API tools faq
paste
Guest User

Test and practice on your Skills

a guest
Jun 2nd, 2017
6,929
0
Never
9
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.39 KB | None | 0 0
raw download clone embed print report
  1. Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.
  2.  
  3. Vulnerable Web Applications:
  4. OWASP BWA: http://code.google.com/p/owaspbwa
  5. OWASP Hackademic: http://hackademic1.teilar.gr
  6. OWASP SiteGenerator: https://www.owasp.org/index.php/Owasp_SiteGenerator
  7. OWASP Bricks: http://sourceforge.net/projects/owaspbricks & http://sechow.com/bricks
  8. OWASP Security Shepherd: https://www.owasp.org/index.php/OWASP_Security_Shepherd
  9. Damn Vulnerable Web App (DVWA): http://www.dvwa.co.uk
  10. Damn Vulnerable Web Services (DVWS): http://dvws.professionallyevil.com
  11. WebGoat.NET: https://github.com/jerryhoff/WebGoat.NET
  12. PentesterLab: https://pentesterlab.com
  13. Butterfly Security Project: http://thebutterflytmp.sourceforge.net
  14. Foundstone Hackme Bank: http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
  15. Foundstone Hackme Books: http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
  16. Foundstone Hackme Casino: http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
  17. Foundstone Hackme Shipping: http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
  18. Foundstone Hackme Travel: http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
  19. LAMPSecurity: http://sourceforge.net/projects/lampsecurity
  20. Moth: http://www.bonsai-sec.com/en/research/moth.php
  21. WackoPicko: https://github.com/adamdoupe/WackoPicko & http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
  22. BadStore: http://www.badstore.net
  23. WebSecurity Dojo: http://www.mavensecurity.com/web_security_dojo
  24. BodgeIt Store: http://code.google.com/p/bodgeit
  25. hackxor: http://hackxor.sourceforge.net/cgi-bin/index.pl
  26. SecuriBench: http://suif.stanford.edu/~livshits/securibench
  27. SQLol: https://github.com/SpiderLabs/SQLol
  28. CryptOMG: https://github.com/SpiderLabs/CryptOMG
  29. XMLmao: https://github.com/SpiderLabs/XMLmao
  30. Exploit KB Vulnerable Web App: http://exploit.co.il/projects/vuln-web-app & http://sourceforge.net/projects/exploitcoilvuln
  31. PHDays iBank CTF: http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
  32. GameOver: http://sourceforge.net/projects/null-gameover
  33. Zap WAVE: http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
  34. PuzzleMall: http://code.google.com/p/puzzlemall
  35. VulnApp: http://www.nth-dimension.org.uk/blog.php?id=88
  36. sqli-labs: https://github.com/Audi-1/sqli-labs
  37. Drunk Admin Web Hacking Challenge: https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge
  38. bWAPP: http://www.mmeit.be/bwapp & http://sourceforge.net/projects/bwapp/files/bee-box & http://www.itsecgames.com
  39. NOWASP / Mutillidae 2: http://sourceforge.net/projects/mutillidae
  40. SocketToMe: http://digi.ninja/projects/sockettome.php
  41. Project GameOver: http://null.co.in/2012/06/14/gameover-web-pentest-learning-platform
  42. OWASP Vicnum Project: https://sourceforge.net/projects/vicnum & http://vicnum.ciphertechs.com
  43. Hackademic Challenges: http://www.hackademic.eu
  44.  
  45. Vulnerable Operating System Installations:
  46. Damn Vulnerable Linux: http://sourceforge.net/projects/virtualhacking/files/os/dvl & http://www.damnvulnerablelinux.org
  47. Metasploitable: http://sourceforge.net/projects/virtualhacking/files/os/metasploitable & https://sourceforge.net/projects/metasploitable
  48. LAMPSecurity: http://sourceforge.net/projects/lampsecurity
  49. UltimateLAMP: http://www.amanhardikar.com/mindmaps/practice-links.html & http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip
  50. heorot: DE-ICE, hackerdemia http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
  51. DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
  52. DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
  53. DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
  54. DE-ICE, hackerdemia: http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
  55. De-ICE HackerPedia PenTest LiveCDs http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
  56. pWnOS: http://www.pwnos.com & http://www.krash.in/bond00/pWnOS%20v1.0.zip & http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html
  57. Holynix: http://sourceforge.net/projects/holynix/files & http://pynstrom.net/index.php?page=holynix.php
  58. Kioptrix: http://www.kioptrix.com/blog/?page_id=135
  59. exploit-exercises – nebula, protostar, fusion: http://exploit-exercises.com/download
  60. PenTest Laboratory: http://pentestlab.org/lab-in-a-box
  61. RebootUser Vulnix: http://www.rebootuser.com/?page_id=1041
  62. neutronstar: http://neutronstar.org/goatselinux.html
  63. scriptjunkie.us: http://www.scriptjunkie.us/2012/04/the-hacker-games
  64. 21LTR: http://21ltr.com/scenes
  65. SecGame # 1 Sauron: http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
  66. Pentester Lab: https://www.pentesterlab.com/exercises
  67. Vulnserver: http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
  68. TurnKey Linux: http://www.turnkeylinux.org
  69. Bitnami: https://bitnami.com/stacks
  70. Elastic Server: http://elasticserver.com
  71. CentOS: http://www.centos.org
  72. Katana: http://www.hackfromacave.com/katana.html
  73. Virtual Hacking Lab: http://sourceforge.net/projects/virtualhacking/files
  74. Hacking-Lab: http://www.hacking-lab.com/hl_livecd
  75.  
