Following table gives the URLs of all the vulnerable web applications,operating system installations, old software and war games [hacking] sites. TheURLs for individual applications that are part of other collection entitieswere not given as it is not necessary to download each of them and manuallyconfigure them if they are already available in a configured state. Fortechnologies used in each web application, please refer to the mindmap above.
| Vulnerable Web Applications [64 unique web applications] | ||
| OWASP BWA | http://code.google.com/p/owaspbwa/ | |
| OWASP Hackademic | http://hackademic1.teilar.gr/ | |
| OWASP SiteGenerator | https://www.owasp.org/index.php/Owasp_SiteGenerator | |
| OWASP Bricks | http://sourceforge.net/projects/owaspbricks/ | |
| OWASP Security Shepherd | https://www.owasp.org/index.php/OWASP_Security_Shepherd | |
| WebGoat.NET | https://github.com/jerryhoff/WebGoat.NET/ | |
| PentesterLab | https://pentesterlab.com/ | |
| Butterfly Security Project | http://thebutterflytmp.sourceforge.net/ | |
| Foundstone Hackme Bank | http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx | |
| Foundstone Hackme Books | http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx | |
| Foundstone Hackme Casino | http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx | |
| Foundstone Hackme Shipping | http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx | |
| Foundstone Hackme Travel | http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx | |
| LAMPSecurity | http://sourceforge.net/projects/lampsecurity/ | |
| Moth | http://www.bonsai-sec.com/en/research/moth.php | |
| WackoPicko | https://github.com/adamdoupe/WackoPicko | |
| BadStore | http://www.badstore.net/ | |
| WebSecurity Dojo | http://www.mavensecurity.com/web_security_dojo/ | |
| BodgeIt Store | http://code.google.com/p/bodgeit/ | |
| hackxor | http://hackxor.sourceforge.net/cgi-bin/index.pl | |
| SecuriBench | http://suif.stanford.edu/~livshits/securibench/ | |
| SQLol | https://github.com/SpiderLabs/SQLol | |
| CryptOMG | https://github.com/SpiderLabs/CryptOMG | |
| XMLmao | https://github.com/SpiderLabs/XMLmao | |
| Exploit KB Vulnerable Web App | http://exploit.co.il/projects/vuln-web-app/ | |
| PHDays iBank CTF | http://blog.phdays.com/2012/05/once-again-about-remote-banking.html | |
| GameOver | http://sourceforge.net/projects/null-gameover/ | |
| Zap WAVE | http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip | |
| PuzzleMall | http://code.google.com/p/puzzlemall/ | |
| VulnApp | http://www.nth-dimension.org.uk/blog.php?id=88 | |
| sqli-labs | https://github.com/Audi-1/sqli-labs | |
| Drunk Admin Web Hacking Challenge | https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/ | |
| bWAPP | http://www.mmeit.be/bwapp/ | |
| Vulnerable Operating System Installations [36+ unique OS setups] | ||
| Damn Vulnerable Linux | http://sourceforge.net/projects/virtualhacking/files/os/dvl/ | |
| Metasploitable | http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/ | |
| LAMPSecurity | http://sourceforge.net/projects/lampsecurity/ | |
| UltimateLAMP | http://www.amanhardikar.com/mindmaps/practice-links.html | |
| De-ICE, hackerdemia | http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso hackerdemia - http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso | |
| pWnOS | http://www.pwnos.com/ | |
| Holynix | http://sourceforge.net/projects/holynix/files/ | |
| Kioptrix | http://www.kioptrix.com/blog/ | |
| exploit-exercises - nebula, protostar, fusion | http://exploit-exercises.com/download | |
| PenTest Laboratory | http://pentestlab.org/lab-in-a-box/ | |
| RebootUser Vulnix | http://www.rebootuser.com/?page_id=1041 | |
