DOE AGORA Qualquer valor

LABORATÓRIO DE PRÁTICAS DE ENSAIO DE PENETRAÇÃO - APLICATIVOS / SISTEMAS VULNERÁVEIS

LABORATÓRIO DE PRÁTICAS DE ENSAIO DE PENETRAÇÃO - APLICATIVOS / SISTEMAS VULNERÁVEIS

Para instruções de impressão, consulte a página principal de mapas mentais .
Formatos disponíveis: imagem e URLs     Apenas imagem Apenas     URLs




A tabela a seguir fornece os URLs de todos os aplicativos vulneráveis ​​da Web, instalações de sistema operacional, sites antigos de software e jogos de guerra. As URLs para aplicativos individuais que fazem parte de outras entidades de coleção não foram fornecidas, pois não é necessário fazer o download de cada uma delas e configurá-las manualmente, se já estiverem disponíveis em um estado configurado. Para tecnologias usadas em cada aplicativo da web, consulte o mapa mental acima.

Aplicativos da Web vulneráveis
BadStorehttp://www.badstore.net/
BodgeIt Storehttp://code.google.com/p/bodgeit/
Projeto de segurança da borboletahttp://thebutterflytmp.sourceforge.net/
bWAPPhttp://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
Commixhttps://github.com/stasinopoulos/commix-testbed
CryptOMGhttps://github.com/SpiderLabs/CryptOMG
Aplicativo de nó vulnerável (DVNA)https://github.com/quantumfoam/DVNA/
Maldito aplicativo da Web vulnerável (DVWA)http://www.dvwa.co.uk/
Serviços Web Vulneráveis ​​(DVWS)http://dvws.professionallyevil.com/
Bêbado Admin Web Hacking Challengehttps://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Explorar o aplicativo da Web vulnerável da KBhttp://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bankhttp://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Bookshttp://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casinohttp://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shippinghttp://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Viagem para Foundstone Hackmehttp://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Fim de jogohttp://sourceforge.net/projects/null-gameover/
hackxorhttp://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazonhttps://github.com/rapid7/hackazon
LAMPSecurityhttp://sourceforge.net/projects/lampsecurity/
Traçahttp://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2http://sourceforge.net/projects/mutillidae/
OWASP BWAhttp://code.google.com/p/owaspbwa/
OWASP Hackademichttp://hackademic1.teilar.gr/
OWASP SiteGeneratorhttps://www.owasp.org/index.php/Owasp_SiteGenerator
Tijolos OWASPhttp://sourceforge.net/projects/owaspbricks/
Pastor de Segurança da OWASPhttps://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLabhttps://pentesterlab.com/
PHDays iBank CTFhttp://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBenchhttp://suif.stanford.edu/~livshits/securibench/
SentinelTestbedhttps://github.com/dobin/SentinelTestbed
SocketToMehttp://digi.ninja/projects/sockettome.php
sqli-labshttps://github.com/Audi-1/sqli-labs
MCIR (arco-íris de injeção de código mágico)https://github.com/SpiderLabs/MCIR
sqlilabshttps://github.com/himadriganguly/sqlilabs
VulnApphttp://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMallhttp://code.google.com/p/puzzlemall/
WackoPickohttps://github.com/adamdoupe/WackoPicko
WAEDhttp://www.waed.info
WebGoat.NEThttps://github.com/jerryhoff/WebGoat.NET/
Dojo do WebSecurityhttp://www.mavensecurity.com/web_security_dojo/
XVWAhttps://github.com/s4n7h0/xvwa
Zap WAVEhttp://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
Instalações vulneráveis ​​do sistema operacional
21LTRhttp://21ltr.com/scenes/
Maldito Linux vulnerávelhttp://sourceforge.net/projects/virtualhacking/files/os/dvl/
exercícios de exploração - nebulosa, protostar, fusãohttp://exploit-exercises.com/download
heorot: DE-ICE, hackerdemiahttp://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
http://hackingdojo.com/downloads/iso/ De-ICE_S1.120.iso
http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia - http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
Holynixhttp://sourceforge.net/projects/holynix/files/
Kioptrixhttp://www.kioptrix.com/blog/
LAMPSecurityhttp://sourceforge.net/projects/lampsecurity/
Metaploitablehttp://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
Estrêla de Neutrónshttp://neutronstar.org/goatselinux.html
PenTest Laboratoryhttp://pentestlab.org/lab-in-a-box/
Pentester Labhttps://www.pentesterlab.com/exercises
pWnOShttp://www.pwnos.com/
RebootUser Vulnixhttp://www.rebootuser.com/?page_id=1041
Segundo jogo: Sauronhttp://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
scriptjunkie.ushttp://www.scriptjunkie.us/2012/04/the-hacker-games/
UltimateLAMPhttp://www.amanhardikar.com/mindmaps/practice-links.html
TurnKey Linuxhttp://www.turnkeylinux.org/
Bitnamihttps://bitnami.com/stacks
Servidor Elásticohttp://elasticserver.com
Caixas de SOhttp://www.osboxes.org
VirtualBoxeshttp://virtualboxes.org/images/
VirtualBox Virtual Applianceshttps://virtualboximages.com/
CentOShttp://www.centos.org/
