一份整理好的渗透测试学习资源列表。

Web Pentesting

Application Name Company/Developer URL
OWASP WebGoat OWASP http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP Vicnum OWASP http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
OWASP InsecureWebApp OWASP http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
Web Security DOJO Maven Security Consulting http://www.mavensecurity.com/web_security_dojo/
Gruyere (antigo Codelab / Jalsberg) Google http://google-gruyere.appspot.com/
Hacme Game NTNU http://hacmegame.org/
SPI Dynamics SPI Dynamics http://zero.webappsecurity.com/
Acunetix 1 Acunetix http://testphp.vulnweb.com/
Acunetix 2 Acunetix http://testasp.vulnweb.com/
Acunetix 3 Acunetix http://testaspnet.vulnweb.com/
PCTechtips Challenge PC Tech Tips http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
Damn Vulnerable Web Application DVWA http://dvwa.co.uk/
Mutillidae Iron Geek http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
The Butterfly Security Project The Butterfly Security http://sourceforge.net/projects/thebutterflytmp/
Hacme Casino McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Hacme Bank 2.0 McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Updated HackmeBank McAfee http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Hacme Books McAfee http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Hacme Travel McAfee http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Hacme Shipping McAfee http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Moth Bonsai Sec http://www.bonsai-sec.com/en/research/moth.php
Stanford SecuriBench Standford http://suif.stanford.edu/%7Elivshits/securibench/
SecuriBench Micro Standford http://suif.stanford.edu/%7Elivshits/work/securibench-micro/
BadStore BadStore http://www.badstore.net/
WebMaven/Buggy Bank Maven Security http://www.mavensecurity.com/webmaven
EnigmaGroup Enigma Group http://enigmagroup.org/
XSS Encoding Skills – x5s (Casaba Watcher) X5S http://www.nottrusted.com/x5s/
Exploit- DB Exploit DB http://www.exploit-db.com/webapps
The Bodgeit Store The Bodgeit Store http://code.google.com/p/bodgeit/
LampSecurity MadIrish http://sourceforge.net/projects/lampsecurity/
hackxor Hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
WackoPicko WackoPicko

https://github.com/adamdoupe/WackoPicko

RSnake’s Vulnerability Lab RSnake http://ha.ckers.org/weird/

 

War Games

Application Name Company / Developer URL
Hell Bound Hackers Hell Bound Hackers http://hellboundhackers.org/
Vulnerability Assessment Kevin Orrey http://www.vulnerabilityassessment.co.uk/
Smash the Stack Smash the Stack http://www.smashthestack.org/
Over the Wire Over the Wire http://www.overthewire.org/wargames/
Hack This Site Hack This Site http://www.hackthissite.org/
Hacking Lab Hacking Lab https://www.hacking-lab.com/
We Chall We Chall https://www.wechall.net/
REMnux REMnux http://zeltser.com/remnux/

 

Insecure Distributions

Application Name Company / Developer URL
Damm Vulnerable Linux DVL http://www.damnvulnerablelinux.org/
Metasploitable Offensive Security http://blog.metasploit.com/2010/05/introducing-metasploitable.html
de-ICE Hacker Junkie http://www.de-ice.net/
Moth Bonsai Security Software http://www.bonsai-sec.com/en/research/moth.php
PwnOS Niel Dickson http://www.neildickson.com/os/
Holynix Pynstrom http://pynstrom.net/holynix.php

[+]Reference:
~~~~~~~~~
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/