  76. Sites for Downloading Older Versions of Various Software:
  77. Exploit-DB: http://www.exploit-db.com
  78. Old Version: http://www.oldversion.com
  79. Old Apps: http://www.oldapps.com
  80. VirtualHacking Repo: http://sourceforge.net/projects/virtualhacking/files/apps%40realworld
  81.  
  82. Sites by Vendors of Security Testing Software:
  83. Acunetix acuforum: http://testasp.vulnweb.com
  84. Acunetix acublog: http://testaspnet.vulnweb.com
  85. Acunetix acuart: http://testphp.vulnweb.com
  86. Cenzic crackmebank: http://crackme.cenzic.com
  87. HP freebank: http://zero.webappsecurity.com
  88. IBM altoromutual: http://demo.testfire.net
  89. Mavituna testsparker: http://aspnet.testsparker.com
  90. Mavituna testsparker: http://php.testsparker.com
  91. NTOSpider Test Site: http://www.webscantest.com
  92.  
  93. Sites for Improving Your Hacking Skills:
  94. EnigmaGroup: http://www.enigmagroup.org
  95. Exploit Exercises: http://exploit-exercises.com
  96. Google Gruyere: http://google-gruyere.appspot.com
  97. Gh0st Lab: http://www.gh0st.net
  98. Hack This Site: http://www.hackthissite.org
  99. HackThis: http://www.hackthis.co.uk
  100. HackQuest: http://www.hackquest.com
  101. Hack.me: https://hack.me
  102. Hacking-Lab: https://www.hacking-lab.com
  103. Hacker Challenge: http://www.dareyourmind.net
  104. Hacker Test: http://www.hackertest.net
  105. hACME Game: http://www.hacmegame.org
  106. Hax.Tor: http://hax.tor.hu
  107. OverTheWire: http://www.overthewire.org/wargames
  108. PentestIT: http://www.pentestit.ru/en
  109. pwn0: https://pwn0.com/home.php
  110. RootContest: http://rootcontest.com
  111. Root Me: http://www.root-me.org/?lang=en
  112. Security Treasure Hunt: http://www.securitytreasurehunt.com
  113. Smash The Stack: http://www.smashthestack.org
  114. TheBlackSheep and Erik: http://www.bright-shadows.net
  115. ThisIsLegal: http://thisislegal.com
  116. Try2Hack: http://www.try2hack.nl
  117. WabLab: http://www.wablab.com/hackme
  118. XSS – Can You XSS This?: http://canyouxssthis.com/HTMLSanitizer
  119. XSS – ProgPHP: http://xss.progphp.com
  120.  
  121. CTF Sites / Archives:
  122. CTFtime (Details of CTF Challenges): http://ctftime.org/ctfs
  123. shell-storm Repo: http://shell-storm.org/repo/CTF
  124. CAPTF Repo: http://captf.com
  125. VulnHub: https://www.vulnhub.com
  126.  
  127. Mobile Apps:
  128. ExploitMe Mobile Android Labs: http://securitycompass.github.io/AndroidLabs
  129. ExploitMe Mobile iPhone Labs: http://securitycompass.github.io/iPhoneLabs
  130. OWASP iGoat: http://code.google.com/p/owasp-igoat
  131. OWASP Goatdroid: https://github.com/jackMannino/OWASP-GoatDroid-Project
  132. Damn Vulnerable iOS App (DVIA): http://damnvulnerableiosapp.com
  133. Damn Vulnerable Android App (DVAA): https://code.google.com/p/dvaa
  134. Damn Vulnerable FirefoxOS Application (DVFA): https://github.com/pwnetrationguru/dvfa
  135. NcN Wargame: http://noconname.org/evento/wargame
  136. Hacme Bank Android: http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
  137. InsecureBank: http://www.paladion.net/downloadapp.html
  138.  
  139. Miscellaneous:
  140. VulnVPN: http://www.rebootuser.com/?page_id=1041
  141. VulnVoIP: http://www.rebootuser.com/?page_id=1041
  142. NETinVM: http://informatica.uv.es/~carlos/docencia/netinvm
  143. GNS3: http://sourceforge.net/projects/gns-3
  144. XAMPP: https://www.apachefriends.org/index.html
Advertisement
Comments
  • User was banned
  • User was banned
  • User was banned
  • User was banned
  • User was banned
  • User was banned
  • User was banned
  • Garsanor
    Garsanor
    76 days
    # CSS 0.85 KB | 0 0
    view report reply
    1. ✅ Leaked Exploit Documentation:
    2.  
    3. https://docs.google.com/document/d/1dOCZEHS5JtM51RITOJzbS4o3hZ-__wTTRXQkV1MexNQ/edit?usp=sharing
    4.  
    5. This made me $13,000 in 2 days.
    6.  
    7. Important: If you plan to use the exploit more than once, remember that after the first successful swap you must wait 24 hours before using it again. Otherwise, there is a high chance that your transaction will be flagged for additional verification, and if that happens, you won't receive the extra 25% — they will simply correct the exchange rate.
    8. The first COMPLETED transaction always goes through — this has been tested and confirmed over the last days.
    9.  
    10. Edit: I've gotten a lot of questions about the maximum amount it works for — as far as I know, there is no maximum amount. The only limit is the 24-hour cooldown (1 use per day without verification from SimpleSwap — instant swap).
  • Xenrokar
    Xenrokar
    69 days
    # CSS 0.06 KB | 0 0
    view report reply
    1. We just shared HQ data on our channel: https://t.me/theprotocolone
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!