Forums
Security
Pen Testing
19 Online Pen Testi...
 
Notifications
Clear all

19 Online Pen Testing and Hacking Skill Practice Sites

 
    Last Post
  RSS

 Sunny Heart
(@sunnyheart)
Member Admin Registered
Joined: 6 years ago
Posts: 102
Topic starter 26/03/2020 3:46 pm  
 
Offense is the best defense, and this sentence also applies to the world of information security. Here are 19 websites that are legal to practice hacking techniques. Whether you are a developer, security engineer, code auditor, or penetration tester, you can become an excellent security researcher through continuous practice. The following websites hope to help you! If there are other supplements and recommendations, please leave a message to the editor (in no particular order)

Global

1.bWAPP
Free and open source web application security project. It helps security enthusiasts and researchers discover and prevent web vulnerabilities.

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//www.itsecgames.com/&usg=ALkJrhjlCIv7JO4Gq_rWSFkltYa8m5VDu g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">itsecgames

Damn Vulnerable iOS App (DVIA)

DVIA is an iOS security application. Its main goal is to provide a legitimate platform for mobile security enthusiasts to learn iOS penetration testing skills. The APP covers all common iOS security vulnerabilities. It is free and open source, and the vulnerability testing and solutions cover the iOS 10 version.

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//damnvulnerableiosapp.com/&usg=ALkJrhhNXDTbKpu_IlCMy4qU68g_MPqDt A" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">DVIA (Damn Vulnerable iOS App)-A vulnerable iOS app for pentesting
3.Damn Vulnerable Web Application (DVWA)
Virtual web applications based on php and mysql, "built-in" common web vulnerabilities, such as SQL injection, xss, etc., can be built on your own computer
Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//www.dvwa.co.uk/&usg=ALkJrhiSMJZtna-EPdKMyN-Y9Ar_UjZPV g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Damn Vulnerable Web Application

4.Game of Hacks
Test your security technology based on the game. Each task topic provides a lot of code, which may or may not have a security hole!

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//www.gameofhacks.com/&usg=ALkJrhhp2FhZNOkERnOkqqpPnnJPwAPoL g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Game of Hacks

5.Google Gruyere
A seemingly low URL, but full of vulnerabilities, designed to help those who are just beginning to learn application security.

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//google-gruyere.appspot.com/&usg=ALkJrhjWzlI_qULAVDnIR_XGRzjtJ2wA9 A" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043"> google-gruyere.appspot.com 

6, HackThis !!
Designed to teach you how to hack, dump, and alter, as well as hacking tips to protect your website, offers more than 50 different levels of difficulty.

Address: https://link.zhihu.com/%3Ftarget%3Dhttps%253A//www.hackthis.co.uk/&usg=ALkJrhjMkG-gE-kP4MoGc1BjvOPanv-gW g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043"> Hackthis.co.uk/

7.Hack This Site
Is a legal and secure website for testing hacking skills and contains hacking information, articles, forums and tutorials designed to help you learn hacking techniques.

Address: https://link.zhihu.com/%3Ftarget%3Dhttps%253A//www.hackthissite.org/&usg=ALkJrhjxedV9ZuyAYQqgHN-qZ9eiVZkqV w" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Hack This Site

8.Hellbound Hackers
Provides a variety of security practices and challenges designed to teach you how to identify attacks and patch recommendations for your code. Topics include application encryption and cracking, social work and rooting. The community has nearly 100,000 registered members and is one of the largest hacker communities.

Address: https://link.zhihu.com/%3Ftarget%3Dhttps%253A//www.hellboundhackers.org/&usg=ALkJrhjjD3X8qkgRQUtdoqHr4jgEs5kGF Q" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Welcome to Hellbound Hackers

9.McAfee HacMe Sites
Various hacking and security testing tools provided by McAfee

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//www.mcafee.com/us/downloads/free-tools/index.aspx&usg=ALkJrhjR6PZtn_77C2tPiWuSfY6mTbpAj w" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Free Tools | McAfee Downloads

10.Mutillidae
Mutillidae Mutillidae is a free, open source web application that provides web applications that are specifically allowed for security testing and intrusion. It contains rich penetration testing projects such as SQL injection, cross-site scripting, clickjacking, local file inclusion, remote code execution, etc.

Address: https://link.zhihu.com/%3Ftarget%3Dhttps%253A//sourceforge.net/projects/mutillidae/&usg=ALkJrhhSxGw-ojmLLYn8rfKiJbftzTvqC w" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">OWASP Mutillidae II

11.OverTheWire
Game-based hacking site that lets you learn security techniques and concepts

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//overthewire.org/wargames/&usg=ALkJrhi-yVO3OxtFjFX9dHmuM_0dG8cat g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">OverTheWire: Wargames

12.Peruggia
A hacker website that provides secure, legitimate attacks

Address: https://link.zhihu.com/%3Ftarget%3Dhttps%253A//sourceforge.net/projects/peruggia/&usg=ALkJrhhukAzQBySvwcLjA_Zrag0Aysd3A g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Peruggia

13.Root Me
A website that improves your hacking skills and cybersecurity knowledge with over 200 hacking challenges and 50 virtual environments

Address: https://link.zhihu.com/%3Ftarget%3Dhttps%253A//www.root-me.org/&usg=ALkJrhijvgwN566B5VTdYEtE429ppAPTe g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information]

14.Try2Hack
One of the oldest hacking sites that offers multiple security challenges.

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//www.try2hack.nl/&usg=ALkJrhgKFOVBqy3__5FXYHjmyOd2VZeWu A" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">:: [www.try2hack.nl] ::

15, Vicnum
One of the OWASP projects, a simple framework, aimed at different needs, and guides security developers to learn security technology based on the game.

