Pentesting Vulnerable Study Frameworks Complete List

May 10, 2011 5:10 pm26 commentsViews: 4460
  • CevherShare

It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.

As the beginner knows nearly nothing it became very difficult to prepare a Home Pentesting Lab for study, once that beginners has to know something about coding a vulnerable application fisrt, then exploit them.

Thinking about that i’ve decided to gather a list, the most complete I could, with all vulnerable pentesting tools I could find. They are categorized based on the type of application like Web Pentesting, War Games and Insecure Distributions. Due to the amount of tools I won’t be doing any previews because it would delay this post a lot and make it a little boring to read. I’m gonna review every tool with complete labs later on in future posts.

As I don’t know every pentesting tool in the planet, feel free to contact me if you remember any application, in fact I would much appreciate it. And I apologize if I miscategorized some of them, feel free to tell me when I’ve done that so i can correct that.

Note that this post intends to show only vulnerable applications used to be exploited, not the tools used to exploit them.


Web Pentesting

Application Name Company/Developer URL
OWASP InsecureWebApp OWASP
Web Security DOJO Maven Security Consulting
Gruyere (antigo Codelab / Jalsberg) Google
Hacme Game NTNU
SPI Dynamics SPI Dynamics
Acunetix 1 Acunetix
Acunetix 2 Acunetix
Acunetix 3 Acunetix
PCTechtips Challenge PC Tech Tips
Damn Vulnerable Web Application DVWA
Mutillidae Iron Geek
The Butterfly Security Project The Butterfly Security
Hacme Casino McAfee
Hacme Bank 2.0 McAfee
Updated HackmeBank McAfee
Hacme Books McAfee
Hacme Travel McAfee
Hacme Shipping McAfee
Moth Bonsai Sec
Stanford SecuriBench Standford
SecuriBench Micro Standford
BadStore BadStore
WebMaven/Buggy Bank Maven Security
EnigmaGroup Enigma Group
XSS Encoding Skills – x5s (Casaba Watcher) X5S
Exploit- DB Exploit DB
The Bodgeit Store The Bodgeit Store
LampSecurity MadIrish
hackxor Hackxor
WackoPicko WackoPicko
RSnake’s Vulnerability Lab RSnake


War Games

Application Name Company / Developer URL
Hell Bound Hackers Hell Bound Hackers
Vulnerability Assessment Kevin Orrey
Smash the Stack Smash the Stack
Over the Wire Over the Wire
Hack This Site Hack This Site
Hacking Lab Hacking Lab
We Chall We Chall
REMnux REMnux


Insecure Distributions

Application Name Company / Developer URL
Damm Vulnerable Linux DVL
Metasploitable Offensive Security
de-ICE Hacker Junkie
Moth Bonsai Security Software
PwnOS Niel Dickson
Holynix Pynstrom


Have fun !!!


Source: (Language: [flag code="br" size="16" text="no"]) Licença Creative Commons


Share |


Leave a Reply