Learning hacking is fun when you get hands on experience. Just by reading books/article or watching videos will not help if you don't face the actual scenario. But in real life, it's illegal to run an attack on an unauthorized website or server as it can cause that organization problems and you can face the laws.
This is where these vulnerable machines comes to help. This machines are developed with intentional vulerabilities to teach you how they look like and how to exploit them. You can download the VM image or Docker image to test you knowledge. You won't face lawsuit, legal action or any other shits that might casue unnecessary problems.
| Name | Link | Type | Tech |
|---|---|---|---|
Acunetix Acuart |
http://testphp.vulnweb.com/ | site | PHP Apache Mysql |
Acunetix SecurityTweets |
http://testhtml5.vulnweb.com/ | site | Nginx JQuery CouchDB |
Acunetix Acublog |
http://testaspnet.vulnweb.com/ | site | ASP.NET, Microsoft SQL |
| Name | Link | Type | Tech |
|---|---|---|---|
b-wapp |
https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/ | VM | Ngnix Mysql PHP |
Badstore |
https://www.vulnhub.com/entry/badstore-123,41/ | VM | MySQL, JS |
Butterfly Project |
https://sourceforge.net/projects/thebutterflytmp/ | VM | MySQL, PHP, Linux |
| Name | Link | Type | Tech |
|---|---|---|---|
Crackmebank |
http://crackme.cenzic.com/ | site | CentOS, APache, PHP |
Commix |
https://github.com/stasinopoulos/commix-testbed | VM | PHP |
CloudGoat |
https://github.com/RhinoSecurityLabs/cloudgoat | Docker | AWS, Go, Python, JS |
| Name | Link | Type | Tech |
|---|---|---|---|
DVCA |
https://github.com/m6a-UdS/dvca | VM | AWS, Go, Python, JS |
DVNA |
https://github.com/appsecco/dvna | Docker | Node Js, JS |
DVWA |
https://github.com/digininja/DVWA | VM & Docker | PHP, JS, Python |
DVWS-node |
https://github.com/snoopysecurity/dvws-node | Docker | node, mongoDB, JS, API, GraphQL |