| |
| BadStore |
http://www.badstore.net/ |
| BodgeIt Store |
http://code.google.com/p/bodgeit/ |
| Butterfly Security Project |
http://thebutterflytmp.sourceforge.net/ |
| bWAPP |
http://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/ |
| Commix |
https://github.com/stasinopoulos/commix-testbed |
| CryptOMG |
https://github.com/SpiderLabs/CryptOMG |
| Damn Vulnerable Node Application (DVNA) |
https://github.com/quantumfoam/DVNA/ |
| Damn Vulnerable Web App (DVWA) |
http://www.dvwa.co.uk/ |
| Damn Vulnerable Web Services (DVWS) |
http://dvws.professionallyevil.com/ |
| Drunk Admin Web Hacking Challenge |
https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/ |
| Exploit KB Vulnerable Web App |
http://exploit.co.il/projects/vuln-web-app/ |
| Foundstone Hackme Bank |
http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx |
| Foundstone Hackme Books |
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx |
| Foundstone Hackme Casino |
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx |
| Foundstone Hackme Shipping |
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx |
| Foundstone Hackme Travel |
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx |
| GameOver |
http://sourceforge.net/projects/null-gameover/ |
| hackxor |
http://hackxor.sourceforge.net/cgi-bin/index.pl |
| Hackazon |
https://github.com/rapid7/hackazon |
| LAMPSecurity |
http://sourceforge.net/projects/lampsecurity/ |
| Moth |
http://www.bonsai-sec.com/en/research/moth.php |
| NOWASP / Mutillidae 2 |
http://sourceforge.net/projects/mutillidae/ |
| OWASP BWA |
http://code.google.com/p/owaspbwa/ |
| OWASP Hackademic |
http://hackademic1.teilar.gr/ |
| OWASP SiteGenerator |
https://www.owasp.org/index.php/Owasp_SiteGenerator |
| OWASP Bricks |
http://sourceforge.net/projects/owaspbricks/ |
| OWASP Security Shepherd |
https://www.owasp.org/index.php/OWASP_Security_Shepherd |
| PentesterLab |
https://pentesterlab.com/ |
| PHDays iBank CTF |
http://blog.phdays.com/2012/05/once-again-about-remote-banking.html |
| SecuriBench |
http://suif.stanford.edu/~livshits/securibench/ |
| SentinelTestbed |
https://github.com/dobin/SentinelTestbed |
| SocketToMe |
http://digi.ninja/projects/sockettome.php |
| sqli-labs |
https://github.com/Audi-1/sqli-labs |
| MCIR (Magical Code Injection Rainbow) |
https://github.com/SpiderLabs/MCIR |
| sqlilabs |
https://github.com/himadriganguly/sqlilabs |
| VulnApp |
http://www.nth-dimension.org.uk/blog.php?id=88 |
| PuzzleMall |
http://code.google.com/p/puzzlemall/ |
| WackoPicko |
https://github.com/adamdoupe/WackoPicko |
| WAED |
http://www.waed.info |
| WebGoat.NET |
https://github.com/jerryhoff/WebGoat.NET/ |
| WebSecurity Dojo |
http://www.mavensecurity.com/web_security_dojo/ |
| XVWA |
https://github.com/s4n7h0/xvwa |
| Zap WAVE |
http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip |
| Vulnerable Operating System Installations |
| 21LTR |
http://21ltr.com/scenes/ |
| Damn Vulnerable Linux |
http://sourceforge.net/projects/virtualhacking/files/os/dvl/ |
| exploit-exercises - nebula, protostar, fusion |
http://exploit-exercises.com/download |
| heorot: DE-ICE, hackerdemia |
http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia - http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso |
| Holynix |
http://sourceforge.net/projects/holynix/files/ |
| Kioptrix |
http://www.kioptrix.com/blog/ |
| LAMPSecurity |
http://sourceforge.net/projects/lampsecurity/ |
| Metasploitable |
http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/ |
| neutronstar |
http://neutronstar.org/goatselinux.html |
| PenTest Laboratory |
http://pentestlab.org/lab-in-a-box/ |
| Pentester Lab |
https://www.pentesterlab.com/exercises |
| pWnOS |
http://www.pwnos.com/ |
| RebootUser Vulnix |
http://www.rebootuser.com/?page_id=1041 |
| SecGame # 1: Sauron |
http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html |
| scriptjunkie.us |
http://www.scriptjunkie.us/2012/04/the-hacker-games/ |
| UltimateLAMP |
http://www.amanhardikar.com/mindmaps/practice-links.html |
| TurnKey Linux |
http://www.turnkeylinux.org/ |
| Bitnami |
https://bitnami.com/stacks |
| Elastic Server |
http://elasticserver.com |
| OS Boxes |
http://www.osboxes.org |
| VirtualBoxes |
http://virtualboxes.org/images/ |
| VirtualBox Virtual Appliances |
https://virtualboximages.com/ |
| CentOS |
http://www.centos.org/ |
| Default Windows Clients |
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
https://dev.windows.com/en-us/microsoft-edge/tools/vms/ |
| Default Windows Server |
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview |
| Default VMWare vSphere |
http://www.vmware.com/products/vsphere/ |
| Sites for Downloading Older Versions of Various Software |
