Never Ending Security

It starts all here

Penetration Testing Practice Lab – Vulnerable Apps / Systems (The Most Complete List)

A complete mindmap about all the courses and trainings from this post can be found here:
http://www.amanhardikar.com/mindmaps/Practice.png

Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.

Vulnerable Web Applications:
OWASP BWA: http://code.google.com/p/owaspbwa
OWASP Hackademic: http://hackademic1.teilar.gr
OWASP SiteGenerator: https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks: http://sourceforge.net/projects/owaspbricks & http://sechow.com/bricks
OWASP Security Shepherd: https://www.owasp.org/index.php/OWASP_Security_Shepherd
Damn Vulnerable Web App (DVWA): http://www.dvwa.co.uk
Damn Vulnerable Web Services (DVWS): http://dvws.professionallyevil.com
WebGoat.NET: https://github.com/jerryhoff/WebGoat.NET
PentesterLab: https://pentesterlab.com
Butterfly Security Project: http://thebutterflytmp.sourceforge.net
Foundstone Hackme Bank: http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books: http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino: http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping: http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel: http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
LAMPSecurity: http://sourceforge.net/projects/lampsecurity
Moth: http://www.bonsai-sec.com/en/research/moth.php
WackoPicko: https://github.com/adamdoupe/WackoPicko & http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
BadStore: http://www.badstore.net
WebSecurity Dojo: http://www.mavensecurity.com/web_security_dojo
BodgeIt Store: http://code.google.com/p/bodgeit
hackxor: http://hackxor.sourceforge.net/cgi-bin/index.pl
SecuriBench: http://suif.stanford.edu/~livshits/securibench
SQLol: https://github.com/SpiderLabs/SQLol
CryptOMG: https://github.com/SpiderLabs/CryptOMG
XMLmao: https://github.com/SpiderLabs/XMLmao
Exploit KB Vulnerable Web App: http://exploit.co.il/projects/vuln-web-app & http://sourceforge.net/projects/exploitcoilvuln
PHDays iBank CTF: http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
GameOver: http://sourceforge.net/projects/null-gameover
Zap WAVE: http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
PuzzleMall: http://code.google.com/p/puzzlemall
VulnApp: http://www.nth-dimension.org.uk/blog.php?id=88
sqli-labs: https://github.com/Audi-1/sqli-labs
Drunk Admin Web Hacking Challenge: https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge
bWAPP: http://www.mmeit.be/bwapp & http://sourceforge.net/projects/bwapp/files/bee-box & http://www.itsecgames.com
NOWASP / Mutillidae 2: http://sourceforge.net/projects/mutillidae
SocketToMe: http://digi.ninja/projects/sockettome.php
Project GameOver: http://null.co.in/2012/06/14/gameover-web-pentest-learning-platform
OWASP Vicnum Project: https://sourceforge.net/projects/vicnum & http://vicnum.ciphertechs.com
Hackademic Challenges: http://www.hackademic.eu

Vulnerable Operating System Installations:
Damn Vulnerable Linux: http://sourceforge.net/projects/virtualhacking/files/os/dvl & http://www.damnvulnerablelinux.org
Metasploitable: http://sourceforge.net/projects/virtualhacking/files/os/metasploitable & https://sourceforge.net/projects/metasploitable
LAMPSecurity: http://sourceforge.net/projects/lampsecurity
UltimateLAMP: http://www.amanhardikar.com/mindmaps/practice-links.html & http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip
heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
De-ICE HackerPedia PenTest LiveCDs http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
pWnOS: http://www.pwnos.com & http://www.krash.in/bond00/pWnOS%20v1.0.zip & http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html
Holynix: http://sourceforge.net/projects/holynix/files & http://pynstrom.net/index.php?page=holynix.php
Kioptrix: http://www.kioptrix.com/blog/?page_id=135
exploit-exercises – nebula, protostar, fusion: http://exploit-exercises.com/download
PenTest Laboratory: http://pentestlab.org/lab-in-a-box
RebootUser Vulnix: http://www.rebootuser.com/?page_id=1041
neutronstar: http://neutronstar.org/goatselinux.html
scriptjunkie.us: http://www.scriptjunkie.us/2012/04/the-hacker-games
21LTR: http://21ltr.com/scenes
SecGame # 1 Sauron: http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
Pentester Lab: https://www.pentesterlab.com/exercises
Vulnserver: http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
TurnKey Linux: http://www.turnkeylinux.org
Bitnami: https://bitnami.com/stacks
Elastic Server: http://elasticserver.com
CentOS: http://www.centos.org
Katana: http://www.hackfromacave.com/katana.html
Virtual Hacking Lab: http://sourceforge.net/projects/virtualhacking/files
Hacking-Lab: http://www.hacking-lab.com/hl_livecd