| neutronstar | http://neutronstar.org/goatselinux.html | |
| scriptjunkie.us | http://www.scriptjunkie.us/2012/04/the-hacker-games/ | |
| 21LTR | http://21ltr.com/scenes/ | |
| SecGame # 1: Sauron | http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html | |
| TurnKey Linux | http://www.turnkeylinux.org/ | |
| CentOS | http://www.centos.org/ | |
| Sites for Downloading Older Versions of Various Software [3 sources] | ||
| Old Apps | http://www.oldapps.com/ | |
| Old Version | http://www.oldversion.com/ | |
| Exploit-DB | http://www.exploit-db.com/ | |
| Sites by Vendors of Security Testing Software [9 unique sites] | ||
| Acunetix acuforum | http://testasp.vulnweb.com/ | |
| Acunetix acublog | http://testaspnet.vulnweb.com/ | |
| Acunetix acuart | http://testphp.vulnweb.com/ | |
| Cenzic crackmebank | http://crackme.cenzic.com | |
| HP freebank | http://zero.webappsecurity.com | |
| IBM altoromutual | http://demo.testfire.net/ | |
| Mavituna testsparker | http://aspnet.testsparker.com | |
| Mavituna testsparker | http://php.testsparker.com | |
| NTOSpider Test Site | http://www.webscantest.com/ | |
| Sites for Improving Your Hacking Skills [25 unique sites] | ||
| EnigmaGroup | http://www.enigmagroup.org/ | |
| Exploit Exercises | http://exploit-exercises.com/ | |
| Google Gruyere | http://google-gruyere.appspot.com/ | |
| Hack This Site | http://www.hackthissite.org/ | |
| HackThis | http://www.hackthis.co.uk/ | |
| HackQuest | http://www.hackquest.com/ | |
| Hack.me | https://hack.me | |
| Hacking-Lab | https://www.hacking-lab.com | |
| Hacker Challenge | http://www.dareyourmind.net/ | |
| Hacker Test | http://www.hackertest.net/ | |
| hACME Game | http://www.hacmegame.org/ | |
| Hax.Tor | http://hax.tor.hu/ | |
| OverTheWire | http://www.overthewire.org/wargames/ | |
| PentestIT | http://www.pentestit.ru/en/ | |
| pwn0 | https://pwn0.com/home.php | |
| RootContest | http://rootcontest.com/ | |
| Root Me | http://www.root-me.org/?312">Security Treasure Hunt | http://www.securitytreasurehunt.com/ |
| Smash The Stack | http://www.smashthestack.org/ | |
| TheBlackSheep and Erik | http://www.bright-shadows.net/ | |
| ThisIsLegal | http://thisislegal.com/ | |
| Try2Hack | http://www.try2hack.nl/ | |
| WabLab | http://www.wablab.com/hackme | |
| XSS: Can You XSS This? | http://canyouxssthis.com/HTMLSanitizer/ | |
| XSS: ProgPHP | http://xss.progphp.com/ | |
| CTF Sites / Archives [3 sites/repos] | ||
| CTFtime (Details of CTF Challenges) | http://ctftime.org/ctfs/ | |
| shell-storm Repo | http://shell-storm.org/repo/CTF/ | |
| CAPTF Repo | http://captf.com/ | |
| Miscellaneous [10 items] | ||
| ExploitMe Mobile Android Labs | http://securitycompass.github.io/AndroidLabs/ | |
| ExploitMe Mobile iPhone Labs | http://securitycompass.github.io/iPhoneLabs/ | |
| NcN Wargame | http://noconname.org/evento/wargame/ | |
| NETinVM | http://informatica.uv.es/~carlos/docencia/netinvm/ | |
| OWASP iGoat | http://code.google.com/p/owasp-igoat/ | |
| OWASP Goatdroid | https://github.com/jackMannino/OWASP-GoatDroid-Project | |
| Hacme Bank Android | http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx | |
| InsecureBank | http://www.paladion.net/downloadapp.html | |
| VulnVPN | http://www.rebootuser.com/?page_id=1041 | |
| VulnVoIP | http://www.rebootuser.com/?page_id=1041 |
There are other war games sites also. The sites whose core objective is hacking and available for free to all are in theabove list. Rest of the sites focus mainly on software cracking, logic/puzzles and therefore not included in the hacking related list.
原始链接:
http://www.amanhardikar.com/mindmaps/Practice.html
![Circuit Switching and Packet Switching Networks[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)