Broken Web Apps is a distro that is to be run in a vm that includes many applications that are vulnerable. It's purpose is to help the user learn web hacking and web application security.
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project