渗透测试学习资源列表

Web Pentesting

Application Name	Company/Developer	URL
OWASP WebGoat	OWASP	http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP Vicnum	OWASP	http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
OWASP InsecureWebApp	OWASP	http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
Web Security DOJO	Maven Security Consulting	http://www.mavensecurity.com/web_security_dojo/
Gruyere (antigo Codelab / Jalsberg)	Google	http://google-gruyere.appspot.com/
Hacme Game	NTNU	http://hacmegame.org/
SPI Dynamics	SPI Dynamics	http://zero.webappsecurity.com/
Acunetix 1	Acunetix	http://testphp.vulnweb.com/
Acunetix 2	Acunetix	http://testasp.vulnweb.com/
Acunetix 3	Acunetix	http://testaspnet.vulnweb.com/
PCTechtips Challenge	PC Tech Tips	http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
Damn Vulnerable Web Application	DVWA	http://dvwa.co.uk/
Mutillidae	Iron Geek	http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
The Butterfly Security Project	The Butterfly Security	http://sourceforge.net/projects/thebutterflytmp/
Hacme Casino	McAfee	http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Hacme Bank 2.0	McAfee	http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Updated HackmeBank	McAfee	http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Hacme Books	McAfee	http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Hacme Travel	McAfee	http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Hacme Shipping	McAfee	http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Moth	Bonsai Sec	http://www.bonsai-sec.com/en/research/moth.php
Stanford SecuriBench	Standford	http://suif.stanford.edu/%7Elivshits/securibench/
SecuriBench Micro	Standford	http://suif.stanford.edu/%7Elivshits/work/securibench-micro/
BadStore	BadStore	http://www.badstore.net/
WebMaven/Buggy Bank	Maven Security	http://www.mavensecurity.com/webmaven
EnigmaGroup	Enigma Group	http://enigmagroup.org/
XSS Encoding Skills – x5s (Casaba Watcher)	X5S	http://www.nottrusted.com/x5s/
Exploit- DB	Exploit DB	http://www.exploit-db.com/webapps
The Bodgeit Store	The Bodgeit Store	http://code.google.com/p/bodgeit/
LampSecurity	MadIrish	http://sourceforge.net/projects/lampsecurity/
hackxor	Hackxor	http://hackxor.sourceforge.net/cgi-bin/index.pl
WackoPicko	WackoPicko	https://github.com/adamdoupe/WackoPicko
RSnake’s Vulnerability Lab	RSnake	http://ha.ckers.org/weird/

 

War Games

Application Name	Company / Developer	URL
Hell Bound Hackers	Hell Bound Hackers	http://hellboundhackers.org/
Vulnerability Assessment	Kevin Orrey	http://www.vulnerabilityassessment.co.uk/
Smash the Stack	Smash the Stack	http://www.smashthestack.org/
Over the Wire	Over the Wire	http://www.overthewire.org/wargames/
Hack This Site	Hack This Site	http://www.hackthissite.org/
Hacking Lab	Hacking Lab
We Chall	We Chall
REMnux	REMnux

 

Insecure Distributions

Application Name	Company / Developer	URL
Damm Vulnerable Linux	DVL	http://www.damnvulnerablelinux.org/
Metasploitable	Offensive Security	http://blog.metasploit.com/2010/05/introducing-metasploitable.html
de-ICE	Hacker Junkie	http://www.de-ice.net/
Moth	Bonsai Security Software	http://www.bonsai-sec.com/en/research/moth.php
PwnOS	Niel Dickson	http://www.neildickson.com/os/
Holynix	Pynstrom	http://pynstrom.net/holynix.php

转载： http://svc1r.blog.163.com/blog/static/19472107420111122115130971/