|[$natch competition](http://blog.phdays.com/2012/05/once-again-about-remote-banking.html)|Remote banking system containing common vulnerabilities.|
74
73
|[Arizona Cyber Warfare Range](http://azcwr.org/)|The ranges offer an excellent platform for you to learn computer network attack (CNA), computer network defense (CND), and digital forensics (DF). You can play any of these roles.|
75
74
|[BodgeIt Store](https://github.com/psiinon/bodgeit)|The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.|
76
75
|[bWAPP](http://www.itsecgames.com/)|buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.|
skipped 1 lines
78
77
|[Commix testbed](https://github.com/commixproject/commix-testbed)|A collection of web pages, vulnerable to command injection flaws.|
79
78
|[CryptOMG](https://github.com/SpiderLabs/CryptOMG)|CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.|
80
79
|[Cyber Security Base](https://cybersecuritybase.github.io/)|Cyber Security Base is a page with free courses by the University of Helsinki in collaboration with F-Secure.|
81
-
|[Cybersecuritychallenge UK](https://pod.cybersecuritychallenge.org.uk/)|Cyber Security Challenge UK runs a series of competitions designed to test your cyber security skills.|
80
+
|[Cybersecuritychallenge UK](https://cybersecuritychallenge.org.uk/)|Cyber Security Challenge UK runs a series of competitions designed to test your cyber security skills.|
82
81
|[CyberTraining 365](https://www.cybertraining365.com/cybertraining/FreeClasses)|Cybertraining365 has paid material but also offers free classes. The link is directed at the free classes.|
83
82
|[Cybrary.it](https://www.cybrary.it/)|Free and Open Source Cyber Security Learning.|
84
83
|[Damn Small Vulnerable Web](https://github.com/stamparm/DSVW)|Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes. It supports the majority of (most popular) web application vulnerabilities together with appropriate attacks.|
skipped 4 lines
89
88
|[Damn Vulnerable Router Firmware](https://github.com/praetorian-inc/DVRF)|The goal of this project is to simulate a real-world environment to help people learn about other CPU architectures outside of the x86_64 space. This project will also help people get into discovering new things about hardware.|
90
89
|[Damn Vulnerable Stateful Web App](https://github.com/silentsignal/damn-vulnerable-stateful-web-app)|Short and simple vulnerable PHP web application that naïve scanners found to be perfectly safe.|
91
90
|[Damn Vulnerable Thick Client App](https://github.com/secvulture/dvta)|DVTA is a Vulnerable Thick Client Application developed in C# .NET with many vulnerabilities.|
92
-
|[Damn Vulnerable Web App](http://www.dvwa.co.uk/)|Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goalsare to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment.|
91
+
|[Damn Vulnerable Web App](https://github.com/digininja/DVWA/)|Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goalis to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and toaid bothstudents&teachers to learnabout web application security in a controlledclassroom environment.|
93
92
|[Damn Vulnerable Web Services](https://github.com/snoopysecurity/dvws)|Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real-world web service vulnerabilities.|
94
93
|[Damn Vulnerable Web Sockets](https://github.com/interference-security/DVWS)|Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.|
95
94
|[Damnvulnerable.me](https://github.com/skepticfx/damnvulnerable.me)|A deliberately vulnerable modern-day app with lots of DOM-related bugs.|
|[DIVA Android](https://github.com/payatu/diva-android)|Damn Insecure and vulnerable App for Android.|
98
-
|[EnigmaGroup](https://www.enigmagroup.org/)|Safe security resource, trains in exploits listed in the OWASP Top 10 Project and teach members the many other types of exploits that are found in today's applications.|
99
97
|[ENISA Training Material](https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material)|The European Union Agency for Network and Information Security (ENISA) Cyber Security Training. You will find training materials, handbooks for teachers, toolsets for students and Virtual Images to support hands-on training sessions.|
100
98
|[exploit.co.il Vulnerable Web App](https://sourceforge.net/projects/exploitcoilvuln/?source=recommended)|exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques.|
101
99
|[Exploit-exercises.com](https://exploit-exercises.com/)|exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.|
skipped 3 lines
105
103
|[Gh0stlab](http://www.gh0st.net/?p=19)|A security research network where like-minded individuals could work together towards the common goal of knowledge.|
106
104
|[GoatseLinux](http://neutronstar.org/goatselinux.html)|GSL is a Vmware image you can run for penetration testing purposes.|
107
105
