Virtual machines and ISO images
The following table lists several virtual machines and ISO images that can be installed on your machine as targets to learn penetration testing:
|
URL |
Description |
|---|---|
|
This contains various VMs to allow anyone to gain practical hands-on experience in digital security, computer application, and network administration. | |
|
This provides a variety of virtual machines, documentation, and challenges that can be used to learn about a variety of computer security issues, such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues. | |
|
This provides various web application security exercise materials, such as SQL injection, Axis2 and Tomcat manager, and MoinMoin code execution. In each exercise, you will have an explanation tutorial and also the vulnerable application in the ISO image. | |
|
Hackxor is a web app hacking game where players must locate and exploit vulnerabilities to progress through the story. It contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, and so on. | |
|
A free open-source, self-contained training environment for web application security and penetration testing. | |
|
Moth is a VMware image with a set of vulnerable web applications and scripts, which you may use for: Testing web application security scanners Testing Static Code Analysis (SCA) tools Giving an introductory course on web application security | |
|
The exploit.co.il vulnerable web app is designed as a learning platform to test various SQL injection techniques, and it is a fully functional website with a content management system based on fckeditor. | |
|
LAMPSecurity training is designed to be a series of vulnerable virtual machine images, along with complementary documentation, designed to teach Linux, Apache, PHP, and MySQL security. | |
|
OWASP Broken Web Applications Project, a collection of vulnerable web applications, is distributed on a virtual machine in VMware-compatible format. | |
|
Bee-box is a custom Linux VMware virtual machine preinstalled with bWAPP. It gives you several ways to hack and deface the bWAPP website. It's even possible to hack bee-box to get root access. With bee-box, you have the opportunity to explore all bWAPP vulnerabilities! | |
|
http://information.rapid7.com/download-metasploitable.html?LS=1631875&CS=web |
The Metasploitable 2 virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. |
