Bhat Aasim Hackers Field
Home
Contact Us
About Us
Become Hacker
PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
Want to Learn Hacking, please refer the
Hacking Website
.
Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state.
Vulnerable Web Applications
BadStore
https://www.badstore.net/
BodgeIt Store
https://code.google.com/p/bodgeit/
Butterfly Security Project
https://thebutterflytmp.sourceforge.net/
bWAPP
https://www.mmeit.be/bwapp/
https://sourceforge.net/projects/bwapp/files/bee-box/
Commix
https://github.com/stasinopoulos/commix-testbed
CryptOMG
https://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA)
https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA)
https://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS)
https://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challenge
https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web App
https://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bank
https://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books
https://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino
https://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping
https://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel
https://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOver
https://sourceforge.net/projects/null-gameover/
hackxor
https://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazon
https://github.com/rapid7/hackazon
LAMPSecurity
https://sourceforge.net/projects/lampsecurity/
Moth
https://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2
https://sourceforge.net/projects/mutillidae/
OWASP BWA
https://code.google.com/p/owaspbwa/
OWASP Hackademic
https://hackademic1.teilar.gr/
OWASP SiteGenerator
https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks
https://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd
https://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLab
https://pentesterlab.com/
PHDays iBank CTF
https://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBench
https://suif.stanford.edu/~livshits/securibench/
SentinelTestbed
https://github.com/dobin/SentinelTestbed
SocketToMe
https://digi.ninja/projects/sockettome.php
sqli-labs
https://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow)
https://github.com/SpiderLabs/MCIR
sqlilabs
https://github.com/himadriganguly/sqlilabs
VulnApp
https://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMall
https://code.google.com/p/puzzlemall/
WackoPicko
https://github.com/adamdoupe/WackoPicko
WAED
https://www.waed.info
WebGoat.NET
https://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojo
https://www.mavensecurity.com/web_security_dojo/
XVWA
https://github.com/s4n7h0/xvwa
Zap WAVE
https://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
Vulnerable Operating System Installations
21LTR
https://21ltr.com/scenes/
Damn Vulnerable Linux
https://sourceforge.net/projects/virtualhacking/files/os/dvl/
exploit-exercises - nebula, protostar, fusion
https://exploit-exercises.com/download
heorot: DE-ICE, hackerdemia
https://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
https://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
https://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
https://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia - https://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
Holynix
https://sourceforge.net/projects/holynix/files/
Kioptrix
https://www.kioptrix.com/blog/
LAMPSecurity
https://sourceforge.net/projects/lampsecurity/
Metasploitable
https://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
neutronstar
https://neutronstar.org/goatselinux.html
PenTest Laboratory
https://pentestlab.org/lab-in-a-box/
Pentester Lab
https://www.pentesterlab.com/exercises
pWnOS
https://www.pwnos.com/
RebootUser Vulnix
https://www.rebootuser.com/?page_id=1041
SecGame # 1: Sauron
https://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
scriptjunkie.us
https://www.scriptjunkie.us/2012/04/the-hacker-games/
TurnKey Linux
https://www.turnkeylinux.org/
Bitnami
https://bitnami.com/stacks
Elastic Server
https://elasticserver.com
OS Boxes
https://www.osboxes.org
VirtualBoxes
https://virtualboxes.org/images/
VirtualBox Virtual Appliances
https://virtualboximages.com/
CentOS
https://www.centos.org/
Default Windows Clients
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
https://dev.windows.com/en-us/microsoft-edge/tools/vms/
Default Windows Server
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
Default VMWare vSphere
https://www.vmware.com/products/vsphere/
Sites for Downloading Older Versions of Various Software
Exploit-DB
https://www.exploit-db.com/
Old Apps
https://www.oldapps.com/
Old Version
https://www.oldversion.com/
VirtualHacking Repo
sourceforge.net/projects/virtualhacking/files/apps%40realworld/
Sites by Vendors of Security Testing Software
Acunetix acuforum
https://testasp.vulnweb.com/
Acunetix acublog
https://testaspnet.vulnweb.com/
Acunetix acuart
https://testphp.vulnweb.com/
Cenzic crackmebank
https://crackme.cenzic.com
HP freebank
https://zero.webappsecurity.com
IBM altoromutual
https://demo.testfire.net/
Mavituna testsparker
https://aspnet.testsparker.com
Mavituna testsparker
https://php.testsparker.com
NTOSpider Test Site
https://www.webscantest.com/
Sites for Improving Your Hacking Skills
Embedded Security CTF
https://microcorruption.com
EnigmaGroup
https://www.enigmagroup.org/
Escape
https://escape.alf.nu/
Google Gruyere
https://google-gruyere.appspot.com/
Gh0st Lab
https://www.gh0st.net/
Hack This Site
https://www.hackthissite.org/
HackThis
https://www.hackthis.co.uk/
HackQuest
https://www.hackquest.com/
Hack.me
https://hack.me
Hacking-Lab
https://www.hacking-lab.com
Hacker Challenge
https://www.dareyourmind.net/
Hacker Test
https://www.hackertest.net/
hACME Game
https://www.hacmegame.org/
Halls Of Valhalla
https://halls-of-valhalla.org/beta/challenges
Hax.Tor
https://hax.tor.hu/
OverTheWire
https://www.overthewire.org/wargames/
PentestIT
https://www.pentestit.ru/en/
CSC Play on Demand
https://pod.cybersecuritychallenge.org.uk/
pwn0
https://pwn0.com/home.php
RootContest
https://rootcontest.com/
Root Me
https://www.root-me.org/?lang=en
Security Treasure Hunt
https://www.securitytreasurehunt.com/
Smash The Stack
https://www.smashthestack.org/
SQLZoo
https://sqlzoo.net/hack/
TheBlackSheep and Erik
https://www.bright-shadows.net/
ThisIsLegal
https://thisislegal.com/
Try2Hack
https://www.try2hack.nl/
WabLab
https://www.wablab.com/hackme
XSS: Can You XSS This?
https://canyouxssthis.com/HTMLSanitizer/
XSS Game
https://xss-game.appspot.com/
XSS: ProgPHP
https://xss.progphp.com/
CTF Sites / Archives
CAPTF Repo
https://captf.com/
CTFtime (Details of CTF Challenges)
https://ctftime.org/ctfs/
CTF write-ups repository
https://github.com/ctfs
Reddit CTF Announcements
https://www.reddit.com/r/securityctf
shell-storm Repo
https://shell-storm.org/repo/CTF/
VulnHub
https://www.vulnhub.com
Mobile Apps
Damn Vulnerable Android App (DVAA)
https://code.google.com/p/dvaa/
Damn Vulnerable FirefoxOS Application (DVFA)
https://github.com/pwnetrationguru/dvfa/
Damn Vulnerable iOS App (DVIA)
https://damnvulnerableiosapp.com/
ExploitMe Mobile Android Labs
https://securitycompass.github.io/AndroidLabs/
ExploitMe Mobile iPhone Labs
https://securitycompass.github.io/iPhoneLabs/
Hacme Bank Android
https://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank
https://www.paladion.net/downloadapp.html
NcN Wargame
https://noconname.org/evento/wargame/
OWASP iGoat
https://code.google.com/p/owasp-igoat/
OWASP Goatdroid
https://github.com/jackMannino/OWASP-GoatDroid-Project
Lab
binjitsu
https://github.com/binjitsu/binjitsu
CTFd
https://github.com/isislab/CTFd
Mellivora
https://github.com/Nakiami/mellivora
NightShade
https://github.com/UnrealAkama/NightShade
MCIR
https://github.com/SpiderLabs/MCIR
Docker
https://www.docker.com/
Vagrant
https://www.vagrantup.com/
NETinVM
https://informatica.uv.es/~carlos/docencia/netinvm/
SmartOS
https://smartos.org/
SmartDataCenter
https://github.com/joyent/sdc
vSphere Hypervisor
https://www.vmware.com/products/vsphere-hypervisor/
GNS3
https://sourceforge.net/projects/gns-3/
OCCP
https://opencyberchallenge.net/
XAMPP
https://www.apachefriends.org/index.html
Miscellaneous
VulnVPN
https://www.rebootuser.com/?page_id=1041
VulnVoIP
https://www.rebootuser.com/?page_id=1041
Vulnserver
https://www.thegreycorner.com/2010/12/introducing-vulnserver.html
NETinVM
https://informatica.uv.es/~carlos/docencia/netinvm/
DVRF
https://github.com/praetorian-inc/DVRF
HackSys Extreme Vulnerable Driver
https://www.payatu.com/hacksys-extreme-vulnerable-driver/
VirtuaPlant
https://github.com/jseidl/virtuaplant
Fosscomm
https://github.com/nikosdano/fosscomm
Morning Catch
https://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
AWBO
https://labs.snort.org/awbo/awbo.html
There are other war games sites also. The sites whose core objective is hacking and available for free to all are in the above list. Rest of the sites focus mainly on software cracking, logic/puzzles and therefore not included in the hacking related list.
Want to Become a Hacker Then Visit
Hacking Website