PENETRATION TESTING MIND MAP by amanhardikar.com

Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites. The URLs for individual applications that are part of other collection entities were not given as it is not necessary to download each of them and manually configure them if they are already available in a configured state. For technologies used in each web application, please refer to the mindmap above.

Vulnerable Web Applications
BadStorehttp://www.badstore.net/
BodgeIt Storehttp://code.google.com/p/bodgeit/
Butterfly Security Projecthttp://thebutterflytmp.sourceforge.net/
bWAPPhttp://www.mmeit.be/bwapp/
http://sourceforge.net/projects/bwapp/files/bee-box/
Commixhttps://github.com/stasinopoulos/commix-testbed
CryptOMGhttps://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA)https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA)http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS)http://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challengehttps://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web Apphttp://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bankhttp://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Bookshttp://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casinohttp://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shippinghttp://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travelhttp://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOverhttp://sourceforge.net/projects/null-gameover/
hackxorhttp://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazonhttps://github.com/rapid7/hackazon
LAMPSecurityhttp://sourceforge.net/projects/lampsecurity/
Mothhttp://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2http://sourceforge.net/projects/mutillidae/
OWASP BWAhttp://code.google.com/p/owaspbwa/
OWASP Hackademichttp://hackademic1.teilar.gr/
OWASP SiteGeneratorhttps://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Brickshttp://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherdhttps://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLabhttps://pentesterlab.com/
PHDays iBank CTFhttp://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBenchhttp://suif.stanford.edu/~livshits/securibench/
SentinelTestbedhttps://github.com/dobin/SentinelTestbed
SocketToMehttp://digi.ninja/projects/sockettome.php
sqli-labshttps://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow)https://github.com/SpiderLabs/MCIR
sqlilabshttps://github.com/himadriganguly/sqlilabs
VulnApphttp://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMallhttp://code.google.com/p/puzzlemall/
WackoPickohttps://github.com/adamdoupe/WackoPicko
WAEDhttp://www.waed.info
WebGoat.NEThttps://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojohttp://www.mavensecurity.com/web_security_dojo/
XVWAhttps://github.com/s4n7h0/xvwa
Zap WAVEhttp://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
Vulnerable Operating System Installations
21LTRhttp://21ltr.com/scenes/
Damn Vulnerable Linuxhttp://sourceforge.net/projects/virtualhacking/files/os/dvl/
exploit-exercises – nebula, protostar, fusionhttp://exploit-exercises.com/download
heorot: DE-ICE, hackerdemiahttp://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia – http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
Holynixhttp://sourceforge.net/projects/holynix/files/
Kioptrixhttp://www.kioptrix.com/blog/
LAMPSecurityhttp://sourceforge.net/projects/lampsecurity/
Metasploitablehttp://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
neutronstarhttp://neutronstar.org/goatselinux.html
PenTest Laboratoryhttp://pentestlab.org/lab-in-a-box/
Pentester Labhttps://www.pentesterlab.com/exercises
pWnOShttp://www.pwnos.com/
RebootUser Vulnixhttp://www.rebootuser.com/?page_id=1041
SecGame # 1: Sauronhttp://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
scriptjunkie.ushttp://www.scriptjunkie.us/2012/04/the-hacker-games/
UltimateLAMPhttp://www.amanhardikar.com/mindmaps/practice-links.html
TurnKey Linuxhttp://www.turnkeylinux.org/
Bitnamihttps://bitnami.com/stacks
Elastic Serverhttp://elasticserver.com
OS Boxeshttp://www.osboxes.org
VirtualBoxeshttp://virtualboxes.org/images/
VirtualBox Virtual Applianceshttps://virtualboximages.com/
CentOShttp://www.centos.org/
Default Windows Clientshttps://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