Clientes Windows padrãohttps://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
https://dev.windows.com/en-us/microsoft-edge/tools/vms/
Servidor Windows padrãohttps://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
VMWare vSphere padrãohttp://www.vmware.com/products/vsphere/
Sites para baixar versões mais antigas de vários softwares
Exploit-DBhttp://www.exploit-db.com/
Aplicativos antigoshttp://www.oldapps.com/
Versão antigahttp://www.oldversion.com/
VirtualHacking Reposourceforge.net/projects/virtualhacking/files/apps%40realworld/
Sites de fornecedores de software de teste de segurança
Acunetix acuforumhttp://testasp.vulnweb.com/
Acunetix acubloghttp://testaspnet.vulnweb.com/
Acunetix acuarthttp://testphp.vulnweb.com/
Crackmebank cênicohttp://crackme.cenzic.com
HP freebankhttp://zero.webappsecurity.com
IBM altoromutualhttp://demo.testfire.net/
Mavituna testsparkerhttp://aspnet.testsparker.com
Mavituna testsparkerhttp://php.testsparker.com
Site de teste do NTOSpiderhttp://www.webscantest.com/
Sites para melhorar suas habilidades de hackers
CTF de segurança incorporadahttps://microcorruption.com
EnigmaGrouphttp://www.enigmagroup.org/
Fugahttp://escape.alf.nu/
Google Gruyerehttp://google-gruyere.appspot.com/
Gh0st Labhttp://www.gh0st.net/
Hackear este sitehttp://www.hackthissite.org/
HackThishttp://www.hackthis.co.uk/
HackQuesthttp://www.hackquest.com/
Hack.mehttps://hack.me
Hacking-Labhttps://www.hacking-lab.com
Desafio Hackerhttp://www.dareyourmind.net/
Teste de hackershttp://www.hackertest.net/
Jogo hACMEhttp://www.hacmegame.org/
Halls Of Valhallahttp://halls-of-valhalla.org/beta/challenges
Hax.Torhttp://hax.tor.hu/
OverTheWirehttp://www.overthewire.org/wargames/
PentestIThttp://www.pentestit.ru/en/
CSC Play on Demandhttps://pod.cybersecuritychallenge.org.uk/
pwn0https://pwn0.com/home.php
RootContesthttp://rootcontest.com/
Root Mehttp://www.root-me.org/?lang=en
Caça ao tesouro de segurançahttp://www.securitytreasurehunt.com/
Smash The Stackhttp://www.smashthestack.org/
SQLZoohttp://sqlzoo.net/hack/
TheBlackSheep e Erikhttp://www.bright-shadows.net/
ThisIsLegalhttp://thisislegal.com/
Try2Hackhttp://www.try2hack.nl/
WabLabhttp://www.wablab.com/hackme
XSS: você pode XSS isso?http://canyouxssthis.com/HTMLSanitizer/
XSS Gamehttps://xss-game.appspot.com/
XSS: ProgPHPhttp://xss.progphp.com/
Sites / Arquivos da CTF
Repositório CAPTFhttp://captf.com/
CTFtime (detalhes dos desafios do CTF)http://ctftime.org/ctfs/
Repositório de registros do CTFhttps://github.com/ctfs
Anúncios do Reddit CTFhttp://www.reddit.com/r/securityctf
Repohttp://shell-storm.org/repo/CTF/
VulnHubhttps://www.vulnhub.com
Aplicativos móveis
Maldito aplicativo Android vulnerável (DVAA)https://code.google.com/p/dvaa/
Maldito aplicativo FirefoxOS vulnerável (DVFA)https://github.com/pwnetrationguru/dvfa/
Maldito aplicativo iOS vulnerável (DVIA)http://damnvulnerableiosapp.com/
ExploitMe Mobile Android Labshttp://securitycompass.github.io/AndroidLabs/
Laboratórios para iPhone do ExploitMe Mobilehttp://securitycompass.github.io/iPhoneLabs/
Hacme Bank Androidhttp://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBankhttp://www.paladion.net/downloadapp.html
NcN Wargamehttp://noconname.org/evento/wargame/
OWASP iGoathttp://code.google.com/p/owasp-igoat/
OWASP Goatdroidhttps://github.com/jackMannino/OWASP-GoatDroid-Project
Lab
binjitsuhttps://github.com/binjitsu/binjitsu
CTFdhttps://github.com/isislab/CTFd
Mellivorahttps://github.com/Nakiami/mellivora
NightShadehttps://github.com/UnrealAkama/NightShade
MCIRhttps://github.com/SpiderLabs/MCIR
Dockerhttps://www.docker.com/
Vagabundohttps://www.vagrantup.com/
NETinVMhttp://informatica.uv.es/~carlos/docencia/netinvm/
SmartOShttps://smartos.org/
SmartDataCenterhttps://github.com/joyent/sdc
Hypervisor do vSpherehttps://www.vmware.com/products/vsphere-hypervisor/
GNS3http://sourceforge.net/projects/gns-3/
OCCPhttps://opencyberchallenge.net/
XAMPPhttps://www.apachefriends.org/index.html
Diversos
VulnVPNhttp://www.rebootuser.com/?page_id=1041
VulnVoIPhttp://www.rebootuser.com/?page_id=1041
Vulnserverhttp://www.thegreycorner.com/2010/12/introducing-vulnserver.html
NETinVMhttp://informatica.uv.es/~carlos/docencia/netinvm/
DVRFhttps://github.com/praetorian-inc/DVRF
Driver Vulnerável ao HackSys Extremehttp://www.payatu.com/hacksys-extreme-vulnerable-driver/
VirtuaPlanthttps://github.com/jseidl/virtuaplant
Fosscommhttps://github.com/nikosdano/fosscomm
Captura da manhãhttp://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
AWBOhttps://labs.snort.org/awbo/awbo.html

Existem outros sites de jogos de guerra também. Os sites cujo objetivo principal é invadir e disponibilizar gratuitamente a todos estão na lista acima. O restante dos sites concentra-se principalmente em quebra de software, lógica / quebra-cabeças e, portanto, não está incluído na lista de hackers.
Mais mapas mentais e modelos na seção MindMaps em http://www.amanhardikar.com/mindmaps.html

Comentários

Ebook

Postagens mais visitadas