Carding 4 Carders
Professional
- Messages
- 2,730
- Reaction score
- 1,467
- Points
- 113
Good morning everyone, in touch Pavluu. I bring to your attention a selection of sites for the practice of hacking. We have collected the most famous projects here.
1. bWAPP
bWAPP stands for Buggy Web Application. This resource is open source specifically to show what an unsafe web resource looks like. It was created by a developer named Malik Messelem. In this web application, you will find over 100 common problems covered in Owasp Top 10.
bWAPP is built in PHP using MySQL. For more advanced bWAPP users, the developers offer bee-box, a Linux virtual machine that comes with bWAPP already preinstalled.
2. Damn Vulnerable IOS App (DVIA)
DVIA was developed as an insecure mobile app running iOS 7 and above. For mobile developers, this platform is especially useful because there are very few sites for ethical hacking of mobile applications.
To get started with DVIA, watch the YouTube tutorial and read the Getting Started guide.
3. Google Gruyere
This site is full of holes and is intended for those who are just starting to learn about application security.
With the help of the site you will learn:
- how hackers find security vulnerabilities
- how hackers use web applications
- how to stop hackers from finding and exploiting vulnerabilities
4. HackThis !!
HackThis !! was designed to teach you how to hack, dump, deface and protect your site from hackers. HackThis !! offers over 50 difficulty levels in addition to a lively and active online community. All of this together makes the resource one of the best for ethical hacking and security news sharing.
5. Hack This Site
Hack This Site is a place for anyone looking to practice ethical hacking. This resource contains hacker news, articles, forums, tutorials, and the creators' drive to teach users ethical hacking with skills developed through various tasks.
6. Hellbound Hackers
Hellbound Hackers is a hands-on approach to computer security. This resource offers a wide range of issues to teach how to identify and eliminate exploits. Hellbound Hackers is one of the best sites for ethical hacking practice, covering a wide range of topics from encryption and hacking to social engineering. With 100,000 registered users, it is also one of the largest hacking communities out there.
7. HackMe sites from McAfee
Foundstone is an ethical hacking practice led by McAfee. The company launched in 2006 a series of websites aimed at penetration testers and information security professionals looking to improve their skills. Each simulated application offers a real challenge based on real vulnerabilities. From mobile banking apps to booking apps. These projects cover a wide range of security issues to help any information security professional stay one step ahead of hackers.
List of sites:
- Hacme Bank
- Hacme Bank for Android
- Hacme Books
- Hacme Casino
- Hacme Shipping
- Hacme Travel
8. Mutillidae
Another OWASP project on our list. Mutillidae is a vulnerable web application built for Linux and Windows. The project is a set of PHP scripts containing the ten most common vulnerabilities according to OWASP. Also, the resource is not deprived of tips to help users in the initial stages.
9. OverTheWire
OverTheWire is great for developers and security professionals of all levels. This practice comes in the form of a fun war - players must start at the "bandit" level, where the basics are taught. The more you practice, the higher the level you will reach. With each new level, the tasks become more and more difficult, and the solutions become more confusing and confusing.
10. OWASP Juice Shop Project
OWASP Juice Shop is an ethical hacking practice web application written entirely in JavaScript, covering the top ten OWASP list and other serious security holes.
11. Peruggia
Peruggia is a secure environment for developers and security professionals. It allows you to study and test common attacks against web applications. Peruggia is a bit like an archive of projects, where you can download one of them to learn how to find and limit potential problems and threats.
12. Root Me
Root Me is a great way to test yourself, improve your ethical hacking skills, and improve your web security knowledge with over 200 different assignments.
13. Try2Hack
This resource is considered one of the oldest for ethical hacking practice. Try2Hack only offers a small fraction of all the security concerns. The game features various levels that are sorted by difficulty. All tasks are completed in such a way that you feel comfortable practicing ethical hacking. There is an IRC channel for beginners that you can join and ask for help. There is also a complete step-by-step guide on GitHub.
14. Vicnum
Vicnum is a collection of basic game-based web applications commonly used to kill time. Because of this, applications can be tailored to different needs, making Vicnum an excellent choice for security professionals looking to educate AppSec developers in a fun way.
Vicnum's goal is “to strengthen the security of web applications by educating different groups of people about what can go wrong when working in a web application,” the developer's website says.
15. WebGoat
One of the most popular OWASP projects is WebGoat. This application creates a realistic learning environment with lessons designed to educate users on complex application security issues. WebGoat is for developers looking to learn more about web application security. The slogan of WebGoat is: “Even the best programmers make security mistakes. They need a scapegoat, right? Just blame it on the goat! ”
The project is available for installation on Windows, OSX Tiger and Linux. Has separate downloads for J2EE and .NET environments. There is a simple version as well as a source distribution version that allows users to modify the source code.
