Pentesting Vulnerable Study Frameworks Complete List

수술_도구/실험샘플(Dummy) 2011. 9. 1. 09:36

공부하시는 학생들에게 좋은 자료가 될 것 같습니다.

May 10th, 2011

It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.

As the beginner knows nearly nothing it became very difficult to prepare a Home Pentesting Lab for study, once that beginners has to know something about coding a vulnerable application fisrt, then exploit them.

Thinking about that i’ve decided to gather a list, the most complete I could, with all vulnerable pentesting tools I could find. They are categorized based on the type of application like Web Pentesting, War Games and Insecure Distributions. Due to the amount of tools I won’t be doing any previews because it would delay this post a lot and make it a little boring to read. I’m gonna review every tool with complete labs later on in future posts.

As I don’t know every pentesting tool in the planet, feel free to contact me if you remember any application, in fact I would much appreciate it. And I apologize if I miscategorized some of them, feel free to tell me when I’ve done that so i can correct that.

Note that this post intends to show only vulnerable applications used to be exploited, not the tools used to exploit them.

 

Web Pentesting

Application Name Company/Developer URL
OWASP WebGoat OWASP http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP Vicnum OWASP http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
OWASP InsecureWebApp OWASP http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
Web Security DOJO Maven Security Consulting http://www.mavensecurity.com/web_security_dojo/
Gruyere (antigo Codelab / Jalsberg) Google http://google-gruyere.appspot.com/
Hacme Game NTNU http://hacmegame.org/
SPI Dynamics SPI Dynamics http://zero.webappsecurity.com/
Acunetix 1 Acunetix http://testphp.vulnweb.com/
Acunetix 2 Acunetix http://testasp.vulnweb.com/
Acunetix 3 Acunetix http://testaspnet.vulnweb.com/
PCTechtips Challenge PC Tech Tips http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
Damn Vulnerable Web Application DVWA http://dvwa.co.uk/
Mutillidae Iron Geek http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
The Butterfly Security Project The Butterfly Security http://sourceforge.net/projects/thebutterflytmp/
Hacme Casino McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Hacme Bank 2.0 McAfee http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Updated HackmeBank McAfee http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Hacme Books McAfee http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Hacme Travel McAfee http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Hacme Shipping McAfee http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Moth Bonsai Sec http://www.bonsai-sec.com/en/research/moth.php
Stanford SecuriBench Standford http://suif.stanford.edu/%7Elivshits/securibench/
SecuriBench Micro Standford http://suif.stanford.edu/%7Elivshits/work/securibench-micro/
BadStore BadStore http://www.badstore.net/
WebMaven/Buggy Bank Maven Security http://www.mavensecurity.com/webmaven
EnigmaGroup Enigma Group http://enigmagroup.org/
XSS Encoding Skills – x5s (Casaba Watcher) X5S http://www.nottrusted.com/x5s/
Exploit- DB Exploit DB http://www.exploit-db.com/webapps
The Bodgeit Store The Bodgeit Store http://code.google.com/p/bodgeit/
LampSecurity MadIrish http://sourceforge.net/projects/lampsecurity/
hackxor Hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
WackoPicko WackoPicko

https://github.com/adamdoupe/WackoPicko

RSnake’s Vulnerability Lab RSnake http://ha.ckers.org/weird/

 

War Games

Application Name Company / Developer URL
Hell Bound Hackers Hell Bound Hackers http://hellboundhackers.org/
Vulnerability Assessment Kevin Orrey http://www.vulnerabilityassessment.co.uk/
Smash the Stack Smash the Stack http://www.smashthestack.org/
Over the Wire Over the Wire http://www.overthewire.org/wargames/
Hack This Site Hack This Site http://www.hackthissite.org/
Hacking Lab Hacking Lab https://www.hacking-lab.com/
We Chall We Chall https://www.wechall.net/
REMnux REMnux http://zeltser.com/remnux/

 

Insecure Distributions

Application Name Company / Developer URL
Damm Vulnerable Linux DVL http://www.damnvulnerablelinux.org/
Metasploitable Offensive Security http://blog.metasploit.com/2010/05/introducing-metasploitable.html
de-ICE Hacker Junkie http://www.de-ice.net/
Moth Bonsai Security Software http://www.bonsai-sec.com/en/research/moth.php
PwnOS Niel Dickson http://www.neildickson.com/os/
Holynix Pynstrom http://pynstrom.net/holynix.php

 

Have fun !!!

[출처] http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

저작자표시 비영리 변경금지 (새창열림)

'수술_도구 > 실험샘플(Dummy)' 카테고리의 다른 글

Damn Vulnerable Web App (DVWA)  (0) 2011.09.01
OWASP Top 10 Tools and Tactics  (0) 2011.09.01
Posted by bitfox
l

Ajax fingerprinting for Web 2.0 Applications

삽질이라쓰고_경험이라_읽는다. 2011. 9. 1. 08:43
ajax의 Web APP에 대해 핑거프린트를 이용한 정보수집 방식을 보여주고 있다.
대충 문건은 루비 언어를 이용한 쉘을 사용해 ajax에서 이용 중인 js파일들을 수집한다는 얘기다.

