PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
For printing instruction, please refer the . Available Formats:
Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.
There are other war games sites also. The sites whose core objective is hacking and available for free to all are in the above list. Rest of the sites focus mainly on software cracking, logic/puzzles and therefore not included in the hacking related list.
| Vulnerable Web Applications | |
| BadStore | |
| BodgeIt Store | |
| Butterfly Security Project | |
| bWAPP | |
| Commix | |
| CryptOMG | |
| Damn Vulnerable Node Application (DVNA) | |
| Damn Vulnerable Web App (DVWA) | |
| Damn Vulnerable Web Services (DVWS) | |
| Drunk Admin Web Hacking Challenge | |
| Exploit KB Vulnerable Web App | |
| Foundstone Hackme Bank | |
| Foundstone Hackme Books | |
| Foundstone Hackme Casino | |
| Foundstone Hackme Shipping | |
| Foundstone Hackme Travel | |
| GameOver | |
| hackxor | |
| Hackazon | |
| LAMPSecurity | |
| Moth | |
| NOWASP / Mutillidae 2 | |
| OWASP BWA | |
| OWASP Hackademic | |
| OWASP SiteGenerator | |
| OWASP Bricks | |
| OWASP Security Shepherd | |
| PentesterLab | |
| PHDays iBank CTF | |
| SecuriBench | |
| SentinelTestbed | |
| SocketToMe | |
| sqli-labs | |
| MCIR (Magical Code Injection Rainbow) | |
| sqlilabs | |
| VulnApp | |
| PuzzleMall | |
| WackoPicko | |
| WAED | |
| WebGoat.NET | |
| WebSecurity Dojo | |
| XVWA | |
| Zap WAVE | |
| Vulnerable Operating System Installations | |
| 21LTR | |
| Damn Vulnerable Linux | |
| exploit-exercises - nebula, protostar, fusion | |
| heorot: DE-ICE, hackerdemia | |
| Holynix | |
| Kioptrix | |
| LAMPSecurity | |
| Metasploitable | |
| neutronstar | |
| PenTest Laboratory | |
| Pentester Lab | |
| pWnOS | |
| RebootUser Vulnix | |
| SecGame # 1: Sauron | |
| scriptjunkie.us | |
| UltimateLAMP | |
| TurnKey Linux | |
| Bitnami | |
| Elastic Server | |
| OS Boxes | |
| VirtualBoxes | |
| VirtualBox Virtual Appliances | |
| CentOS | |
| Default Windows Clients | |
| Default Windows Server | |
| Default VMWare vSphere | |
| Sites for Downloading Older Versions of Various Software | |
| Exploit-DB | |
| Old Apps | |
| Old Version | |
| VirtualHacking Repo | |
| Sites by Vendors of Security Testing Software | |
| Acunetix acuforum | |
| Acunetix acublog | |
| Acunetix acuart | |
| Cenzic crackmebank | |
| HP freebank | |
| IBM altoromutual | |
| Mavituna testsparker | |
| Mavituna testsparker | |
| NTOSpider Test Site | |
| Sites for Improving Your Hacking Skills | |
| Embedded Security CTF | |
| EnigmaGroup | |
| Escape | |
| Google Gruyere | |
| Gh0st Lab | |
| Hack This Site | |
| HackThis | |
| HackQuest | |
| Hack.me | |
| Hacking-Lab | |
| Hacker Challenge | |
| Hacker Test | |
| hACME Game | |
| Halls Of Valhalla | |
| Hax.Tor | |
| OverTheWire | |
| PentestIT | |
| CSC Play on Demand | |
| pwn0 | |
| RootContest | |
| Root Me | |
| Security Treasure Hunt | |
| Smash The Stack | |
| SQLZoo | |
| TheBlackSheep and Erik | |
| ThisIsLegal | |
| Try2Hack | |
| WabLab | |
| XSS: Can You XSS This? | |
| XSS Game | |
| XSS: ProgPHP | |
| CTF Sites / Archives | |
| CAPTF Repo | |
| CTFtime (Details of CTF Challenges) | |
| CTF write-ups repository | |
| Reddit CTF Announcements | |
| shell-storm Repo | |
| VulnHub | |
| Mobile Apps | |
| Damn Vulnerable Android App (DVAA) | |
| Damn Vulnerable FirefoxOS Application (DVFA) | |
| Damn Vulnerable iOS App (DVIA) | |
| ExploitMe Mobile Android Labs | |
| ExploitMe Mobile iPhone Labs | |
| Hacme Bank Android | |
| InsecureBank | |
| NcN Wargame | |
| OWASP iGoat | |
| OWASP Goatdroid | |
| Lab | |
| binjitsu | |
| CTFd | |
| Mellivora | |
| NightShade | |
| MCIR | |
| Docker | |
| Vagrant | |
| NETinVM | |
| SmartOS | |
| SmartDataCenter | |
| vSphere Hypervisor | |
| GNS3 | |
| OCCP | |
| XAMPP | |
| Miscellaneous | |
| VulnVPN | |
| VulnVoIP | |
| Vulnserver | |
| NETinVM | |
| DVRF | |
| HackSys Extreme Vulnerable Driver | |
| VirtuaPlant | |
| Fosscomm | |
| Morning Catch | |
| AWBO | |
More mindmaps and templates in the MindMaps section at
Follow:https://www.amanhardikar.com/mindmaps/Practice.html