A continuación les compartimos una colección de aplicaciones web vulnerables para que puedan poner en práctica todo lo que aprendan relacionado al pentesting.

 

APLICACIONES WEB VULNERABLES
OWASP BWA http://code.google.com/p/owaspbwa/ 
OWASP Hackademic http://hackademic1.teilar.gr/ 
OWASP SiteGenerator https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks http://sourceforge.net/projects/owaspbricks/ 
OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd 
Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/ 
Damn Vulnerable Web Services (DVWS) http://dvws.professionallyevil.com/ 
WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/ 
PentesterLab https://pentesterlab.com/ 
Butterfly Security Project http://thebutterflytmp.sourceforge.net/ 
Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx 
Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx 
Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx 
Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx 
Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx 
LAMPSecurity http://sourceforge.net/projects/lampsecurity/ 
Moth http://www.bonsai-sec.com/en/research/moth.php 
WackoPicko https://github.com/adamdoupe/WackoPicko 
BadStore http://www.badstore.net/ 
WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/ 
BodgeIt Store http://code.google.com/p/bodgeit/ 
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl 
SecuriBench http://suif.stanford.edu/~livshits/securibench/ 
SQLol https://github.com/SpiderLabs/SQLol 
CryptOMG https://github.com/SpiderLabs/CryptOMG 
XMLmao https://github.com/SpiderLabs/XMLmao 
Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/ 
PHDays iBank CTF http://blog.phdays.com/2012/05/once-again-about-remote-banking.html 
GameOver http://sourceforge.net/projects/null-gameover/ 
Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip 
PuzzleMall http://code.google.com/p/puzzlemall/ 
VulnApp http://www.nth-dimension.org.uk/blog.php?id=88 
sqli-labs https://github.com/Audi-1/sqli-labs 
Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/ 
bWAPP http://www.mmeit.be/bwapp/ 
http://sourceforge.net/projects/bwapp/files/bee-box/
NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/ 
SocketToMe http://digi.ninja/projects/sockettome.php 
SISTEMAS OPERATIVOS VULNERABLES
Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/ 
Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/ 
LAMPSecurity http://sourceforge.net/projects/lampsecurity/ 
UltimateLAMP http://www.amanhardikar.com/mindmaps/practice-links.html 
heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso 
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia – http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso 
pWnOS http://www.pwnos.com/ 
Holynix http://sourceforge.net/projects/holynix/files/ 
Kioptrix http://www.kioptrix.com/blog/ 
exploit-exercises – nebula, protostar, fusion http://exploit-exercises.com/download 
PenTest Laboratory http://pentestlab.org/lab-in-a-box/ 
RebootUser Vulnix http://www.rebootuser.com/?page_id=1041 
neutronstar http://neutronstar.org/goatselinux.html 
scriptjunkie.us http://www.scriptjunkie.us/2012/04/the-hacker-games/ 
21LTR http://21ltr.com/scenes/ 
SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html 
Pentester Lab https://www.pentesterlab.com/exercises 
Vulnserver http://www.thegreycorner.com/2010/12/introducing-vulnserver.html 
TurnKey Linux http://www.turnkeylinux.org/ 
Bitnami https://bitnami.com/stacks 
Elastic Server http://elasticserver.com 
CentOS http://www.centos.org/ 
SITIOS PARA DESCARGAR APLICACIONES VIEJAS
Exploit-DB http://www.exploit-db.com/ 
Old Version http://www.oldversion.com/ 
Old Apps http://www.oldapps.com/ 
VirtualHacking Repo sourceforge.net/projects/virtualhacking/files/apps%40realworld/ 
SITIOS DE VENDEDORES DE SOFTWARE DE SEGURIDAD
Acunetix acuforum http://testasp.vulnweb.com/ 
Acunetix acublog http://testaspnet.vulnweb.com/ 
Acunetix acuart http://testphp.vulnweb.com/ 
Cenzic crackmebank http://crackme.cenzic.com 
HP freebank http://zero.webappsecurity.com 
IBM altoromutual http://demo.testfire.net/ 
Mavituna testsparker http://aspnet.testsparker.com 
Mavituna testsparker http://php.testsparker.com 
NTOSpider Test Site http://www.webscantest.com/ 
SITIOS PARA MEJORAR TUS HABILIDADES DE HACKER
EnigmaGroup http://www.enigmagroup.org/ 
Exploit Exercises http://exploit-exercises.com/ 
Google Gruyere http://google-gruyere.appspot.com/ 
Gh0st Lab http://www.gh0st.net/ 
Hack This Site http://www.hackthissite.org/ 
HackThis http://www.hackthis.co.uk/ 
HackQuest http://www.hackquest.com/ 
Hack.me https://hack.me 
Hacking-Lab https://www.hacking-lab.com 
Hacker Challenge http://www.dareyourmind.net/ 
Hacker Test http://www.hackertest.net/ 
hACME Game http://www.hacmegame.org/ 
Hax.Tor http://hax.tor.hu/ 
OverTheWire http://www.overthewire.org/wargames/ 
PentestIT http://www.pentestit.ru/en/ 
pwn0 https://pwn0.com/home.php 
RootContest http://rootcontest.com/ 
Root Me http://www.root-me.org/?lang=en 
Security Treasure Hunt http://www.securitytreasurehunt.com/ 
Smash The Stack http://www.smashthestack.org/ 
TheBlackSheep and Erik http://www.bright-shadows.net/ 
ThisIsLegal http://thisislegal.com/ 
Try2Hack http://www.try2hack.nl/ 
WabLab http://www.wablab.com/hackme 
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/ 
XSS: ProgPHP http://xss.progphp.com/ 
SITIOS DE “CAPTURA DE BANDERA” (CTF)
CTFtime (Details of CTF Challenges) http://ctftime.org/ctfs/ 
shell-storm Repo http://shell-storm.org/repo/CTF/ 
CAPTF Repo http://captf.com/ 
VulnHub https://www.vulnhub.com 
APLICACIONES MOBILES
ExploitMe Mobile Android Labs http://securitycompass.github.io/AndroidLabs/ 
ExploitMe Mobile iPhone Labs http://securitycompass.github.io/iPhoneLabs/ 
OWASP iGoat http://code.google.com/p/owasp-igoat/ 
OWASP Goatdroid https://github.com/jackMannino/OWASP-GoatDroid-Project 
Damn Vulnerable iOS App (DVIA) http://damnvulnerableiosapp.com/ 
Damn Vulnerable Android App (DVAA) https://code.google.com/p/dvaa/ 
Damn Vulnerable FirefoxOS Application (DVFA) https://github.com/pwnetrationguru/dvfa/ 
NcN Wargame http://noconname.org/evento/wargame/ 
Hacme Bank Android http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx 
InsecureBank http://www.paladion.net/downloadapp.html 
OTRAS
VulnVPN http://www.rebootuser.com/?page_id=1041 
VulnVoIP http://www.rebootuser.com/?page_id=1041 
NETinVM http://informatica.uv.es/~carlos/docencia/netinvm/ 
GNS3 http://sourceforge.net/projects/gns-3/ 
XAMPP https://www.apachefriends.org/index.html 

Ya no hay excusas para no practicar!

Posts Relacionados

Comments

comments

One comment

  • Lokomotion
    Lokomotion

    Como siempre luciendote con tus aportazos ANTRAX muchisimas gracias, aca tenemos material para hacer dulce!

Deja una respuesta

Tu email no será publicado. Los campos requeridos estan marcados con *
Puedes usar tags HTML y los atributos: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">