https://www.vulnhub.com/entry/owasp-broken-web-applications-project-12,46/
Better?
Main
The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:
learning about web application security
testing manual assessment techniques
testing automated tools
testing source code analysis tools
observing web attacks
testing WAFs and similar code technologies
all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.
Source: http://owasp.com/index.php/OWASP_Broken_Web_Applications_Project
Release notes for the Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
More information about the project can be found at http://www.owaspbwa.org/.
The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive. BOTH FILES CONTAIN THE EXACT SAME VM! We recommend that you download the .7z archive if possible to save bandwidth (and time). 7-zip is available for Windows, Mac, Linux, and other Operating Systems.
!!! This VM has many serious security issues. We strongly recommend that you run it only on the "host only" or "NAT" network in the virtual machine settings !!!