Archive

Archive for the ‘Uncategorized’ Category

More PenTesting Web Platforms

July 17, 2011 Leave a comment

Great resource found here:
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

Web Pentesting

Application
Name
Company/Developer URL
OWASP WebGoat OWASP http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP Vicnum OWASP http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
OWASP InsecureWebApp OWASP http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
Web Security DOJO Maven Security Consulting http://www.mavensecurity.com/web_security_dojo/
Gruyere (antigo Codelab / Jalsberg) Google http://google-gruyere.appspot.com/
Hacme Game NTNU http://hacmegame.org/
SPI Dynamics SPI Dynamics http://zero.webappsecurity.com/
Acunetix 1 Acunetix http://testphp.vulnweb.com/
Acunetix 2 Acunetix http://testasp.vulnweb.com/
Acunetix 3 Acunetix http://testaspnet.vulnweb.com/
PCTechtips Challenge PC Tech Tips http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
Damn Vulnerable Web Application DVWA http://dvwa.co.uk/
Mutillidae Iron Geek http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
The Butterfly Security Project The Butterfly Security http://sourceforge.net/projects/thebutterflytmp/
Hacme Casino McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Hacme Bank 2.0 McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Updated HackmeBank McAfee http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Hacme Books McAfee http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Hacme Travel McAfee http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Hacme Shipping McAfee http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Moth Bonsai Sec http://www.bonsai-sec.com/en/research/moth.php
Stanford SecuriBench Standford http://suif.stanford.edu/%7Elivshits/securibench/
SecuriBench Micro Standford http://suif.stanford.edu/%7Elivshits/work/securibench-micro/
BadStore BadStore http://www.badstore.net/
WebMaven/Buggy Bank Maven Security http://www.mavensecurity.com/webmaven
EnigmaGroup Enigma Group http://enigmagroup.org/
XSS Encoding Skills – x5s (Casaba Watcher) X5S http://www.nottrusted.com/x5s/
Exploit- DB Exploit DB http://www.exploit-db.com/webapps
The Bodgeit Store The Bodgeit Store http://code.google.com/p/bodgeit/
LampSecurity MadIrish http://sourceforge.net/projects/lampsecurity/
hackxor Hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
WackoPicko WackoPicko https://github.com/adamdoupe/WackoPicko
RSnake’s Vulnerability Lab RSnake http://ha.ckers.org/weird/

 

War Games

Application
Name
Company /
Developer
URL
Hell Bound Hackers Hell Bound Hackers http://hellboundhackers.org/
Vulnerability Assessment Kevin Orrey http://www.vulnerabilityassessment.co.uk/
Smash the Stack Smash the Stack http://www.smashthestack.org/
Over the Wire Over the Wire http://www.overthewire.org/wargames/
Hack This Site Hack This Site http://www.hackthissite.org/
Hacking Lab Hacking Lab https://www.hacking-lab.com/
We Chall We Chall https://www.wechall.net/
REMnux REMnux http://zeltser.com/remnux/

 

Insecure Distributions

Application
Name
Company /
Developer
URL
Damm Vulnerable Linux DVL http://www.damnvulnerablelinux.org/
Metasploitable Offensive Security http://blog.metasploit.com/2010/05/introducing-metasploitable.html
de-ICE Hacker Junkie http://www.de-ice.net/
Moth Bonsai Security Software http://www.bonsai-sec.com/en/research/moth.php
PwnOS Niel Dickson http://www.neildickson.com/os/
Holynix Pynstrom http://pynstrom.net/holynix.php
Categories: Uncategorized

PenTesting Web Apps

May 29, 2011 Leave a comment

One of the projects I will be working on this summer is developing a “Break In Lab” for students to test their hacking skills. As such finding well supported platforms to perform pen-tests on is a must. Here is a list compiled by http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/.

S.No. Vulnerable Application Platform
1 SPI Dynamics (live) ASP
2 Cenzic (live) PHP
3 Watchfire (live) ASPX
4 Acunetix 1 (live) PHP
5 Acunetix 2 (live) ASP
6 Acunetix 3 (live) ASP.Net
7 PCTechtips Challenge (live)
8 Damn Vulnerable Web Application PHP/MySQL
9 Mutillidae PHP
10 The Butterfly Security Project PHP
11 Hacme Casino Ruby on Rails
12 Hacme Bank 2.0 ASP.NET (2.0)
13 Updated HackmeBank ASP.NET (2.0)
14 Hacme Books J2EE
15 Hacme Travel C++ (application client-server)
16 Hacme Shipping ColdFusion MX 7, MySQL
17 OWASP WebGoat JAVA
18 OWASP Vicnum PHP, Perl
19 OWASP InsecureWebApp JAVA
20 OWASP SiteGenerator ASP.NET
21 Moth
22 Stanford SecuriBench JAVA
23 SecuriBench Micro JAVA
24 BadStore Perl(CGI)
25 WebMaven/Buggy Bank (very old)
26 EnigmaGroup (live)
27 XSS Encoding Skills – x5s (Casaba Watcher)
28 Google – Gruyere (live) (previously Jarlsberg)
29 Exploit- DB Multi-platform
30 The Bodgeit Store JSP
31 LampSecurity PHP
32 hackxor Perl(CGI)
33 OWASP – Hackademic PHP
Categories: Uncategorized