Pentesting Vulnerable Study Frameworks Complete List
It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.
As the beginner knows nearly nothing it became very difficult to prepare a Home Pentesting Lab for study, once that beginners has to know something about coding a vulnerable application fisrt, then exploit them.
Thinking about that i’ve decided to gather a list, the most complete I could, with all vulnerable pentesting tools I could find. They are categorized based on the type of application like Web Pentesting, War Games and Insecure Distributions. Due to the amount of tools I won’t be doing any previews because it would delay this post a lot and make it a little boring to read. I’m gonna review every tool with complete labs later on in future posts.
As I don’t know every pentesting tool in the planet, feel free to contact me if you remember any application, in fact I would much appreciate it. And I apologize if I miscategorized some of them, feel free to tell me when I’ve done that so i can correct that.
Note that this post intends to show only vulnerable applications used to be exploited, not the tools used to exploit them.
Web Pentesting
War Games
| Application Name | Company / Developer | URL |
| Hell Bound Hackers | Hell Bound Hackers | http://hellboundhackers.org/ |
| Vulnerability Assessment | Kevin Orrey | http://www.vulnerabilityassessment.co.uk/ |
| Smash the Stack | Smash the Stack | http://www.smashthestack.org/ |
| Over the Wire | Over the Wire | http://www.overthewire.org/wargames/ |
| Hack This Site | Hack This Site | http://www.hackthissite.org/ |
| Hacking Lab | Hacking Lab | https://www.hacking-lab.com/ |
| We Chall | We Chall | https://www.wechall.net/ |
| REMnux | REMnux | http://zeltser.com/remnux/ |
Insecure Distributions
| Application Name | Company / Developer | URL |
| Damm Vulnerable Linux | DVL | http://www.damnvulnerablelinux.org/ |
| Metasploitable | Offensive Security | http://blog.metasploit.com/2010/05/introducing-metasploitable.html |
| de-ICE | Hacker Junkie | http://www.de-ice.net/ |
| Moth | Bonsai Security Software | http://www.bonsai-sec.com/en/research/moth.php |
| PwnOS | Niel Dickson | http://www.neildickson.com/os/ |
| Holynix | Pynstrom | http://pynstrom.net/holynix.php |
Have fun !!!
Source: FelipeMartins.info (Language: ) 
Author: admin
7:58 pm
Felipe,
I thik you did an excellent job with this complete list I will use it like reference to my co-workers.
Thanks for your time.
2:59 pm
Great compilation, Thank You.
Oscar
4:59 pm
Thanks for this Felipe, I agree with the others!
5:46 pm
Thanks everyone, i’m gonna try to keep it updated whenever possible !!!
8:42 am
Excellent page, my compliments.
May I suggest the following:
REMnux: A Linux Distribution for Reverse-Engineering Malware http://zeltser.com/remnux/
Buster Sandbox Analyzer http://bsa.isoftware.nl/
4:28 pm
Hi Felipe,
This will help me, because I will have to give a course in 2012 about an introduction to forensic.
Thank’s!
4:53 pm
Posted on exploits-brasil list by gustavofranco.com:
http://www.gustavofranco.com/wp/?p=394
I think it’s useful to complement yours Insecure Distros list
5:13 pm
@Odilo Jr.
Odilo, I liked your list very much, thanks for your comment, I’m gonna update the list with the ones you’ve sent me.
Thank you again.
9:26 am
I stumbled onto your list of vulnerable apps and noticed that the link to the Foundstone hacme apps is broken. The proper link is http://www.mcafee.com/us/downloads/free-tools/index.aspx . The tools are located under Foundstone SASS Tools. Also, I noticed that hackthissite.org was missing… It’s a good resource and you might drop it in the list.
12:44 pm
Hi Felipe,
Great list
Minor point – the BodgeIt Store is hosted on Google code, but its nothing to do with Google the company.
So the blame has to lie with me I’m afraid
Many thanks,
Psiinon
5:28 pm
@Jean-Paul
Hi Jean, thanks for the hint, i’ve updated the list with REMnux,
Thanks again.
5:29 pm
@Dominique Berube
I’m glad I can help you on that. If you want some more help just drop me a line. There are plenty of Forensic tools you can found very usefull at McAfee Website at http://www.mcafee.com/us/downloads/free-tools/index.aspx.
Thanks again
5:37 pm
@Pat
Pat, thank you very much for that, i haven’t realized the link was wrong. I’ve corrected that, thanks again.
4:41 pm
A good list – thank you.
I got started with Whittaker’s CANNED HEAT and HALODECK LITE – I don’t know if they are still available.
http://www.woodsmall.com/books.htm#CANNEDHEAT
4:38 am
Hi Felip,
Thanks for this great list.
12:22 am
muito bom. Hackthissite is one of my favorites. Informative, fun and challenging
http://www.cryptool.org/ for those intested in crytpo
2:06 am
badstore.net is not loading
8:02 am
hi
Felipe Martins
This frame work can be added to the list http://www.getmantra.com
3:10 pm
xSpider from http://www.ptsecurity.com/,
If you’ll do review, could be nice to know ( some of them I know) : Is FREE or Commercial ? License cost. Short description of what tool can do
Which complainces this tool covered (PCI, NSA etc…) ,
And , I’m thinking that you should include BackTrack distributive.
8:12 pm
Há o skipfish no site da Google.
http://code.google.com/p/skipfish/
6:41 pm
@Luiz
Oi Luiz
A lista trata apenas de ferramentas são inseguras para serem invadidas, ou seja, ferramentas inseguras par serem utilizadas como laboratório de invasão, e não de ferramentas para procurar as vulnerabilidades. Num futuro próximo farei um post sobre esse outro tipo de ferramentas.
O Skipfish é uma ferramenta de reconhecimento de vulnerabilidades para aplicações web.
Abraço
12:16 pm
Hi~ Felipe.
The list will be helpful for my teaching~
Tahnk you Felipe~ ^^
7:35 pm
You’re welcome, tell me if you need anything about the list!
Thank you again.
11:40 pm
Great! it’s useful . thanks Felipe
1:07 am
thanks
1:16 pm
Watch a short video about Top 10 vulnerable applications on your network:
http://rocketviews.com/watch?416aO901fuUagic