Vulnerable Platforms Environment for Improving your Penetration Testing Skills

ulnerable Web Applications [64 unique web applications]
OWASP BWA	http://code.google.com/p/owaspbwa/
OWASP Hackademic	http://hackademic1.teilar.gr/
OWASP SiteGenerator	https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks	http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd	https://www.owasp.org/index.php/OWASP_Security_Shepherd
WebGoat.NET	https://github.com/jerryhoff/WebGoat.NET/
PentesterLab	https://pentesterlab.com/
Butterfly Security Project	http://thebutterflytmp.sourceforge.net/
Foundstone Hackme Bank	http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books	http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino	http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping	http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel	http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
LAMPSecurity	http://sourceforge.net/projects/lampsecurity/
Moth	http://www.bonsai-sec.com/en/research/moth.php
WackoPicko	https://github.com/adamdoupe/WackoPicko
BadStore	http://www.badstore.net/
WebSecurity Dojo	http://www.mavensecurity.com/web_security_dojo/
BodgeIt Store	http://code.google.com/p/bodgeit/
hackxor	http://hackxor.sourceforge.net/cgi-bin/index.pl
SecuriBench	http://suif.stanford.edu/~livshits/securibench/
SQLol	https://github.com/SpiderLabs/SQLol
CryptOMG	https://github.com/SpiderLabs/CryptOMG
XMLmao	https://github.com/SpiderLabs/XMLmao
Exploit KB Vulnerable Web App	http://exploit.co.il/projects/vuln-web-app/
PHDays iBank CTF	http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
GameOver	http://sourceforge.net/projects/null-gameover/
Zap WAVE	http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
PuzzleMall	http://code.google.com/p/puzzlemall/
VulnApp	http://www.nth-dimension.org.uk/blog.php?id=88
sqli-labs	https://github.com/Audi-1/sqli-labs
Drunk Admin Web Hacking Challenge	https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
bWAPP	http://www.mmeit.be/bwapp/
Vulnerable Operating System Installations [36+ unique OS setups]
Damn Vulnerable Linux	http://sourceforge.net/projects/virtualhacking/files/os/dvl/
Metasploitable	http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
LAMPSecurity	http://sourceforge.net/projects/lampsecurity/
UltimateLAMP	http://www.amanhardikar.com/mindmaps/practice-links.html
De-ICE, hackerdemia	http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso hackerdemia - http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
pWnOS	http://www.pwnos.com/
Holynix	http://sourceforge.net/projects/holynix/files/
Kioptrix	http://www.kioptrix.com/blog/
exploit-exercises - nebula, protostar, fusion	http://exploit-exercises.com/download
PenTest Laboratory	http://pentestlab.org/lab-in-a-box/
RebootUser Vulnix	http://www.rebootuser.com/?page_id=1041
neutronstar	http://neutronstar.org/goatselinux.html
scriptjunkie.us	http://www.scriptjunkie.us/2012/04/the-hacker-games/
21LTR	http://21ltr.com/scenes/
SecGame # 1: Sauron	http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
TurnKey Linux	http://www.turnkeylinux.org/
CentOS	http://www.centos.org/
Sites for Downloading Older Versions of Various Software [3 sources]
Old Apps	http://www.oldapps.com/
Old Version	http://www.oldversion.com/
Exploit-DB	http://www.exploit-db.com/
Sites by Vendors of Security Testing Software [9 unique sites]
Acunetix acuforum	http://testasp.vulnweb.com/
Acunetix acublog	http://testaspnet.vulnweb.com/
Acunetix acuart	http://testphp.vulnweb.com/
Cenzic crackmebank	http://crackme.cenzic.com
HP freebank	http://zero.webappsecurity.com
IBM altoromutual	http://demo.testfire.net/
Mavituna testsparker	http://aspnet.testsparker.com
Mavituna testsparker	http://php.testsparker.com
NTOSpider Test Site	http://www.webscantest.com/
Sites for Improving Your Hacking Skills [25 unique sites]
EnigmaGroup	http://www.enigmagroup.org/
Exploit Exercises	http://exploit-exercises.com/
Google Gruyere	http://google-gruyere.appspot.com/
Hack This Site	http://www.hackthissite.org/
HackThis	http://www.hackthis.co.uk/
HackQuest	http://www.hackquest.com/
Hack.me	https://hack.me
Hacking-Lab	https://www.hacking-lab.com
Hacker Challenge	http://www.dareyourmind.net/
Hacker Test	http://www.hackertest.net/
hACME Game	http://www.hacmegame.org/
Hax.Tor	http://hax.tor.hu/
OverTheWire	http://www.overthewire.org/wargames/
PentestIT	http://www.pentestit.ru/en/
pwn0	https://pwn0.com/home.php
RootContest	http://rootcontest.com/
Root Me	http://www.root-me.org/?lang=en
Security Treasure Hunt	http://www.securitytreasurehunt.com/
Smash The Stack	http://www.smashthestack.org/
TheBlackSheep and Erik	http://www.bright-shadows.net/
ThisIsLegal	http://thisislegal.com/
Try2Hack	http://www.try2hack.nl/
WabLab	http://www.wablab.com/hackme
XSS: Can You XSS This?	http://canyouxssthis.com/HTMLSanitizer/
XSS: ProgPHP	http://xss.progphp.com/
CTF Sites / Archives [3 sites/repos]
CTFtime (Details of CTF Challenges)	http://ctftime.org/ctfs/
shell-storm Repo	http://shell-storm.org/repo/CTF/
CAPTF Repo	http://captf.com/
Miscellaneous [10 items]
ExploitMe Mobile Android Labs	http://securitycompass.github.io/AndroidLabs/
ExploitMe Mobile iPhone Labs	http://securitycompass.github.io/iPhoneLabs/
NcN Wargame	http://noconname.org/evento/wargame/
NETinVM	http://informatica.uv.es/~carlos/docencia/netinvm/
OWASP iGoat	http://code.google.com/p/owasp-igoat/
OWASP Goatdroid	https://github.com/jackMannino/OWASP-GoatDroid-Project
Hacme Bank Android	http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBank	http://www.paladion.net/downloadapp.html
VulnVPN	http://www.rebootuser.com/?page_id=1041
VulnVoIP	http://www.rebootuser.com/?page_id=1041