|[Google Gruyere](http://google-gruyere.appspot.com/)|Labs that cover how an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). Also, you can find labs how to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.|
108
-
|[Gracefully Vulnerable Virtual Machine](https://www.gracefulsecurity.com/vulnvm/)|Graceful’s VulnVM is VM web app designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications.|
106
+
|[Gracefully Vulnerable Virtual Machine](https://www.vulnhub.com/entry/seattle-v03,145/)|Graceful’s VulnVM is VM web app designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications.|
109
107
|[Hack The Box](https://www.hackthebox.eu/)|Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. In order to join you should solve an entry-level challenge.|
110
108
|[Hack This Site](https://www.hackthissite.org/)|More than just another hacker wargames site, Hack This Site is a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything.|
111
109
|[Hack Yourself First](https://hackyourselffirst.troyhunt.com/)|This course is designed to help web developers on all frameworks identify risks in their own websites before attackers do and it uses this site extensively to demonstrate risks.|
skipped 3 lines
115
113
|[Hackertest.net](http://www.hackertest.net/)|HackerTest.net is your own online hacker simulation with 20 levels.|
116
114
|[Hacking-Lab](https://www.hacking-lab.com/Remote_Sec_Lab/)|Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the European Cyber Security Challenge with Austria, Germany, Switzerland, UK, Spain, Romania and provides free OWASP TOP 10 online security labs.|
117
115
|[Hacksplaining](https://www.hacksplaining.com/)|This is a place to learn basics of system, network and web-app/website hacking. These are easy to deal and are both theoretical and practical labs activities, for beginners and intermediate users.|
118
-
|[HackSys Extreme Vulnerable Driver](http://payatu.com/hacksys-extreme-vulnerable-driver/)|HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.|
116
+
|[HackSys Extreme Vulnerable Driver](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver/)|HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.|
119
117
|[HackThis!!](https://www.hackthis.co.uk/)|Test your skills with 50+ hacking levels, covering all aspects of security.|
120
118
|[Hackxor](http://hackxor.sourceforge.net/cgi-bin/index.pl)|Hackxor is a web app hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc.|
121
119
|[Halls of Valhalla](http://halls-of-valhalla.org/beta/challenges)|Challenges you can solve. Valhalla is a place for sharing knowledge and ideas. Users can submit code, as well as science, technology, and engineering-oriented news and articles.|
skipped 1 lines
123
121
|[Hellbound Hackers](https://www.hellboundhackers.org/)|Learn a hands-on approach to computer security. Learn how hackers break in, and how to keep them out.|
124
122
|[Holynix](https://sourceforge.net/projects/holynix/files/)|Holynix is a Linux VMware image that was deliberately built to have security holes for the purposes of penetration testing.|
125
123
|[HSCTF3](http://hsctf.com/)|HSCTF is an international online hacking competition designed to educate high schoolers in computer science.|
126
-
|[Information Assurance Support Environment (IASE)](http://iase.disa.mil/eta/Pages/index.aspx)|Great site with Cybersecurity Awareness Training, Cybersecurity Training for IT Managers, Cybersecurity Training for Cybersecurity Professionals, Cybersecurity Technical Training, NetOps Training, Cyber Law Awareness, and FSO Tools Training available online.|
127
-
|[InfoSec Institute](http://resources.infosecinstitute.com/free-cissp-training-study-guide/)|Free CISSP Training course.|
128
-
|[ISC2 Center for Cyber Safety and Education](https://safeandsecureonline.org/)|Site to empower students, teachers, and whole communities to secure their online life through cyber security education and awareness with the Safe and Secure Online educational program; information security scholarships; and industry and consumer research.|
124
+
|[Information Assurance Support Environment (IASE)](https://public.cyber.mil/cyber-training/training-catalog/?_training_types=3-training-student-self-paced)|Great site with Cybersecurity Awareness Training, Cybersecurity Training for IT Managers, Cybersecurity Training for Cybersecurity Professionals, Cybersecurity Technical Training, NetOps Training, Cyber Law Awareness, and FSO Tools Training available online.|
129
125
|[Java Vulnerable Lab](https://github.com/CSPF-Founder/JavaVulnerableLab)|Vulnerable Java based Web Application.|
130
126
|[Juice Shop](https://github.com/bkimminich/juice-shop)|OWASP Juice Shop is an intentionally insecure web app for security training written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.|
131
127
|[LAMPSecurity Training](https://sourceforge.net/projects/lampsecurity/)|LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach Linux,apache,PHP,MySQL security.|
132
128
