QuickHit: Things to Attack

Need a quick list of things to attack?  Try these. 🙂

• Buggy Web App: http://www.itsecgames.com/
• Damn Vulnerable iOS App: http://damnvulnerableiosapp.com/
• Damn Vulnerable Web Application: http://www.dvwa.co.uk/
• Damn Vulnerable Web Services: http://dvws.professionallyevil.com/
• Google Gruyere Web App: http://google-gruyere.appspot.com/
• Hack This!: https://www.hackthis.co.uk/
• Hack This Site: https://www.hackthissite.org/

• Hellbound Hackers: https://www.hellboundhackers.org/
• McAfee Free Tools: https://www.mcafee.com/us/downloads/free-tools/index.aspx
• OWASP Mutillidae II Web PentTest Practice Application: https://sourceforge.net/projects/mutillidae/
• Peruggia Web Application: https://sourceforge.net/projects/peruggia/
• Over The Wire: https://www.overthewire.org/wargames
• RootMe: https://www.root-me.org/?lang=en
• Try2Hack: http://www.try2hack.nl/
• OWASP Vicnum: http://vicnum.ciphertechs.com/
• OWASP WebGoat: http://webappsecmovies.sourceforge.net/webgoat/
• OWASP Juice Shop: https://github.com/bkimminich/juice-shop
• OWASP Insecure Web App Project: https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
• OWASP SiteGenerator: https://www.owasp.org/index.php/Owasp_SiteGenerator
• Hack.Me: https://hack.me/
• Hackademic: https://github.com/Hackademic/hackademic
• SlaveHack: http://www.slavehack.com/
• Hackxor: http://hackxor.sourceforge.net/cgi-bin/index.pl
• BodgeIt Web Application: https://github.com/psiinon/bodgeit
• Moth Web Applications VM: http://www.bonsai-sec.com/en/research/moth.php
• EnigmaGroup: http://www.enigmagroup.org/
• OWASP Bricks: https://www.owasp.org/index.php/OWASP_Bricks
• ExploitMe Mobile Android Labs: http://securitycompass.github.io/AndroidLabs/setup.html
• XSS Game: https://xss-game.appspot.com/
• W3Challs: https://w3challs.com/
• The ButterFly web application/PHP vulnerabilities: https://sourceforge.net/projects/thebutterflytmp/
• Acunetix vulnerable ASP forum: http://testasp.vulnweb.com/
• Acunetix vulnerable .NET blog: http://testaspnet.vulnweb.com/
• Acunetix vulnerable PHP app: http://testphp.vulnweb.com/
• CrackMe Bank: http://crackme.cenzic.com/kelev/view/home.php
• Zero Bank: http://zero.webappsecurity.com/
• Altoro Mutual Bank: http://demo.testfire.net/
• Badstore: http://www.badstore.net/
• Reversing.Kr: http://reversing.kr/index.php
• RingZer0 CTF: https://ringzer0team.com/
• IronGeek’s HackMe (NOT web based): http://hackme.irongeek.com/
• Hacking-Lab: https://www.hacking-lab.com/index.html
• VulnHub Vulnerable By Design: https://www.vulnhub.com/

Or put more simply, I found an old list of mine and published it.  Good hunting!