16. Hackademic
This open source OWASP project offers ten realistic scenarios full of known vulnerabilities. The site is for those who want to hone their attack skills. Hackademic is great for educational purposes. Also, developers are generously rewarded for introducing new scenarios and vulnerabilities.
17. SlaveHack
SlaveHack is a multiplayer hacker simulator. In this game, you can play either defense or attack. The goal of the game is to control software and hardware and take over compromised or protected computers, depending on which side you play. SlaveHack doesn't really require hacking skills, but it is still in our TOP, because it can help security professionals see their systems from the other side. The SlaveHack forum was created so that players help each other with difficult tasks, as well as just for communication.
18. Hackxor
This game is made for the practice of hacking web applications. It offers several levels as an online version and more advanced levels as a downloadable full version. Players can even play the Black hat hacker scenario (the task is to track down another hacker by any means possible).
19. Moth
Moth is a VMware image with a set of vulnerable web applications and scripts. Moth was originally designed as a way to test AppSec, but it's now a great place to practice ethical hacking and see what vulnerabilities can be identified.
20. Hack.me
The platform is innovative because it not only contains vulnerable applications, but also allows other users to add their own vulnerable applications. Hack.me aims to be the largest archive of active vulnerable web applications, code samples and CMSs on the Internet.
21. CTF365
CTF365 users install and protect their own servers while attacking other users' servers. CTF365 is suitable for security professionals looking to develop offensive skills or system administrators interested in improving their defensive skills. If you're new to the infosek, you can sign up for a free beginner account and get to know it through a few pre-configured vulnerable servers.
22. HACKING-LAB
Hacking-Labs provide CTF challenges for the European Cyber Security Challenge, but they also host regular competitions on their platform that anyone can participate in. Just register, set up a vpn and choose a task to your liking.
23. PWNABLE.KR
This site focuses on pwn-like CTF tasks, the essence of which is to find, read and send the flag files that are in each task. To access the contents of the files, you must use programming, reverse engineering, or vulnerability exploitation skills before you can submit a solution.
Problems are divided into 4 levels of difficulty: easy - for beginners, intermediate, difficult and hardcore, where tasks require non-standard approaches to solve.
24. IO
IO is a wargame from the creators of netgarage.org, a community where like-minded people share knowledge about security, artificial intelligence, VR and more. 3 versions of wargame were created: IO, IO64 and IOarm, of all IO is the most mature. Connect to IO over SSH and you can get to work.
25. SMASHTHESTACK
SmashTheStack consists of 7 different wargames: Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic, and Tux. Each wargame contains many tasks, ranging from standard vulnerabilities to reverse engineering tasks.
26. MICROCORRUPTION
Microcorruption is a CTF in which you have to reverse engineer Lockitall's fictional electronic locking devices. Lockitall devices protect bonds held in warehouses owned by the fictional company Cy Yombinator. On the road to stealing bonds, you will learn assembly language, learn how to use the debugger, step through code, set breakpoints, and examine memory.
27. REVERSING.KR
Here you can find 26 challenges to test your hacking and reverse engineering skills. The site has not been updated since late 2012, but the tasks in hand are still valuable learning resources.
Expect big improvements.
28. W3CHALLS
W3Challs is a multi-tasking learning platform in a variety of categories including hacking, wargaming, forensics, cryptography, steganography, and programming. The goal of the platform is to provide realistic challenges. Depending on the complexity of the problem solved, you get points. There is also a forum where you can discuss and solve problems with other members.
29. PWN0
The pwn0 site is a VPN where almost anything happens. Fight against bots or users and gain points by gaining control over other systems.
30. EXPLOIT EXERCISES
Exploit Exercises offers a variety of virtual machines, documentation, and tasks that come in handy in learning privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and more.
31. RINGZER0 TEAM ONLINE CTF
RingZer0 Team Online CTF offers over 200 challenges that will test your hacking skills in multiple areas - from cryptography, malware analysis to SQL injection, shellcoding and more. After you have found a solution to the problem, you can send it to RingZer0 Team. If your decision is made, you will receive RingZer0Gold, which can be exchanged for hints while solving problems.
32. GAME OF HACKS
Game of Hacks shows you a set of code snippets in a quiz with multiple choices, and you must identify the correct vulnerability in the code. This site stands out a bit from this list, but nevertheless it's a good game to spot vulnerabilities in your code.
33. CTFTIME
While CTFtime is not a hacking site like the others on this list, it is a great resource to stay up to date with CTF competitions happening around the world. Therefore, if you are interested in joining a CTF team or participating in a competition, you should take a look here.
34. PENTESTERLAB
PentesterLab is an easy and convenient way to learn pentesting. The site provides vulnerable systems that can be used to test and study vulnerabilities. In practice, you can work with real vulnerabilities both online and offline. However, online access is only open to those who have a PentesterLab Pro subscription, which costs $ 19.99 per month or $ 199.99 per year.
