It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.
As the beginner knows nearly nothing it became very difficult to prepare a Home Pentesting Lab for study, once that beginners has to know something about coding a vulnerable application fisrt, then exploit them.
Thinking about that i’ve decided to gather a list, the most complete I could, with all vulnerable pentesting tools I could find. They are categorized based on the type of application like Web Pentesting, War Games and Insecure Distributions. Due to the amount of tools I won’t be doing any previews because it would delay this post a lot and make it a little boring to read. I’m gonna review every tool with complete labs later on in future posts.
As I don’t know every pentesting tool in the planet, feel free to contact me if you remember any application, in fact I would much appreciate it. And I apologize if I miscategorized some of them, feel free to tell me when I’ve done that so i can correct that.
Note that this post intends to show only vulnerable applications used to be exploited, not the tools used to exploit them.
Web Pentesting
War Games
Application Name | Company / Developer | URL |
Hell Bound Hackers | Hell Bound Hackers | http://hellboundhackers.org/ |
Vulnerability Assessment | Kevin Orrey | http://www.vulnerabilityassessment.co.uk/ |
Smash the Stack | Smash the Stack | http://www.smashthestack.org/ |
Over the Wire | Over the Wire | http://www.overthewire.org/wargames/ |
Hack This Site | Hack This Site | http://www.hackthissite.org/ |
Hacking Lab | Hacking Lab | https://www.hacking-lab.com/ |
We Chall | We Chall | https://www.wechall.net/ |
REMnux | REMnux | http://zeltser.com/remnux/ |
Insecure Distributions
Application Name | Company / Developer | URL |
Damm Vulnerable Linux | DVL | http://www.damnvulnerablelinux.org/ |
Metasploitable | Offensive Security | http://blog.metasploit.com/2010/05/introducing-metasploitable.html |
de-ICE | Hacker Junkie | http://www.de-ice.net/ |
Moth | Bonsai Security Software | http://www.bonsai-sec.com/en/research/moth.php |
PwnOS | Niel Dickson | http://www.neildickson.com/os/ |
Holynix | Pynstrom | http://pynstrom.net/holynix.php |
Reference:http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/