Pen-testing List of Labs

Vulnerable Web Applications
OWASP BWA http://code.google.com/p/owaspbwa/
OWASP Hackademic http://hackademic1.teilar.gr/
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/
PentesterLab https://pentesterlab.com/
Butterfly Security Project http://thebutterflytmp.sourceforge.net/
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
Moth http://www.bonsai-sec.com/en/research/moth.php
WackoPicko https://github.com/adamdoupe/WackoPicko
BadStore http://www.badstore.net/
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/
BodgeIt Store http://code.google.com/p/bodgeit/
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
SecuriBench http://suif.stanford.edu/~livshits/securibench/
SQLol https://github.com/SpiderLabs/SQLol
CryptOMG https://github.com/SpiderLabs/CryptOMG
XMLmao  https://github.com/SpiderLabs/XMLmao
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
GameOver http://sourceforge.net/projects/null-gameover/
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
PuzzleMall http://code.google.com/p/puzzlemall/
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88
sqli-labs https://github.com/Audi-1/sqli-labs
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
bWAPP http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
NOWASP / Mutillidae 2  http://sourceforge.net/projects/mutillidae/
SocketToMe http://digi.ninja/projects/sockettome.php
Vulnerable Operating System Installations
Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/
Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
LAMPSecurity http://sourceforge.net/projects/lampsecurity/
UltimateLAMP http://www.amanhardikar.com/mindmaps/practice-links.html
heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia – http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
pWnOS http://www.pwnos.com/
Holynix http://sourceforge.net/projects/holynix/files/
Kioptrix http://www.kioptrix.com/blog/
exploit-exercises – nebula, protostar, fusion http://exploit-exercises.com/download
PenTest Laboratory  http://pentestlab.org/lab-in-a-box/
RebootUser Vulnix http://www.rebootuser.com/?page_id=1041
neutronstar http://neutronstar.org/goatselinux.html
scriptjunkie.us  http://www.scriptjunkie.us/2012/04/the-hacker-games/
21LTR http://21ltr.com/scenes/
SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
Pentester Lab https://www.pentesterlab.com/exercises
Vulnserver http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
TurnKey Linux http://www.turnkeylinux.org/
Bitnami https://bitnami.com/stacks
Elastic Server http://elasticserver.com
CentOS http://www.centos.org/
Sites for Downloading Older Versions of Various Software
Exploit-DB http://www.exploit-db.com/
Old Version http://www.oldversion.com/
Old Apps  http://www.oldapps.com/
VirtualHacking Repo sourceforge.net/projects/virtualhacking/files/apps%40realworld/
Sites by Vendors of Security Testing Software
Acunetix acuforum http://testasp.vulnweb.com/
Acunetix acublog http://testaspnet.vulnweb.com/
Acunetix acuart http://testphp.vulnweb.com/
Cenzic crackmebank http://crackme.cenzic.com
HP freebank http://zero.webappsecurity.com
IBM altoromutual http://demo.testfire.net/
Mavituna testsparker http://aspnet.testsparker.com
Mavituna testsparker http://php.testsparker.com
NTOSpider Test Site http://www.webscantest.com/
Sites for Improving Your Hacking Skills
EnigmaGroup http://www.enigmagroup.org/
Exploit Exercises http://exploit-exercises.com/
Google Gruyere http://google-gruyere.appspot.com/
Gh0st Lab http://www.gh0st.net/
Hack A Server  https://hackaserver.com/
Hack This Site  http://www.hackthissite.org/
HackThis  http://www.hackthis.co.uk/
HackQuest http://www.hackquest.com/
Hack.me https://hack.me
Hacking-Lab https://www.hacking-lab.com
Hacker Challenge http://www.dareyourmind.net/
Hacker Test http://www.hackertest.net/
hACME Game http://www.hacmegame.org/
Hax.Tor http://hax.tor.hu/
OverTheWire http://www.overthewire.org/wargames/
PentestIT  http://www.pentestit.ru/en/
p0wnlabs  http://p0wnlabs.com/
pwn0 https://pwn0.com/home.php
RootContest http://rootcontest.com/
Root Me http://www.root-me.org/?lang=en
Security Treasure Hunt http://www.securitytreasurehunt.com/
Smash The Stack http://www.smashthestack.org/
TheBlackSheep and Erik  http://www.bright-shadows.net/
ThisIsLegal http://thisislegal.com/
Try2Hack http://www.try2hack.nl/
WabLab http://www.wablab.com/hackme
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/
XSS: ProgPHP http://xss.progphp.com/
CTF Sites / Archives
CTFtime (Details of CTF Challenges) http://ctftime.org/ctfs/
shell-storm Repo http://shell-storm.org/repo/CTF/
CAPTF Repo http://captf.com/
VulnHub https://www.vulnhub.com
CTF365 http://ctf365.com/
Hacker Cons http://hackercons.org/
Hat Force https://www.hatforce.com/
Intense School http://www.intenseschool.com/resources/
SECore https://secore.info/
Mobile Apps
ExploitMe Mobile Android Labs http://securitycompass.github.io/AndroidLabs/
ExploitMe Mobile iPhone Labs http://securitycompass.github.io/iPhoneLabs/
OWASP iGoat  http://code.google.com/p/owasp-igoat/
OWASP Goatdroid https://github.com/jackMannino/OWASP-GoatDroid-Project
Damn Vulnerable iOS App (DVIA) http://damnvulnerableiosapp.com/
Damn Vulnerable Android App (DVAA) https://code.google.com/p/dvaa/
Damn Vulnerable FirefoxOS Application (DVFA) https://github.com/pwnetrationguru/dvfa/
NcN Wargame http://noconname.org/evento/wargame/
Hacme Bank Android http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank http://www.paladion.net/downloadapp.html
Miscellaneous
VulnVPN http://www.rebootuser.com/?page_id=1041
VulnVoIP http://www.rebootuser.com/?page_id=1041
NETinVM http://informatica.uv.es/~carlos/docencia/netinvm/
GNS3 http://sourceforge.net/projects/gns-3/
XAMPP https://www.apachefriends.org/index.html

Thank you (zer0w0rm)

Published By : Zer0w0rm ~ Zer0w0rm

 

4 comments:

  1. DreamHost is definitely the best web-hosting company with plans for all of your hosting needs.

    ReplyDelete
  2. I'm using Kaspersky security for many years now, I'd recommend this solution to all of you.

    ReplyDelete
  3. You might be qualified for a complimentary Apple iPhone 7.

    ReplyDelete
  4. If you want your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (no matter why you broke up) you gotta watch this video
    right away...

    (VIDEO) Get your ex back with TEXT messages?

    ReplyDelete