|[Magical Code Injection Rainbow](https://github.com/SpiderLabs/MCIR)|The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.|
133
-
|[McAfee HacMe Sites](http://www.mcafee.com/us/downloads/free-tools/index.aspx)|Search the page for HacMe and you'll find a suite of learning tools.|
|[Metasploitable 3](https://github.com/rapid7/metasploitable3)|Metasploitable3 is a VM that is built from the ground up with a large number of security vulnerabilities.|
136
131
|[Microcorruption CTF](https://microcorruption.com/login)|Challenge: given a debugger and a device, find an input that unlocks it. Solve the level with that input.|
skipped 8 lines
145
140
|[OWASP iGoat](https://www.owasp.org/index.php/OWASP_iGoat_Project)|iGoat is a learning tool for iOS developers (iPhone, iPad, etc.).|
146
141
|[OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae/)|OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.|
147
142
|[OWASP Security Shepherd](https://www.owasp.org/index.php/OWASP_Security_Shepherd)|The OWASP Security Shepherd project is a web and mobile application security training platform.|
148
-
|[OWASP SiteGenerator](https://www.owasp.org/index.php/Owasp_SiteGenerator)|OWASP SiteGenerator allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) covering .Net languages and web development architectures (for example, navigation: Html, Javascript, Flash, Java, etc...).|
149
-
|[Pentest.Training](https://pentest.training/)|Pentest.Training offers a fully functioning penetration testing lab which is ever increasing in size, complexity and diversity. The lab has a fully functioning Windows domain with various Windows OS's. There is also a selection of Boot2Root Linux machines to practice your CTF and escalation techniques and finally, pre-built web application training machines.|
143
+
|[OWASP SiteGenerator](https://en.freedownloadmanager.org/Windows-PC/OWASP-Site-Generator-FREE.html)|OWASP SiteGenerator allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) covering .Net languages and web development architectures (for example, navigation: Html, Javascript, Flash, Java, etc...).|
150
144
|[Pentesterlab](https://pentesterlab.com/exercises/from_sqli_to_shell)|This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.|
151
145
|[Pentestit.ru](https://lab.pentestit.ru/)|Pentestit.ru has free labs that emulate real IT infrastructures. It is created for practicing legal pen testing and improving penetration testing skills. OpenVPN is required to connect to the labs.|
152
146
|[Peruggia](https://sourceforge.net/projects/peruggia/)|Peruggia is designed as a safe, legal environment to learn about and try common attacks on web applications. Peruggia looks similar to an image gallery but contains several controlled vulnerabilities to practice on.|
skipped 1 lines
154
148
|[Professor Messer](http://www.professormesser.com/)|Good free training video's, not only on Security but on CompTIA A+, Network and Microsoft related as well.|
155
149
|[Puzzlemall](https://code.google.com/archive/p/puzzlemall/)|PuzzleMall - A vulnerable web application for practicing session puzzling.|
156
150
|[Pwnable.kr](http://pwnable.kr/)|'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn't be your only purpose.|
157
-
|[Pwnos](http://www.pwnos.com/)|PwnOS is a vulnerable by design OS .. and there are many ways you can hack it.|
151
+
|[Pwnos](https://www.vulnhub.com/entry/pwnos-20-pre-release,34/)|PwnOS is a vulnerable by design OS .. and there are many ways you can hack it.|
158
152
|[Reversing.kr](http://reversing.kr)|This site tests your ability to Cracking & Reverse Code Engineering.|
159
153
|[Ringzero](https://ringzer0team.com/challenges)|Challenges you can solve and gain points.|
160
-
|[Risk3Sixty](http://www.risk3sixty.com/free-information-security-training/)|Free Information Security training video, an information security examination and the exam answer key.|
161
154
|[Root Me](https://www.root-me.org/)|Hundreds of challenges and virtual environments. Each challenge can be associated with a multitude of solutions so you can learn.|
162
155
|[Roppers Academy Training](https://www.hoppersroppers.org/training.html)|Free courses on computing and security fundamentals designed to train a beginner to crush their first CTF.|
|[SANS Cyber Aces](http://www.cyberaces.org/courses/)|SANS Cyber Aces Online makes available, free and online, selected courses from the professional development curriculum offered by The SANS Institute, the global leader in cyber security training.|
166
159
|[Scene One](https://www.vulnhub.com/entry/21ltr-scene-1,3/)|Scene One is a pen testing scenario liveCD made for a bit of fun and learning.|
167
-
|[SEED Labs](http://www.cis.syr.edu/~wedu/seed/all_labs.html)|The SEED project has labs on Software, Network, Web, Mobile and System security and Cryptography labs.|
160
+
|[SEED Labs](https://seedsecuritylabs.org/)|The SEED project has labs on Software, Network, Web, Mobile and System security and Cryptography labs.|