Ajax_fingerprinting.pdf



[출처]https://www.net-security.org
저작자표시 비영리 변경금지 (새창열림)

'삽질이라쓰고_경험이라_읽는다.' 카테고리의 다른 글

[패스워드 크랙] rarcrack 사용방법  (0) 2011.12.28
Meaning of ASCII CHARACTER TABLE  (0) 2011.11.04
2011년 국정원 채용  (0) 2011.09.29
Wireless WEP KEY 해킹 후..  (2) 2011.08.23
Hex-Ascii Converter  (0) 2011.08.20
Posted by bitfox
l

Hacked in 60 Seconds: Thieves Could Steal Cars via Text Messages

글로벌_Gossip/2011 2011. 8. 31. 14:02

앞으로 진단해야할 가까운 미래(?)에 진단 대상입니다. My Car~ >ㅁ<;;

--------------------------------------------------------

Forget your car keys? Soon it won’t make a difference, as long as you have your laptop. An interesting viral Web video (see below) making the rounds since the Black Hat cybersecurity conference earlier this month depicts two researchers from iSEC Partners (a San Francisco-based security firm) breaking into a 1998 Subaru Outback via their PC. In less than 60 seconds, they wirelessly find the car’s security system module, bypass it and start the engine remotely.

iSEC researchers Don Bailey and Mat Solnik claim to be able to hack their way into a securely locked car because its alarm relies on a cell phone or satellite network that can receive commands via text messaging. Devices connecting via a cellular or satellite network are assigned the equivalent of a phone number or Web address. If hackers can figure out the number or address for a particular car, they could use a PC to send commands via text messages that instruct the car to disarm, unlock and start.

One of the reasons this text-messaging approach is disconcerting is that text messages aren’t so easy to block, unless you don’t want to receive any texts (either to your car or phone). Google Voice, iBlacklist and a few others (including wireless carriers AT&T and Verizon) do offer some tools for filtering unwanted text messages.

The researchers acknowledge that stealing a particular car would be difficult because you would have to know that car’s number or address, neither of which are easy to find. What bothers them more is that wireless-enabled systems are showing up not just in cars but also in Supervisory Control and Data Acquisition  (SCADA) systems that control and secure power plants, water-treatment facilities and other components of the nation’s critical infrastructure, they told CNET.

iSEC isn’t the only research team to have caught on to the dangers of ubiquitous networking. As Scientific American reported in April, researchers from the University of California, San Diego (UCSD), and the University of Washington in Seattle likewise claimed that a hacker could insert malicious software onto a car’s computer system using the vehicle’s Bluetooth and cell phone connections, allowing someone to use a mobile phone to unlock the car’s doors and start its engine remotely. UCSD computer science professor Stefan Savage and Washington assistant computer science and engineering professor Tadayoshi Kohno had also previously demonstrated the ability to use a computer plugged into a car’s On-Board Diagnostic system (OBD–II) port to take control of the electronic control units to (among other things) disable the brakes, selectively brake individual wheels on demand, and stop the engine—all independent of the driver’s actions (pdf). This was not done wirelessly but did highlight vulnerabilities that car-makers might want to investigate as they continue to open up their vehicles to outside communications.

Image courtesy of webphotographeer, via iStockphoto.com

 

[출처]

http://blogs.scientificamerican.com/observations/2011/08/19/hacked-in-60-seconds-thieves-could-steal-cars-via-text-messages/


저작자표시 비영리 변경금지 (새창열림)

'글로벌_Gossip > 2011' 카테고리의 다른 글

주말 PC 청소하기  (0) 2011.09.05
European Union hacked by Inj3ct0r Team  (0) 2011.09.05
AnDOSid the DOS tool for Android  (0) 2011.08.31
Orange.fr hacked, Database and site source code leaked  (0) 2011.08.29
AOL Postmaster Website hacked by HODLUM  (0) 2011.08.29
Posted by bitfox
l
◀ 이전페이지 1 ··· 38 39 40 41 42 43 44 ··· 64 다음페이지 ▶
블로그 이미지
작은여우와 암행어사 IT Security Consulting History bitfox

최근에 올라온 글

공지사항

글 보관함

최근에 받은 트랙백

  • Total :
  • Today :
  • Yesterday :
tistory 티스토리 가입하기!
rss

카테고리

분류 전체보기 (190)
Hello_World! (24)
위험한_친구들 (50)
수술_도구 (20)
생각하는_보안 (20)
삽질이라쓰고_경험이라_읽는다. (10)
글로벌_Gossip (28)
도전_리버서 (5)
나의 관심 (10)
도전_외래어 (5)
a Shot a Day (18)

달력

«   2025/11   »
1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30

링크

티스토리툴바