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//vicnum.ciphertechs.com/&usg=ALkJrhh8iN_LHYj3CQs6HJdOJi6Vy5mYM A" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Welcome to Vicnum

WebGoat
The most popular OWASP project provides a real security teaching environment to guide users in designing complex application security issues

Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//webappsecmovies.sourceforge.net/webgoat/&usg=ALkJrhj5te7U81ldkx1obzHBJbgyEex_Y A" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043"> webappsecmovies.sourceforge.net 

Local

1, i spring and autumn
A relatively good online learning platform for security knowledge in China, which reproduces complex operating systems, tools, and network environments on the web page, and provides learners with an experimental platform that is completely close to the actual environment.
Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//www.ichunqiu.com/main&usg=ALkJrhjJmmzXbaAA0sE_C4bnZL8S2UcIv A" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Network security training | Information security training | Anti-hacking technology-the first choice
2.XCTF_OJ Practice Platform
XCTF-OJ (X Capture The Flag Online Judge) is a network security technology confrontation practice platform developed by the XCTF Organizing Committee and provided to XCTF League participants. The XCTF-OJ platform will bring together the real question bank of CTF cyber security competitions at home and abroad, and support the resumption and restoration of some available online question interactive environments. The follow-up events of the XCTF League will also summarize offline questions and online interactive environments after the match. To the XCTF-OJ platform, it is the only site resource in the global CTF community that provides a practice environment for recurring test questions.
Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//oj.xctf.org.cn/&usg=ALkJrhi-0BJG3Cj2JYBU8sjANReX6MPfD g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">XCTF_OJ Contest Platform
3. Network information security attack and defense learning platform
Provide basic knowledge inspection, loopholes, drills, tutorials and other materials. The practical exercises are mainly Web questions, including basic levels, script levels, injection levels, upload levels, decryption levels, and comprehensive levels.
Address: https://link.zhihu.com/%3Ftarget%3Dhttp%253A//hackinglab.cn/index.php&usg=ALkJrhjldr-IyO7ffc4sSEjheGa1M21l9 g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">Network Security Lab | Network Information Security Offense and Defense Learning Platform
Reference source:
https://link.zhihu.com/%3Ftarget%3Dhttp%253A//list.ly/list/euz-15-vulnerable-sites-to-legally-practice-your-hacking-skills-2016-update&usg=ALkJrhifkeqakmJrBZhGOfFtA2p_qgh_h g" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">15 Vulnerable Sites To (Legally) Practice Your Hacking Skills-2016 Update | Listly List
https://link.zhihu.com/%3Ftarget%3Dhttp%253A//www.freebuf.com/sectool/4708.html&usg=ALkJrhge8NIFY9KPhV-J9mK7KOUoPizT7 w" target="_blank" rel="nofollow noopener noreferrer" data-za-detail-view-id="1043">[TOP10] Ten Penetration Test Walkthrough Systems-FreeBuf.COM | Focus on Hackers and Geeks
https://www.zhihu.com/question/24740239&usg=ALkJrhiSUChWexHRKwEx91ZsUPYwlIq9P w" data-za-detail-view-id="1043">What are the network attack and defense platforms? https://www.zhihu.com/question/24740239&usg=ALkJrhiSUChWexHRKwEx91ZsUPYwlIq9P w" data-za-detail-view-id="1043">-Network Security


   
Quote
Topic Tags
hacking
 tai chi
(@taichi)
Member
Joined: 6 years ago
Posts: 429
09/02/2025 3:28 pm  

1. 漏洞数据库

CVE (Common Vulnerabilities and Exposures)
  • 网址CVE -CVE
  • 内容:全球漏洞编号的官方标准,记录漏洞基本信息,但具体细节有限。
  • 适合:了解漏洞的概述、影响范围和编号,需配合其他资源深入研究。
NVD (National Vulnerability Database)
  • 网址NVD - Home
  • 内容:基于CVE编号扩展的数据库,提供漏洞评分(CVSS)和详细分析。
  • 优势:包含漏洞的技术细节和修复建议。
CNVD (中国国家漏洞数据库)
  • 网址 http://www.cnvd.org.cn/
  • 内容:由中国官方运营的漏洞数据库,侧重中文用户。
  • 特点:经常收录国内发现的漏洞。
Exploit-DB
Vulners

2. 技术博客和安全研究平台

HackerOne Blog
PortSwigger Research
Google Project Zero
Tencent Security Blogs
阿里云先知社区
  • 网址技术文章 - 先知社区
  • 内容:国内安全研究人员分享漏洞挖掘经验和技术。
  • 特点:包含大量实践案例,适合中文用户。

3. 社区和论坛

Reddit (NetSec, Exploits, etc.)
安全客
  • 网址安全客 - 安全资讯平台
  • 内容:国内安全技术社区,包含漏洞原理分析、事件跟踪。
  • 特点:中文内容为主,实用性强。
FreeBuf
论坛与讨论区

4. 工具与实时监控

漏洞情报APP
  • VulnHub:漏洞靶场和利用实例。
  • CVE Searcher:移动端查询CVE漏洞。
  • SecApps:集合安全工具的APP。
实时工具
  • Twitter:关注安全研究者(如 @taviso, @thezdi)。
  • Telegram:加入漏洞情报频道。
  • RSS订阅:订阅漏洞数据库和博客更新。

5. 视频与实践资源

YouTube
  • LiveOverflow:漏洞利用演示与分析。
  • HackerSploit:涵盖漏洞原理与工具教程。
CTF平台


   
ReplyQuote
Forum Jump:
Next Topic  
Topic Tags:  hacking (1) ,
Share: