🔭Hacking Labs

Web

Online/Live

Acunetix :

• TestASP (Forum - ASP)

• TestAspNet (Blog - .NET)

• VulnWeb

• Cenzic CrackMeBank

• Google Gruyere (Python)

• Hacking-Lab (eg. OWASP Top 10)

• Hack.me (beta)

• HackThisSite (HTS - Basic & Realistic (web) Missions)

• Hackxor online demo (algo/smurf)

• HP/SpiDynamics Free Bank Online (admin/admin)

• IBM/Watchfire AltoroMutual (jsmith/Demo1234)

• NTOSpider Web Scanner Test Site (testuser/testpass)

• OWASP Hackademic Challenges Project - Live (PHP - Joomla)

• Pentester Academy

Offline

The following list references downloadable vulnerable web applications to play with that can be installed on a standard operating system (Linux, Windows, Mac OS X, etc) using a standard web platform (Apache/PHP, Tomcat/Java, IIS/.NET, etc).

• The BodgeIt Store (Java)

• OWASP Bricks (PHP)

• The ButterFly Security Project (PHP)

• bWAPP - an extremely buggy web application! (PHP)

• Damn Vulnerable Web Application - DVWA (PHP)

• Damn Vulnerable Web Services - DVWS (PHP)

• OWASP Hackademic Challenges Project (PHP)

• Google Gruyere (Python)

• Hacme Bank (.NET)

• Hacme Books (Java)

• Hacme Casino (Ruby on Rails)

• Hacme Shipping (ColdFusion)

• Hacme Travel (C++)

• Mutillidae (PHP)

• OWASP .NET Goat (C#)

• Peruggia (PHP)

• Puzzlemall (Java)

• Stanford Securibench (Java) & Micro

• SQLI-labs (PHP)

• SQLol (PHP)

• OWASP Vicnum Project (Perl & PHP)

• VulnApp (.NET)

• WackoPicko (PHP)

• OWASP WebGoat (Java)

• OWASP ZAP WAVE - Web Application Vulnerability Examples (Java)

• Wavsep - Web Application Vulnerability Scanner Evaluation Project (Java)

• WIVET - Web Input Vector Extractor Teaser

Virtual Machines (VMs) or ISO images

• BadStore (ISO)

• Bee-Box (bWAPP VMware)

• OWASP BWA - Broken Web Applications Project (VMware - list)

• Drunk Admin Web Hacking Challenge (VMware)

• Exploit.co.il Vuln Web App (VMware)

• GameOver (VMware)

• Hackxor (VMware)

• Hacme Bank Prebuilt VM (VMware)

• Kioptrix4 (VMware & Hyper-V)

• LAMPSecurity (VMware)

• Metasploitable (VMware)

• Metasploitable 2 (VMware)

• Moth (VMware)

• PentesterLab - The Exercises (ISO & PDF)

• PHDays I-Bank (VMware)

• Samurai WTF (ISO - list)

• Sauron (Quemu) [Spanish]

• UltimateLAMP (VMware - list)

• Virtual Hacking Lab (ZIP)

• Web Security Dojo (VMware, VirtualBox - list)

iOS

• Oversecured Vulnerable iOS App

• Damn Vulnerable iOS App (DVIA)

• iGoat

Android

• DVAA

• DIVA Android

  • Walkthrough

• Android InsecureBank v2

• hpAndro Android AppSec (Kotlin)

• MSTG Hacking Playground

• InjuredAndroid

• AndroGoat

• OWASP Crackmes

• Sieve app

• Purposefully Insecure and Vulnerable Android Application(PIIVA)

• Damn Vulnerable Hybrid Mobile App (DVHMA)

• Damn Vulnerable Bank

IOT

• IOTGoat - OWASP