Vulnerable Client-Server Application (VuCSA)

Vulnerable Client‑Server Application

Vulnerable client‑server application (VuCSA) is made for learning/presenting how to perform penetration tests of non‑http thick clients. It is written in Java (with JavaFX graphical user interface).



Solutions for these challenges using open-source tool PETEP can be found in this written tutorial and in the following video.

There is also the following YouTube playlist with separated videos for each vulnerability:


VuCSA executables for Windows, Linux and Mac can be downloaded from GitHub releases:

GitHub: VuCSA GitHub

VuCSA is licenced under the GNU General Public License v3.0 and its source code is awailable on the GitHub above.