Laboratorios de pentesting

Laboratorios de pentesting

A continuación les compartimos una colección de aplicaciones web vulnerables para que puedan poner en práctica todo lo que aprendan relacionado al pentesting.

 

APLICACIONES WEB VULNERABLES
OWASP BWA http://code.google.com/p/owaspbwa/ 
OWASP Hackademic http://hackademic1.teilar.gr/ 
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/ 
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd 
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/ 
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/ 
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/ 
PentesterLab https://pentesterlab.com/ 
Butterfly Security Project http://thebutterflytmp.sourceforge.net/ 
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx 
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx 
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx 
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx 
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx 
LAMPSecurity http://sourceforge.net/projects/lampsecurity/ 
Moth http://www.bonsai-sec.com/en/research/moth.php 
WackoPicko https://github.com/adamdoupe/WackoPicko 
BadStore http://www.badstore.net/ 
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/ 
BodgeIt Store http://code.google.com/p/bodgeit/ 
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl 
SecuriBench http://suif.stanford.edu/~livshits/securibench/ 
SQLol https://github.com/SpiderLabs/SQLol 
CryptOMG https://github.com/SpiderLabs/CryptOMG 
XMLmao https://github.com/SpiderLabs/XMLmao 
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/ 
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html 
GameOver http://sourceforge.net/projects/null-gameover/ 
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip 
PuzzleMall http://code.google.com/p/puzzlemall/ 
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88 
sqli-labs https://github.com/Audi-1/sqli-labs 
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/ 
bWAPP http://www.mmeit.be/bwapp/ 
http://sourceforge.net/projects/bwapp/files/bee-box/
NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/ 
SocketToMe http://digi.ninja/projects/sockettome.php 
SISTEMAS OPERATIVOS VULNERABLES
Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/ 
Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/ 
LAMPSecurity http://sourceforge.net/projects/lampsecurity/ 
UltimateLAMP http://www.amanhardikar.com/mindmaps/practice-links.html 
heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso 
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia – http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso 
pWnOS http://www.pwnos.com/ 
Holynix http://sourceforge.net/projects/holynix/files/ 
Kioptrix http://www.kioptrix.com/blog/ 
exploit-exercises – nebula, protostar, fusion http://exploit-exercises.com/download 
PenTest Laboratory http://pentestlab.org/lab-in-a-box/ 
RebootUser Vulnix http://www.rebootuser.com/?page_id=1041 
neutronstar http://neutronstar.org/goatselinux.html 
scriptjunkie.us http://www.scriptjunkie.us/2012/04/the-hacker-games/ 
21LTR http://21ltr.com/scenes/ 
SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html 
Pentester Lab https://www.pentesterlab.com/exercises 
Vulnserver http://www.thegreycorner.com/2010/12/introducing-vulnserver.html 
TurnKey Linux http://www.turnkeylinux.org/ 
Bitnami https://bitnami.com/stacks 
Elastic Server http://elasticserver.com 
CentOS http://www.centos.org/ 
SITIOS PARA DESCARGAR APLICACIONES VIEJAS
Exploit-DB http://www.exploit-db.com/ 
Old Version http://www.oldversion.com/ 
Old Apps http://www.oldapps.com/ 
VirtualHacking Repo sourceforge.net/projects/virtualhacking/files/apps%40realworld/ 
SITIOS DE VENDEDORES DE SOFTWARE DE SEGURIDAD
Acunetix acuforum http://testasp.vulnweb.com/ 
Acunetix acublog http://testaspnet.vulnweb.com/ 
Acunetix acuart http://testphp.vulnweb.com/ 
Cenzic crackmebank http://crackme.cenzic.com 
HP freebank http://zero.webappsecurity.com 
IBM altoromutual http://demo.testfire.net/ 
Mavituna testsparker http://aspnet.testsparker.com 
Mavituna testsparker http://php.testsparker.com 
NTOSpider Test Site http://www.webscantest.com/ 
SITIOS PARA MEJORAR TUS HABILIDADES DE HACKER
EnigmaGroup http://www.enigmagroup.org/ 
Exploit Exercises http://exploit-exercises.com/ 
Google Gruyere http://google-gruyere.appspot.com/ 
Gh0st Lab http://www.gh0st.net/ 
Hack This Site http://www.hackthissite.org/ 
HackThis http://www.hackthis.co.uk/ 
HackQuest http://www.hackquest.com/ 
Hack.me https://hack.me 
Hacking-Lab https://www.hacking-lab.com 
Hacker Challenge http://www.dareyourmind.net/ 
Hacker Test http://www.hackertest.net/ 
hACME Game http://www.hacmegame.org/ 
Hax.Tor http://hax.tor.hu/ 
OverTheWire http://www.overthewire.org/wargames/ 
PentestIT http://www.pentestit.ru/en/ 
pwn0 https://pwn0.com/home.php 
RootContest http://rootcontest.com/ 
Root Me http://www.root-me.org/?lang=en 
Security Treasure Hunt http://www.securitytreasurehunt.com/ 
Smash The Stack http://www.smashthestack.org/ 
TheBlackSheep and Erik http://www.bright-shadows.net/ 
ThisIsLegal http://thisislegal.com/ 
Try2Hack http://www.try2hack.nl/ 
WabLab http://www.wablab.com/hackme 
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/ 
XSS: ProgPHP http://xss.progphp.com/ 
SITIOS DE “CAPTURA DE BANDERA” (CTF)
CTFtime (Details of CTF Challenges) http://ctftime.org/ctfs/ 
shell-storm Repo http://shell-storm.org/repo/CTF/ 
CAPTF Repo http://captf.com/ 
VulnHub https://www.vulnhub.com 
APLICACIONES MOBILES
ExploitMe Mobile Android Labs http://securitycompass.github.io/AndroidLabs/ 
ExploitMe Mobile iPhone Labs http://securitycompass.github.io/iPhoneLabs/ 
OWASP iGoat http://code.google.com/p/owasp-igoat/ 
OWASP Goatdroid https://github.com/jackMannino/OWASP-GoatDroid-Project 
Damn Vulnerable iOS App (DVIA) http://damnvulnerableiosapp.com/ 
Damn Vulnerable Android App (DVAA) https://code.google.com/p/dvaa/ 
Damn Vulnerable FirefoxOS Application (DVFA) https://github.com/pwnetrationguru/dvfa/ 
NcN Wargame http://noconname.org/evento/wargame/ 
Hacme Bank Android http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx 
InsecureBank http://www.paladion.net/downloadapp.html 
OTRAS
VulnVPN http://www.rebootuser.com/?page_id=1041 
VulnVoIP http://www.rebootuser.com/?page_id=1041 
NETinVM http://informatica.uv.es/~carlos/docencia/netinvm/ 
GNS3 http://sourceforge.net/projects/gns-3/ 
XAMPP https://www.apachefriends.org/index.html 

Ya no hay excusas para no practicar!

Posts Relacionados

Comments

comments

Written By

ANTRAX

Leave a Reply

1 comment

×