Services for testing penetration testing skills

In the past, I posted a review of the PentestBox distribution with links and descriptions of the utilities included in it. I hope you had enough time to get acquainted with them and learn the functionality. Today I offer you several services for testing your skills in practice. These are specialized services that are absolutely legal and allow everyone to test their knowledge and skills.

Test lab v.7

https://lab.pentestit.ru
')
A free pentest laboratory developed on the basis of a real company's corporate network.
Plot: This time, you, professional hackers, will have to hack into the real network of the virtual company “SecureSoft LLC”, which develops software. The situation is complicated by the fact of high awareness in the field of information security of company employees. According to the report of our agents on the state of information security of the company, the IT structure of SecureSoft LLC is well protected from attacks. However, there is an assumption that vulnerabilities do exist. Your goal is to be the first to discover the “Achilles heel” and get access to the “SecureSoft LLC” systems. Contains web application vulnerabilities, network vulnerabilities and mixed types, online service.

Hack This Site

https://www.hackthissite.org/

A free, secure, and legal hacker test site to test and expand your hacking skills. More than just another WarGames site - a lot of various projects, a huge forum, irc channel. Missions are divided into types: simple, realistic, attacks on applications, forsensik, etc. Online service.

Hack me

https://hack.me

Free project created and regulated by eLearnSecurity. There is an opportunity to develop and add your tasks. Assignments are broken down by specific vulnerabilities, mainly for beginners. Online service.

Hacking Lab

https://www.hacking-lab.com

Online platform for exploring network security and enhancing ethical hacking skills. Contains tasks that are close to CTF: forzhenika, cryptography, reverse engineering. You need to download a virtual machine image and use it to connect to the lab via VPN. Solutions seem to be checked manually.

Enigma group

http://www.enigmagroup.org/

The service is designed for those who want to understand how a secure code is organized, how hackers can attack your systems. Contains vulnerabilities of web applications of different levels, cryptographic, logical, reverse engineering tasks. Online service.

bWAPP

http://www.itsecgames.com

Specialized open source web application. It contains about 100 vulnerabilities classified according to the OWASP methodology. One of the best builds, must have. Contained in a specialized virtual machine - bee-box.

Damn Vulnerable Web Application

http://www.dvwa.co.uk/

According to the developers, this web application is pretty damn vulnerable. It will help security professionals test their skills in a legal environment, and web developers will have a better understanding of their application protection processes. The application is given as a PHP / MySQL instance for self-deployment.

Mutillidae

http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10

Free opensource-platform for testing security of web applications. Checked by most popular utilities - sqlmap, burp suite, etc. Along with bWAPP - one of the most famous platforms. The application is given as a PHP / MySQL instance for self-deployment.

SQLI LABS

https://github.com/Audi-1/sqli-labs

Platform for testing skills with sql-injections. 65 tasks, from simple to complex (bypassing WAF, mysql_real_escape_string). The application is given as a PHP / MySQL instance for self-deployment.

WebGoat Project

http://webgoat.imtqy.com/

The authors associate the name of the project with the syndrome of unconscious goats: in emergency situations, the goat falls into a complete stupor and falls on its back or side with its legs extended. It is inherent in a goat breed with a strange genetic disease. Also, vulnerable code in applications can faint on its side. The main emphasis is placed on the educational side of the issue, and not the creation of a vulnerable platform for experimentation. WebGoat is a cross-platform tool, it can be run on any OS where Apache Tomcat and Java SDK will work.

Game of hacks

http://www.gameofhacks.com/

A test with different levels of difficulty for assessing the level of your knowledge in vulnerable code. Given a piece of source code, in which for a certain period of time you must identify and select a vulnerability. Online service for beginners.

Damn Vulnerable iOS Application

http://damnvulnerableiosapp.com/

A project to test your knowledge of iOS application security. It was presented at the PHD V as a hands-on lab . Allows you to exploit various types of vulnerabilities of iOS applications: Insecure Data Storage, Runtime Manipulation, Security Decisions via Untrusted input, etc. Contained in the form of IPA or DEB, vulnerabilities checked to iOS 8.1 version.

ExploitMe Mobile Android Labs

http://securitycompass.imtqy.com/AndroidLabs/index.html

Opensource project to demonstrate the exploitation of vulnerabilities of the Android platform: File system access permissions, Insecure storage of files, Parameter manipulation of mobile traffic, etc. An emulator, base and lab server are required.

These distributions will help you expand your ethical hacker skills, understand the nature of vulnerabilities and learn more about the tools. Happy hacking!