100+ Hacking Sites Legally to Practice Your InfoSec Skills

They say the best defense is a good offense – and it’s no different in the InfoSec world. Use these list to practice your hacking skills so you can be the best defender you can – whether you’re a developer, security manager, auditor or pen-tester. Always remember: Practice makes perfect!

Don’t miss: Create Your Own Web Penetration Testing Lab in Kali Linux

Don’t miss: Practice your Hacking Skills By Participating in CTFs Challenges

What other sites have you used to practice on? Let us know below!

Vulnerable Web Applications
BadStore	http://www.badstore.net/
BodgeIt Store	http://code.google.com/p/bodgeit/
Butterfly Security Project	http://thebutterflytmp.sourceforge.net/
bWAPP	http://www.mmeit.be/bwapp/ http://sourceforge.net/projects/bwapp/files/bee-box/
Commix	https://github.com/stasinopoulos/commix-testbed
CryptOMG	https://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA)	https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA)	http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS)	http://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challenge	https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web App	http://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bank	http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books	http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino	http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping	http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel	http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOver	http://sourceforge.net/projects/null-gameover/
hackxor	http://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazon	https://github.com/rapid7/hackazon
LAMPSecurity	http://sourceforge.net/projects/lampsecurity/
Moth	http://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2	http://sourceforge.net/projects/mutillidae/
OWASP BWA	http://code.google.com/p/owaspbwa/
OWASP Hackademic	http://hackademic1.teilar.gr/
OWASP SiteGenerator	https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks	http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd	https://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLab	https://pentesterlab.com/
PHDays iBank CTF	http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBench	http://suif.stanford.edu/~livshits/securibench/
SentinelTestbed	https://github.com/dobin/SentinelTestbed
SocketToMe	http://digi.ninja/projects/sockettome.php
sqli-labs	https://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow)	https://github.com/SpiderLabs/MCIR
sqlilabs	https://github.com/himadriganguly/sqlilabs
VulnApp	http://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMall	http://code.google.com/p/puzzlemall/
WackoPicko	https://github.com/adamdoupe/WackoPicko
WAED	http://www.waed.info
WebGoat.NET	https://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojo	http://www.mavensecurity.com/web_security_dojo/
XVWA	https://github.com/s4n7h0/xvwa
Zap WAVE	http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
Vulnerable Operating System Installations
21LTR	http://21ltr.com/scenes/
Damn Vulnerable Linux	http://sourceforge.net/projects/virtualhacking/files/os/dvl/
exploit-exercises – nebula, protostar, fusion	http://exploit-exercises.com/download
heorot: DE-ICE, hackerdemia	http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso hackerdemia – http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
Holynix	http://sourceforge.net/projects/holynix/files/
Kioptrix	http://www.kioptrix.com/blog/
LAMPSecurity	http://sourceforge.net/projects/lampsecurity/
Metasploitable	http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
neutronstar	http://neutronstar.org/goatselinux.html
PenTest Laboratory	http://pentestlab.org/lab-in-a-box/
Pentester Lab	https://www.pentesterlab.com/exercises
pWnOS	http://www.pwnos.com/
RebootUser Vulnix	http://www.rebootuser.com/?page_id=1041
SecGame # 1: Sauron	http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
scriptjunkie.us	http://www.scriptjunkie.us/2012/04/the-hacker-games/
UltimateLAMP	http://www.amanhardikar.com/mindmaps/practice-links.html
TurnKey Linux	http://www.turnkeylinux.org/
Bitnami	https://bitnami.com/stacks
Elastic Server	http://elasticserver.com
OS Boxes	http://www.osboxes.org
VirtualBoxes	http://virtualboxes.org/images/
VirtualBox Virtual Appliances	https://virtualboximages.com/
CentOS	http://www.centos.org/
Default Windows Clients	https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise https://dev.windows.com/en-us/microsoft-edge/tools/vms/