https://dev.windows.com/en-us/microsoft-edge/tools/vms/
Default Windows Serverhttps://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
Default VMWare vSpherehttp://www.vmware.com/products/vsphere/
Sites for Downloading Older Versions of Various Software
Exploit-DBhttp://www.exploit-db.com/
Old Appshttp://www.oldapps.com/
Old Versionhttp://www.oldversion.com/
VirtualHacking Reposourceforge.net/projects/virtualhacking/files/apps%40realworld/
Sites by Vendors of Security Testing Software
Acunetix acuforumhttp://testasp.vulnweb.com/
Acunetix acubloghttp://testaspnet.vulnweb.com/
Acunetix acuarthttp://testphp.vulnweb.com/
Cenzic crackmebankhttp://crackme.cenzic.com
HP freebankhttp://zero.webappsecurity.com
IBM altoromutualhttp://demo.testfire.net/
Mavituna testsparkerhttp://aspnet.testsparker.com
Mavituna testsparkerhttp://php.testsparker.com
NTOSpider Test Sitehttp://www.webscantest.com/
Sites for Improving Your Hacking Skills
Embedded Security CTFhttps://microcorruption.com
EnigmaGrouphttp://www.enigmagroup.org/
Escapehttp://escape.alf.nu/
Google Gruyerehttp://google-gruyere.appspot.com/
Gh0st Labhttp://www.gh0st.net/
Hack This Sitehttp://www.hackthissite.org/
HackThishttp://www.hackthis.co.uk/
HackQuesthttp://www.hackquest.com/
Hack.mehttps://hack.me
Hacking-Labhttps://www.hacking-lab.com
Hacker Challengehttp://www.dareyourmind.net/
Hacker Testhttp://www.hackertest.net/
hACME Gamehttp://www.hacmegame.org/
Halls Of Valhallahttp://halls-of-valhalla.org/beta/challenges
Hax.Torhttp://hax.tor.hu/
OverTheWirehttp://www.overthewire.org/wargames/
PentestIThttp://www.pentestit.ru/en/
CSC Play on Demandhttps://pod.cybersecuritychallenge.org.uk/
pwn0https://pwn0.com/home.php
RootContesthttp://rootcontest.com/
Root Mehttp://www.root-me.org/?lang=en
Security Treasure Hunthttp://www.securitytreasurehunt.com/
Smash The Stackhttp://www.smashthestack.org/
SQLZoohttp://sqlzoo.net/hack/
TheBlackSheep and Erikhttp://www.bright-shadows.net/
ThisIsLegalhttp://thisislegal.com/
Try2Hackhttp://www.try2hack.nl/
WabLabhttp://www.wablab.com/hackme
XSS: Can You XSS This?http://canyouxssthis.com/HTMLSanitizer/
XSS Gamehttps://xss-game.appspot.com/
XSS: ProgPHPhttp://xss.progphp.com/
CTF Sites / Archives
CAPTF Repohttp://captf.com/
CTFtime (Details of CTF Challenges)http://ctftime.org/ctfs/
CTF write-ups repositoryhttps://github.com/ctfs
Reddit CTF Announcementshttp://www.reddit.com/r/securityctf
shell-storm Repohttp://shell-storm.org/repo/CTF/
VulnHubhttps://www.vulnhub.com
Mobile Apps
Damn Vulnerable Android App (DVAA)https://code.google.com/p/dvaa/
Damn Vulnerable FirefoxOS Application (DVFA)https://github.com/pwnetrationguru/dvfa/
Damn Vulnerable iOS App (DVIA)http://damnvulnerableiosapp.com/
ExploitMe Mobile Android Labshttp://securitycompass.github.io/AndroidLabs/
ExploitMe Mobile iPhone Labshttp://securitycompass.github.io/iPhoneLabs/
Hacme Bank Androidhttp://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBankhttp://www.paladion.net/downloadapp.html
NcN Wargamehttp://noconname.org/evento/wargame/
OWASP iGoathttp://code.google.com/p/owasp-igoat/
OWASP Goatdroidhttps://github.com/jackMannino/OWASP-GoatDroid-Project
Lab
binjitsuhttps://github.com/binjitsu/binjitsu
CTFdhttps://github.com/isislab/CTFd
Mellivorahttps://github.com/Nakiami/mellivora
NightShadehttps://github.com/UnrealAkama/NightShade
MCIRhttps://github.com/SpiderLabs/MCIR
Dockerhttps://www.docker.com/
Vagranthttps://www.vagrantup.com/
NETinVMhttp://informatica.uv.es/~carlos/docencia/netinvm/
SmartOShttps://smartos.org/
SmartDataCenterhttps://github.com/joyent/sdc
vSphere Hypervisorhttps://www.vmware.com/products/vsphere-hypervisor/
GNS3http://sourceforge.net/projects/gns-3/
OCCPhttps://opencyberchallenge.net/
XAMPPhttps://www.apachefriends.org/index.html
Miscellaneous
VulnVPNhttp://www.rebootuser.com/?page_id=1041
VulnVoIPhttp://www.rebootuser.com/?page_id=1041
Vulnserverhttp://www.thegreycorner.com/2010/12/introducing-vulnserver.html
NETinVMhttp://informatica.uv.es/~carlos/docencia/netinvm/
DVRFhttps://github.com/praetorian-inc/DVRF
HackSys Extreme Vulnerable Driverhttp://www.payatu.com/hacksys-extreme-vulnerable-driver/
VirtuaPlanthttps://github.com/jseidl/virtuaplant
Fosscommhttps://github.com/nikosdano/fosscomm
Morning Catchhttp://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
AWBOhttps://labs.snort.org/awbo/awbo.html