EnglishFrenchSpanish

OnWorks favicon

bWAPP download for Linux

Free download bWAPP Linux app to run online in Ubuntu online, Fedora online or Debian online

This is the Linux app named bWAPP whose latest release can be downloaded as bWAPP_latest.zip. It can be run online in the free hosting provider OnWorks for workstations.

Download and run online this app named bWAPP with OnWorks for free.

Follow these instructions in order to run this app:

- 1. Downloaded this application in your PC.

- 2. Enter in our file manager https://www.onworks.net/myfiles.php?username=XXXXX with the username that you want.

- 3. Upload this application in such filemanager.

- 4. Start the OnWorks Linux online or Windows online emulator or MACOS online emulator from this website.

- 5. From the OnWorks Linux OS you have just started, goto our file manager https://www.onworks.net/myfiles.php?username=XXXXX with the username that you want.

- 6. Download the application, install it and run it.

SCREENSHOTS

Ad


bWAPP


DESCRIPTION

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.

bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific issue... bWAPP is covering a wide range of vulnerabilities!

bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It is supported on WAMP or XAMPP. Another possibility is to download bee-box, a custom VM pre-installed with bWAPP.

This project is part of the ITSEC GAMES project. You can find more about the ITSEC GAMES and bWAPP projects on our blog.

For security-testing and educational purposes only!

Cheers

Malik Mesellem

Features

  • SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP and SMTP injections
  • Blind SQL injection and Blind OS Command injection
  • Boolean-based and time-based Blind SQL injections
  • Drupageddon and Drupalgeddon2 (CVE-2018-7600)
  • AJAX and Web Services issues (JSON/XML/SOAP)
  • Heartbleed vulnerability (OpenSSL) + detection script included
  • Shellshock vulnerability (CGI)
  • Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
  • phpMyAdmin BBCode Tag XSS
  • Cross-Site Request Forgery (CSRF)
  • Information disclosures: favicons, version info, custom headers,...
  • Unrestricted file uploads and backdoor files
  • Old, backup & unreferenced files
  • Authentication, authorization and session management issues
  • Password and CAPTCHA attacks
  • Insecure DistCC, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
  • Arbitrary file access with Samba
  • Directory traversals and unrestricted file access
  • Local and remote file inclusions (LFI/RFI)
  • Server Side Request Forgery (SSRF)
  • XML External Entity attacks (XXE)
  • Man-in-the-Middle attacks (HTTP/SMTP)
  • HTTP parameter pollution and HTTP verb tampering
  • Denial-of-Service (DoS) attacks: Slow Post, SSL-Exhaustion, XML Bomb,...
  • POODLE vulnerability
  • BREACH/CRIME/BEAST SSL attacks
  • HTML5 ClickJacking and web storage issues
  • Insecure iFrame (HTML5 sandboxing)
  • Insecure direct object references (parameter tampering)
  • Insecure cryptographic storage
  • Cross-Origin Resource Sharing (CORS) issues
  • Cross-domain policy file attacks (Flash/Silverlight)
  • Local privilege escalations: udev, sendpage
  • Cookie and password reset poisoning
  • Host header attacks: password reset poisoning en cache pollutions
  • PHP CGI remote code execution
  • Dangerous PHP Eval function
  • Local and remote buffer overflows (BOF)
  • phpMyAdmin and SQLiteManager vulnerabilities
  • Nginx web server vulnerabilities
  • HTTP response splitting, unvalidated redirects and forwards
  • WSDL SOAP vulnerabilities
  • Form-based authentication and No-authentication modes
  • Active Directory LDAP integration
  • Fuzzing possibilities
  • and much more...
  • HINT: download our bee-box VM > it has ALL necessary extensions
  • bee-box is compatible with VMware and VirtualBox!
  • Enjoy it little bees ;)


Audience

System Administrators, Developers, Auditors, Security Professionals


User interface

Web-based


Programming Language

PHP, JavaScript


Database Environment

MySQL


This is an application that can also be fetched from https://sourceforge.net/projects/bwapp/. It has been hosted in OnWorks in order to be run online in an easiest way from one of our free Operative Systems.


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    Blackfriday
    Blackfriday
    Blackfriday is a Markdown processor
    implemented in Go. It is paranoid about
    its input (so you can safely feed it
    user-supplied data), it is fast, it
    supports c...
    Download Blackfriday
  • 2
    QNAP NAS GPL Source
    QNAP NAS GPL Source
    GPL source for QNAP Turbo NAS.
    Audience: Developers. User interface:
    Web-based. Programming Language: C,
    Java. Categories:System, Storage,
    Operating System Ker...
    Download QNAP NAS GPL Source
  • 3
    deep-clean
    deep-clean
    A Kotlin script that nukes all build
    caches from Gradle/Android projects.
    Useful when Gradle or the IDE let you
    down. The script has been tested on
    macOS, but ...
    Download deep-clean
  • 4
    Eclipse Checkstyle Plug-in
    Eclipse Checkstyle Plug-in
    The Eclipse Checkstyle plug-in
    integrates the Checkstyle Java code
    auditor into the Eclipse IDE. The
    plug-in provides real-time feedback to
    the user about viol...
    Download Eclipse Checkstyle Plug-in
  • 5
    AstrOrzPlayer
    AstrOrzPlayer
    AstrOrz Player is a free media player
    software, part based on WMP and VLC. The
    player is in a minimalist style, with
    more than ten theme colors, and can also
    b...
    Download AstrOrzPlayer
  • 6
    movistartv
    movistartv
    Kodi Movistar+ TV es un ADDON para XBMC/
    Kodi que permite disponer de un
    decodificador de los servicios IPTV de
    Movistar integrado en uno de los
    mediacenters ma...
    Download movistartv
  • More »

Linux commands

Ad