(opens in new window)

OWASP Vulnerable Web Applications Directory

An OWASP production project

A comprehensive registry of known vulnerable web and mobile applications for legal security testing and training.

MSTG CrackMes

MAS Crackmes (UnCrackable Apps): collection of mobile reverse engineering challenges from the OWASP Mobile Application Security Testing Guide (MASTG). Android and iOS apps used as examples in the MASTG; solve for practice or fun.

Collections mobile
Technology Android iOS
Categories Free-form Single-player
Author OWASP
Stars 12862 stars
Last contribution Apr 24, 2026 < 1mo
Link

Notes

Downloads: GitHub OWASP/mastg Crackmes (Android UnCrackable L1–L4, DRM; iOS UnCrackable L1–L2). Overview: https://mas.owasp.org/crackmes/.

← Back to directory