Wapiti : Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the applica...
DVWA - Damn Vulnerable Web Application : Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to t...
Nikto2 : Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potent...
OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
Opentape : Opentape is a free, open-source package that lets you make and host your own mixtapes on the web.
Upload songs (via web or FTP), reorder, rename, cust...
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.