Awesome

Actuator Testbed, a sample vulnerable application exposing Spring Boot Actuators

Run locally (jdk 8 is recommended, by default binds to localhost:8090):

• mvn install
• mvn spring-boot:run

See https://www.veracode.com/blog/research/exploiting-spring-boot-actuators for attack payloads.