168
161
|[SentinelTestbed](https://github.com/dobin/SentinelTestbed)|Vulnerable website. Used to test sentinel features.|
|[SlaveHack](http://www.slavehack.com/)|My personal favorite: Slavehack is a virtual hack simulation game. Great for starters, I've seen kids in elementary school playing this!|
skipped 3 lines
174
167
|[SQLI labs](https://github.com/Audi-1/sqli-labs)|SQLI labs to test error based, Blind boolean based, Time based.|
175
168
|[Sqlilabs](https://github.com/himadriganguly/sqlilabs)|Lab set-up for learning SQL Injection Techniques.|
176
169
|[SQLzoo](http://sqlzoo.net/hack/)|Try your Hacking skills against this test system. It takes you through the exploit step-by-step.|
177
-
|[Stanford SecuriBench](https://suif.stanford.edu/~livshits/securibench/)|Stanford SecuriBench is a set of open source real-life programs to be used as a testing ground for static and dynamic security tools. Release .91a focuses on Web-based applications written in Java.|
170
+
|[Stanford SecuriBench / Securibench Micro](https://github.com/too4words/securibench-micro/)|Stanford SecuriBench / Securibench Micro is a series of small test cases designed to excercise different parts of a static security analyzer. Each test case in Securibench Micro comes with an answer, which simplifies the comparison process.|
178
171
|[The ButterFly - Security Project](https://sourceforge.net/projects/thebutterflytmp/?source=navbar)|The ButterFly project is an educational environment intended to give an insight into common web application and PHP vulnerabilities. The environment also includes examples demonstrating how such vulnerabilities are mitigated.|
179
172
|[ThisIsLegal](http://www.thisislegal.com/)|A hacker wargames site but also with much more.|
180
-
|[Try2Hack](http://www.try2hack.nl/)|Try2hack provides several security-oriented challenges for your entertainment. The challenges are diverse and get progressively harder.|
173
+
|[Try2Hack](https://www.try2hack.lt/en/)|Try2hack provides several security-oriented challenges for your entertainment. The challenges are diverse and get progressively harder.|
181
174
|[TryHackMe](https://tryhackme.com)|TryHackMe is an online platform that teaches Cybersecurity through hands-on virtual labs. Whether you are an expert or beginner, learn through a virtual room structure to understand theoretical and practical security elements.|
182
175
|[UltimateLAMP](http://www.amanhardikar.com/mindmaps/practice-links.html)|UltimateLAMP is a fully functional environment allowing you to easily try and evaluate a number of LAMP stack software products without requiring any specific setup or configuration of these products.|
183
-
|[Vicnum](http://vicnum.ciphertechs.com/)|Vicnum is an OWASP project consisting of vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross-site scripting, SQL injections, and session management issues.|
176
+
|[Vicnum](https://owasp.org/www-project-vicnum/migrated_content/)|Vicnum is an OWASP project consisting of vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross-site scripting, SQL injections, and session management issues.|
184
177
|[Vulnhub](https://www.vulnhub.com/)|An extensive collection of vulnerable VMs with user-created solutions.|
185
178
|[Vulnix](https://www.rebootuser.com/?page_id=1041)|A vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions.|
186
179
|[Vulnserver](http://www.thegreycorner.com/2010/12/introducing-vulnserver.html)|Windows-based threaded TCP server application that is designed to be exploited.|
187
180
|[W3Challs](https://w3challs.com)|W3Challs is a penetration testing training platform, which offers various computer challenges, in categories related to security|
188
181
|[WackoPicko](https://github.com/adamdoupe/WackoPicko)|WackoPicko is a vulnerable web application used to test web application vulnerability scanners.|
189
-
|[Web Attack and Exploitation Distro](http://www.waed.info/)|WAED is pre-configured with various real-world vulnerable web applications in a sandboxed environment. It includes pen testing tools as well.|
182
+
|[Web Attack and Exploitation Distro](https://www.youtube.com/watch?v=EBaFeuFlqyw/)|WAED is pre-configured with various real-world vulnerable web applications in a sandboxed environment. It includes pen testing tools as well.|
190
183
|[Web Security Dojo](https://sourceforge.net/projects/websecuritydojo/)|Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security.|
191
184
|[WebGoat](https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)|WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat.|
192
185
|[Wechall](http://www.wechall.net/)|Focussed on offering computer-related problems. You will find Cryptographic, Crackit, Steganography, Programming, Logic and Math/Science. The difficulty of these challenges varies as well.|
Joe Shenouda
committed
with
GitHub
1 year ago
1 parent 710dbac1