Pentesting Vulnerable Study Frameworks Complete List

May 10, 2011 5:10 pm26 commentsViews: 3601
  • CevherShare

It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.

As the beginner knows nearly nothing it became very difficult to prepare a Home Pentesting Lab for study, once that beginners has to know something about coding a vulnerable application fisrt, then exploit them.

Thinking about that i’ve decided to gather a list, the most complete I could, with all vulnerable pentesting tools I could find. They are categorized based on the type of application like Web Pentesting, War Games and Insecure Distributions. Due to the amount of tools I won’t be doing any previews because it would delay this post a lot and make it a little boring to read. I’m gonna review every tool with complete labs later on in future posts.

As I don’t know every pentesting tool in the planet, feel free to contact me if you remember any application, in fact I would much appreciate it. And I apologize if I miscategorized some of them, feel free to tell me when I’ve done that so i can correct that.

Note that this post intends to show only vulnerable applications used to be exploited, not the tools used to exploit them.

 

Web Pentesting

Application Name Company/Developer URL
OWASP WebGoat OWASP http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP Vicnum OWASP http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
OWASP InsecureWebApp OWASP http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
Web Security DOJO Maven Security Consulting http://www.mavensecurity.com/web_security_dojo/
Gruyere (antigo Codelab / Jalsberg) Google http://google-gruyere.appspot.com/
Hacme Game NTNU http://hacmegame.org/
SPI Dynamics SPI Dynamics http://zero.webappsecurity.com/
Acunetix 1 Acunetix http://testphp.vulnweb.com/
Acunetix 2 Acunetix http://testasp.vulnweb.com/
Acunetix 3 Acunetix http://testaspnet.vulnweb.com/
PCTechtips Challenge PC Tech Tips http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
Damn Vulnerable Web Application DVWA http://dvwa.co.uk/
Mutillidae Iron Geek http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
The Butterfly Security Project The Butterfly Security http://sourceforge.net/projects/thebutterflytmp/
Hacme Casino McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Hacme Bank 2.0 McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Updated HackmeBank McAfee http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Hacme Books McAfee http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Hacme Travel McAfee http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Hacme Shipping McAfee http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Moth Bonsai Sec http://www.bonsai-sec.com/en/research/moth.php
Stanford SecuriBench Standford http://suif.stanford.edu/%7Elivshits/securibench/
SecuriBench Micro Standford http://suif.stanford.edu/%7Elivshits/work/securibench-micro/
BadStore BadStore http://www.badstore.net/
WebMaven/Buggy Bank Maven Security http://www.mavensecurity.com/webmaven
EnigmaGroup Enigma Group http://enigmagroup.org/
XSS Encoding Skills – x5s (Casaba Watcher) X5S http://www.nottrusted.com/x5s/
Exploit- DB Exploit DB http://www.exploit-db.com/webapps
The Bodgeit Store The Bodgeit Store http://code.google.com/p/bodgeit/
LampSecurity MadIrish http://sourceforge.net/projects/lampsecurity/
hackxor Hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
WackoPicko WackoPicko https://github.com/adamdoupe/WackoPicko
RSnake’s Vulnerability Lab RSnake http://ha.ckers.org/weird/

 

War Games

Application Name Company / Developer URL
Hell Bound Hackers Hell Bound Hackers http://hellboundhackers.org/
Vulnerability Assessment Kevin Orrey http://www.vulnerabilityassessment.co.uk/
Smash the Stack Smash the Stack http://www.smashthestack.org/
Over the Wire Over the Wire http://www.overthewire.org/wargames/
Hack This Site Hack This Site http://www.hackthissite.org/
Hacking Lab Hacking Lab https://www.hacking-lab.com/
We Chall We Chall https://www.wechall.net/
REMnux REMnux http://zeltser.com/remnux/

 

Insecure Distributions

Application Name Company / Developer URL
Damm Vulnerable Linux DVL http://www.damnvulnerablelinux.org/
Metasploitable Offensive Security http://blog.metasploit.com/2010/05/introducing-metasploitable.html
de-ICE Hacker Junkie http://www.de-ice.net/
Moth Bonsai Security Software http://www.bonsai-sec.com/en/research/moth.php
PwnOS Niel Dickson http://www.neildickson.com/os/
Holynix Pynstrom http://pynstrom.net/holynix.php

 

Have fun !!!

 

Source: FelipeMartins.info (Language: [flag code="br" size="16" text="no"]) Licença Creative Commons

 

Share |

 

http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx

26 Comments

Leave a Reply


*