| Exploit-DB |
http://www.exploit-db.com/ |
| Old Apps |
http://www.oldapps.com/ |
| Old Version |
http://www.oldversion.com/ |
| VirtualHacking Repo |
sourceforge.net/projects/virtualhacking/files/apps%40realworld/ |
| Sites by Vendors of Security Testing Software |
| Acunetix acuforum |
http://testasp.vulnweb.com/ |
| Acunetix acublog |
http://testaspnet.vulnweb.com/ |
| Acunetix acuart |
http://testphp.vulnweb.com/ |
| Cenzic crackmebank |
http://crackme.cenzic.com |
| HP freebank |
http://zero.webappsecurity.com |
| IBM altoromutual |
http://demo.testfire.net/ |
| Mavituna testsparker |
http://aspnet.testsparker.com |
| Mavituna testsparker |
http://php.testsparker.com |
| NTOSpider Test Site |
http://www.webscantest.com/ |
| Sites for Improving Your Hacking Skills |
| Embedded Security CTF |
https://microcorruption.com |
| EnigmaGroup |
http://www.enigmagroup.org/ |
| Escape |
http://escape.alf.nu/ |
| Google Gruyere |
http://google-gruyere.appspot.com/ |
| Gh0st Lab |
http://www.gh0st.net/ |
| Hack This Site |
http://www.hackthissite.org/ |
| HackThis |
http://www.hackthis.co.uk/ |
| HackQuest |
http://www.hackquest.com/ |
| Hack.me |
https://hack.me |
| Hacking-Lab |
https://www.hacking-lab.com |
| Hacker Challenge |
http://www.dareyourmind.net/ |
| Hacker Test |
http://www.hackertest.net/ |
| hACME Game |
http://www.hacmegame.org/ |
| Halls Of Valhalla |
http://halls-of-valhalla.org/beta/challenges |
| Hax.Tor |
http://hax.tor.hu/ |
| OverTheWire |
http://www.overthewire.org/wargames/ |
| PentestIT |
http://www.pentestit.ru/en/ |
| CSC Play on Demand |
https://pod.cybersecuritychallenge.org.uk/ |
| pwn0 |
https://pwn0.com/home.php |
| RootContest |
http://rootcontest.com/ |
| Root Me |
http://www.root-me.org/?lang=en |
| Security Treasure Hunt |
http://www.securitytreasurehunt.com/ |
| Smash The Stack |
http://www.smashthestack.org/ |
| SQLZoo |
http://sqlzoo.net/hack/ |
| TheBlackSheep and Erik |
http://www.bright-shadows.net/ |
| ThisIsLegal |
http://thisislegal.com/ |
| Try2Hack |
http://www.try2hack.nl/ |
| WabLab |
http://www.wablab.com/hackme |
| XSS: Can You XSS This? |
http://canyouxssthis.com/HTMLSanitizer/ |
| XSS Game |
https://xss-game.appspot.com/ |
| XSS: ProgPHP |
http://xss.progphp.com/ |
| CTF Sites / Archives |
| CAPTF Repo |
http://captf.com/ |
| CTFtime (Details of CTF Challenges) |
http://ctftime.org/ctfs/ |
| CTF write-ups repository |
https://github.com/ctfs |
| Reddit CTF Announcements |
http://www.reddit.com/r/securityctf |
| shell-storm Repo |
http://shell-storm.org/repo/CTF/ |
| VulnHub |
https://www.vulnhub.com |
| Mobile Apps |
| Damn Vulnerable Android App (DVAA) |
https://code.google.com/p/dvaa/ |
| Damn Vulnerable FirefoxOS Application (DVFA) |
https://github.com/pwnetrationguru/dvfa/ |
| Damn Vulnerable iOS App (DVIA) |
http://damnvulnerableiosapp.com/ |
| ExploitMe Mobile Android Labs |
http://securitycompass.github.io/AndroidLabs/ |
| ExploitMe Mobile iPhone Labs |
http://securitycompass.github.io/iPhoneLabs/ |
| Hacme Bank Android |
http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx |
| InsecureBank |
http://www.paladion.net/downloadapp.html |
| NcN Wargame |
http://noconname.org/evento/wargame/ |
| OWASP iGoat |
http://code.google.com/p/owasp-igoat/ |
| OWASP Goatdroid |
https://github.com/jackMannino/OWASP-GoatDroid-Project |
| Lab |
| binjitsu |
https://github.com/binjitsu/binjitsu |
| CTFd |
https://github.com/isislab/CTFd |
| Mellivora |
https://github.com/Nakiami/mellivora |
| NightShade |
https://github.com/UnrealAkama/NightShade |
| MCIR |
https://github.com/SpiderLabs/MCIR |
| Docker |
https://www.docker.com/ |
| Vagrant |
https://www.vagrantup.com/ |
| NETinVM |
http://informatica.uv.es/~carlos/docencia/netinvm/ |
| SmartOS |
https://smartos.org/ |
| SmartDataCenter |
https://github.com/joyent/sdc |
| vSphere Hypervisor |
https://www.vmware.com/products/vsphere-hypervisor/ |
| GNS3 |
http://sourceforge.net/projects/gns-3/ |
| OCCP |
https://opencyberchallenge.net/ |
| XAMPP |
https://www.apachefriends.org/index.html |
| Miscellaneous |
| VulnVPN |
http://www.rebootuser.com/?page_id=1041 |
| VulnVoIP |
http://www.rebootuser.com/?page_id=1041 |
| Vulnserver |
http://www.thegreycorner.com/2010/12/introducing-vulnserver.html |
| NETinVM |
http://informatica.uv.es/~carlos/docencia/netinvm/ |
| DVRF |
https://github.com/praetorian-inc/DVRF |
| HackSys Extreme Vulnerable Driver |
http://www.payatu.com/hacksys-extreme-vulnerable-driver/ |
| VirtuaPlant |
https://github.com/jseidl/virtuaplant |
| Fosscomm |
https://github.com/nikosdano/fosscomm |
| Morning Catch |
http://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/ |
| AWBO |
https://labs.snort.org/awbo/awbo.html
|
