BTS Pentesting Lab download

BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities.

Currently, the app contains the following types of vulnerabilities:
*SQL Injection
*XSS(includes Flash Based xss)
*CSRF
*Clickjacking
*SSRF
*File Inclusion
* Code Execution
*Insecure Direct Object Reference
*Unrestricted File Upload vulnerability
*Open URL Redirection
*Server Side Includes(SSI) Injection
and more...

Java version of this application can be found here:
https://sourceforge.net/p/javavulnerablelab/

Features

Has plenty of latest web application vulnerabilities
Easy to Install
It will help you to learn web application hacking
A real vulnerable web application
You can use any pentesting/hacking tools to test the vulnerability
Contains challenges that will improve your bug finding skills
Access the Admin panel at "/btslab/admin/". The default Admin Login Credentials: username 'admin' and password 'password'

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow BTS Pentesting Lab

BTS Pentesting Lab Web Site

Other Useful Business Software

Gen AI apps are built with MongoDB Atlas

The database for AI-powered applications.

MongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.

Start Free

Rate This Project

User Reviews

Be the first to post a review of BTS Pentesting Lab!

Additional Project Details

Intended Audience

Education, Information Technology, Security, Security Professionals

User Interface

Web-based

Programming Language

PHP

Related Categories

PHP Security Software, PHP Cybersecurity Tool

Registered

2014-01-01

Similar Business Software

PHP Secure

PHP Secure is a FREE code scanner that analyzes your PHP code for critical security vulnerabilities. Free online scanner: - Quickly and qualitatively finds web app vulnerabilities - Gives explicit reports and recommendations to fix vulnerabilities - Easy to use and requires no...

See Software
WebScanner

DefenseCode WebScanner is a DAST (Dynamic Application Security Testing, BlackBox Testing) solution for comprehensive security audits of active web applications (websites). WebScanner will test a website’s security by carrying out a large number of attacks using the most advanced techniques, just...

See Software
InsightAppSec

Highest rated DAST solution by an independent research firm three years in a row. Automatically assess modern web apps and APIs with fewer false positives and missed vulnerabilities. Fast-track fixes with rich reporting and integrations, and inform compliance and development stakeholders....

See Software
Trusted Knight Protector Web

Protector Air is focused on protecting individual sessions and the transactions within those sessions. Protector Web further protects the web server with enterprise-grade web application security and DDoS protection. Protector Web eliminates website and application vulnerabilities such as...

See Software
Criminal IP

Criminal IP is a comprehensive threat intelligence search engine that detects vulnerabilities of personal and corporate cyber assets in real time and facilitates preemptive responses accordingly. Originated from the idea that individuals and corporations would be able to strengthen their cyber...

See Software
AppScan

HCL AppScan is a suite of application security testing platforms, technologies, and services that help organizations detect and remediate vulnerabilities throughout the software development lifecycle (SDLC). Powerful static, dynamic, interactive, and open-source scanning engines (DAST, SAST,...

See Software