http://www.vulnweb.com/
https://www.vulnhub.com
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
https://www.novainfosec.com/resources/training/
https://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/
http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security

• Ruby on rails: http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx

• Tip for tests: 
• http://www.slideshare.net/labs3/ruby-on-rails-penetration-testing 
• Join group https://groups.google.com/forum/#!forum/rubyonrails-security
• https://web.archive.org/web/20140619132611/http://blog.pentesterlab.com/2012/07/how-to-get-first-pentester-job.html
• https://web.archive.org/web/20140331032857/http://blog.pentesterlab.com/2013_01_01_archive.html  
• http://blog.securityinnovation.com/blog/2015/05/ruby-on-rails.html 
• https://www.linkedin.com/pulse/web-security-ruby-rails-framework-ben-hudson
• https://web.archive.org/web/20140330230944/http://blog.pentesterlab.com/2013/01/on-exploiting-cve-2012-5664.html
• 
  

• http://security.stackexchange.com/questions/83001/ruby-on-rails-pentesting-web-applications
• Rack::Session::Cookie is used by default in Rack based applications (most of Ruby applications use Rack). This provides a different session mechanism. The information is sent back to users, but is signed with a secret. This way, the users cannot tamper with the information in the session (but they can still access it, once they decode it). https://pentesterlab.com/exercises/web_for_pentester/course https://ptl.io/web_for_pentester_i386.iso
• https://pentesterlab.com/exercises/web_for_pentester_II/course
•  https://pentesterlab.com/exercises/cve-2012-2661/course
•  https://web.archive.org/web/20140210231242/http://blog.pentesterlab.com/2012/06/cve-2012-2661-exploitation-write-up.html
• https://web.archive.org/web/20140331032857/http://blog.pentesterlab.com/2013_01_01_archive.html
• 
  

Source: http://www.amanhardikar.com/mindmaps/PracticeUrls.html