Sites for Downloading Older Versions of Various Software:
Exploit-DB: http://www.exploit-db.com
Old Version: http://www.oldversion.com
Old Apps: http://www.oldapps.com
VirtualHacking Repo: http://sourceforge.net/projects/virtualhacking/files/apps%40realworld

Sites by Vendors of Security Testing Software:
Acunetix acuforum: http://testasp.vulnweb.com
Acunetix acublog: http://testaspnet.vulnweb.com
Acunetix acuart: http://testphp.vulnweb.com
Cenzic crackmebank: http://crackme.cenzic.com
HP freebank: http://zero.webappsecurity.com
IBM altoromutual: http://demo.testfire.net
Mavituna testsparker: http://aspnet.testsparker.com
Mavituna testsparker: http://php.testsparker.com
NTOSpider Test Site: http://www.webscantest.com

Sites for Improving Your Hacking Skills:
EnigmaGroup: http://www.enigmagroup.org
Exploit Exercises: http://exploit-exercises.com
Google Gruyere: http://google-gruyere.appspot.com
Gh0st Lab: http://www.gh0st.net
Hack This Site: http://www.hackthissite.org
HackThis: http://www.hackthis.co.uk
HackQuest: http://www.hackquest.com
Hack.me: https://hack.me
Hacking-Lab: https://www.hacking-lab.com
Hacker Challenge: http://www.dareyourmind.net
Hacker Test: http://www.hackertest.net
hACME Game: http://www.hacmegame.org
Hax.Tor: http://hax.tor.hu
OverTheWire: http://www.overthewire.org/wargames
PentestIT: http://www.pentestit.ru/en
pwn0: https://pwn0.com/home.php
RootContest: http://rootcontest.com
Root Me: http://www.root-me.org/?lang=en
Security Treasure Hunt: http://www.securitytreasurehunt.com
Smash The Stack: http://www.smashthestack.org
TheBlackSheep and Erik: http://www.bright-shadows.net
ThisIsLegal: http://thisislegal.com
Try2Hack: http://www.try2hack.nl
WabLab: http://www.wablab.com/hackme
XSS – Can You XSS This?: http://canyouxssthis.com/HTMLSanitizer
XSS – ProgPHP: http://xss.progphp.com

CTF Sites / Archives:
CTFtime (Details of CTF Challenges): http://ctftime.org/ctfs
shell-storm Repo: http://shell-storm.org/repo/CTF
CAPTF Repo: http://captf.com
VulnHub: https://www.vulnhub.com

Mobile Apps:
ExploitMe Mobile Android Labs: http://securitycompass.github.io/AndroidLabs
ExploitMe Mobile iPhone Labs: http://securitycompass.github.io/iPhoneLabs
OWASP iGoat: http://code.google.com/p/owasp-igoat
OWASP Goatdroid: https://github.com/jackMannino/OWASP-GoatDroid-Project
Damn Vulnerable iOS App (DVIA): http://damnvulnerableiosapp.com
Damn Vulnerable Android App (DVAA): https://code.google.com/p/dvaa
Damn Vulnerable FirefoxOS Application (DVFA): https://github.com/pwnetrationguru/dvfa
NcN Wargame: http://noconname.org/evento/wargame
Hacme Bank Android: http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank: http://www.paladion.net/downloadapp.html

Miscellaneous:
VulnVPN: http://www.rebootuser.com/?page_id=1041
VulnVoIP: http://www.rebootuser.com/?page_id=1041
NETinVM: http://informatica.uv.es/~carlos/docencia/netinvm
GNS3: http://sourceforge.net/projects/gns-3
XAMPP: https://www.apachefriends.org/index.html

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s