100+ Hacking Sites Legally to Practice Your InfoSec Skills

Don’t miss: Create Your Own Web Penetration Testing Lab in Kali Linux
Don’t miss: Practice your Hacking Skills By Participating in CTFs Challenges
Vulnerable Web Applications |
|
BadStore |
|
BodgeIt Store |
|
Butterfly Security Project |
|
bWAPP |
http://www.mmeit.be/bwapp/ |
Commix |
|
CryptOMG |
|
Damn Vulnerable Node Application (DVNA) |
|
Damn Vulnerable Web App (DVWA) |
|
Damn Vulnerable Web Services (DVWS) |
|
Drunk Admin Web Hacking Challenge |
https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/ |
Exploit KB Vulnerable Web App |
|
Foundstone Hackme Bank |
http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx |
Foundstone Hackme Books |
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx |
Foundstone Hackme Casino |
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx |
Foundstone Hackme Shipping |
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx |
Foundstone Hackme Travel |
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx |
GameOver |
|
hackxor |
|
Hackazon |
|
LAMPSecurity |
|
Moth |
|
NOWASP / Mutillidae 2 |
|
OWASP BWA |
|
OWASP Hackademic |
|
OWASP SiteGenerator |
|
OWASP Bricks |
|
OWASP Security Shepherd |
|
PentesterLab |
|
PHDays iBank CTF |
http://blog.phdays.com/2012/05/once-again-about-remote-banking.html |
SecuriBench |
|
SentinelTestbed |
|
SocketToMe |
|
sqli-labs |
|
MCIR (Magical Code Injection Rainbow) |
|
sqlilabs |
|
VulnApp |
|
PuzzleMall |
|
WackoPicko |
|
WAED |
|
WebGoat.NET |
|
WebSecurity Dojo |
|
XVWA |
|
Zap WAVE |
http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip |
Vulnerable Operating System Installations |
|
21LTR |
|
Damn Vulnerable Linux |
http://sourceforge.net/projects/virtualhacking/files/os/dvl/ |
exploit-exercises – nebula, protostar, fusion |
|
heorot: DE-ICE, hackerdemia |
http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso |
Holynix |
|
Kioptrix |
|
LAMPSecurity |
|
Metasploitable |
http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/ |
neutronstar |
|
PenTest Laboratory |
|
Pentester Lab |
|
pWnOS |
|
RebootUser Vulnix |
|
SecGame # 1: Sauron |
http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html |
scriptjunkie.us |
|
UltimateLAMP |
|
TurnKey Linux |
|
Bitnami |
|
Elastic Server |
|
OS Boxes |
|
VirtualBoxes |
|
VirtualBox Virtual Appliances |
|
CentOS |
|
Default Windows Clients |
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise |
Default Windows Server |
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview |
Default VMWare vSphere |
|
Sites for Downloading Older Versions of Various Software |
|
Exploit-DB |
|
Old Apps |
|
Old Version |
|
VirtualHacking Repo |
sourceforge.net/projects/virtualhacking/files/apps%40realworld/ |
Sites by Vendors of Security Testing Software |
|
Acunetix acuforum |
|
Acunetix acublog |
|
Acunetix acuart |
|
Cenzic crackmebank |
|
HP freebank |
|
IBM altoromutual |
|
Mavituna testsparker |
|
Mavituna testsparker |
|
NTOSpider Test Site |
|
Sites for Improving Your Hacking Skills |
|
Embedded Security CTF |
|
EnigmaGroup |
|
Escape |
|
Google Gruyere |
|
Gh0st Lab |
|
Hack This Site |
|
HackThis |
|
HackQuest |
|
Hack.me |
|
Hacking-Lab |
|
Hacker Challenge |
|
Hacker Test |
|
hACME Game |
|
Halls Of Valhalla |
|
Hax.Tor |
|
OverTheWire |
|
PentestIT |
|
CSC Play on Demand |
|
pwn0 |
|
RootContest |
|
Root Me |
|
Security Treasure Hunt |
|
Smash The Stack |
|
SQLZoo |
|
TheBlackSheep and Erik |
|
ThisIsLegal |
|
Try2Hack |
|
WabLab |
|
XSS: Can You XSS This? |
|
XSS Game |
|
XSS: ProgPHP |
|
CTF Sites / Archives |
|
CAPTF Repo |
|
CTFtime (Details of CTF Challenges) |
|
CTF write-ups repository |
|
Reddit CTF Announcements |
|
shell-storm Repo |
|
VulnHub |
|
Mobile Apps |
|
Damn Vulnerable Android App (DVAA) |
|
Damn Vulnerable FirefoxOS Application (DVFA) |
|
Damn Vulnerable iOS App (DVIA) |
|
ExploitMe Mobile Android Labs |
|
ExploitMe Mobile iPhone Labs |
|
Hacme Bank Android |
http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx |
InsecureBank |
|
NcN Wargame |
|
OWASP iGoat |
|
OWASP Goatdroid |
|
Lab |
|
binjitsu |
|
CTFd |
|
Mellivora |
|
NightShade |
|
MCIR |
|
Docker |
|
Vagrant |
|
NETinVM |
|
SmartOS |
|
SmartDataCenter |
|
vSphere Hypervisor |
|
GNS3 |
|
OCCP |
|
XAMPP |
|
Miscellaneous |
|
VulnVPN |
|
VulnVoIP |
|
Vulnserver |
http://www.thegreycorner.com/2010/12/introducing-vulnserver.html |
NETinVM |
|
DVRF |
|
HackSys Extreme Vulnerable Driver |
|
VirtuaPlant |
|
Fosscomm |
|
Morning Catch |
http://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/ |
AWBO |