Default Windows Server	https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
Default VMWare vSphere	http://www.vmware.com/products/vsphere/
Sites for Downloading Older Versions of Various Software
Exploit-DB	http://www.exploit-db.com/
Old Apps	http://www.oldapps.com/
Old Version	http://www.oldversion.com/
VirtualHacking Repo	sourceforge.net/projects/virtualhacking/files/apps%40realworld/
Sites by Vendors of Security Testing Software
Acunetix acuforum	http://testasp.vulnweb.com/
Acunetix acublog	http://testaspnet.vulnweb.com/
Acunetix acuart	http://testphp.vulnweb.com/
Cenzic crackmebank	http://crackme.cenzic.com
HP freebank	http://zero.webappsecurity.com
IBM altoromutual	http://demo.testfire.net/
Mavituna testsparker	http://aspnet.testsparker.com
Mavituna testsparker	http://php.testsparker.com
NTOSpider Test Site	http://www.webscantest.com/
Sites for Improving Your Hacking Skills
Embedded Security CTF	https://microcorruption.com
EnigmaGroup	http://www.enigmagroup.org/
Escape	http://escape.alf.nu/
Google Gruyere	http://google-gruyere.appspot.com/
Gh0st Lab	http://www.gh0st.net/
Hack This Site	http://www.hackthissite.org/
HackThis	http://www.hackthis.co.uk/
HackQuest	http://www.hackquest.com/
Hack.me	https://hack.me
Hacking-Lab	https://www.hacking-lab.com
Hacker Challenge	http://www.dareyourmind.net/
Hacker Test	http://www.hackertest.net/
hACME Game	http://www.hacmegame.org/
Halls Of Valhalla	http://halls-of-valhalla.org/beta/challenges
Hax.Tor	http://hax.tor.hu/
OverTheWire	http://www.overthewire.org/wargames/
PentestIT	http://www.pentestit.ru/en/
CSC Play on Demand	https://pod.cybersecuritychallenge.org.uk/
pwn0	https://pwn0.com/home.php
RootContest	http://rootcontest.com/
Root Me	http://www.root-me.org/?lang=en
Security Treasure Hunt	http://www.securitytreasurehunt.com/
Smash The Stack	http://www.smashthestack.org/
SQLZoo	http://sqlzoo.net/hack/
TheBlackSheep and Erik	http://www.bright-shadows.net/
ThisIsLegal	http://thisislegal.com/
Try2Hack	http://www.try2hack.nl/
WabLab	http://www.wablab.com/hackme
XSS: Can You XSS This?	http://canyouxssthis.com/HTMLSanitizer/
XSS Game	https://xss-game.appspot.com/
XSS: ProgPHP	http://xss.progphp.com/
CTF Sites / Archives
CAPTF Repo	http://captf.com/
CTFtime (Details of CTF Challenges)	http://ctftime.org/ctfs/
CTF write-ups repository	https://github.com/ctfs
Reddit CTF Announcements	http://www.reddit.com/r/securityctf
shell-storm Repo	http://shell-storm.org/repo/CTF/
VulnHub	https://www.vulnhub.com
Mobile Apps
Damn Vulnerable Android App (DVAA)	https://code.google.com/p/dvaa/
Damn Vulnerable FirefoxOS Application (DVFA)	https://github.com/pwnetrationguru/dvfa/
Damn Vulnerable iOS App (DVIA)	http://damnvulnerableiosapp.com/
ExploitMe Mobile Android Labs	http://securitycompass.github.io/AndroidLabs/
ExploitMe Mobile iPhone Labs	http://securitycompass.github.io/iPhoneLabs/
Hacme Bank Android	http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank	http://www.paladion.net/downloadapp.html
NcN Wargame	http://noconname.org/evento/wargame/
OWASP iGoat	http://code.google.com/p/owasp-igoat/
OWASP Goatdroid	https://github.com/jackMannino/OWASP-GoatDroid-Project
Lab
binjitsu	https://github.com/binjitsu/binjitsu
CTFd	https://github.com/isislab/CTFd
Mellivora	https://github.com/Nakiami/mellivora
NightShade	https://github.com/UnrealAkama/NightShade
MCIR	https://github.com/SpiderLabs/MCIR
Docker	https://www.docker.com/
Vagrant	https://www.vagrantup.com/
NETinVM	http://informatica.uv.es/~carlos/docencia/netinvm/
SmartOS	https://smartos.org/
SmartDataCenter	https://github.com/joyent/sdc
vSphere Hypervisor	https://www.vmware.com/products/vsphere-hypervisor/
GNS3	http://sourceforge.net/projects/gns-3/
OCCP	https://opencyberchallenge.net/
XAMPP	https://www.apachefriends.org/index.html
Miscellaneous
VulnVPN	http://www.rebootuser.com/?page_id=1041
VulnVoIP	http://www.rebootuser.com/?page_id=1041
Vulnserver	http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
NETinVM	http://informatica.uv.es/~carlos/docencia/netinvm/
DVRF	https://github.com/praetorian-inc/DVRF
HackSys Extreme Vulnerable Driver	http://www.payatu.com/hacksys-extreme-vulnerable-driver/
VirtuaPlant	https://github.com/jseidl/virtuaplant
Fosscomm	https://github.com/nikosdano/fosscomm
Morning Catch	http://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
AWBO	https://labs.snort.org/awbo/awbo.html

Noor QureshiJune 15, 2017

2,830

Get the best stories straight into your inbox!

How To Remotely Install Keylogger on your Girlfriends Computer?

How To Set ASCII Text Art In Kali Linux Terminal Header

Leave a Reply Cancel reply