
docker pull rustscan/rustscan:2.0.0
- The Modern Port Scanner