This article summarizes the currently popular penetration test drill systems on the Internet. These systems all provide some actual security vulnerabilities. The rankings are in no particular order. Security testers can personally practice how to use this vulnerability and also learn about the vulnerability related information.
DVWA (Dam Vulnerable Web Application) is a web vulnerability testing program written in PHP + Mysql for regular web vulnerability teaching and detection. Contains some common security vulnerabilities such as SQL injection, XSS, blind injection.
Link address: http://www.dvwa.co.uk/&usg=ALkJrhiOiuaHfk_aF276UvrZY6g7cstOt w" target="_blank" rel="noopener"> http://www.dvwa.co.uk
mutillidae is a free, open source web application that provides specifically allowed security testing and intrusion web applications. It is a free and open source web application developed by Adrian "Irongeek" Crenshaw and Jeremy "webpwnized" Druin. It contains rich penetration testing projects such as SQL injection, cross-site scripting, clickjacking, local file inclusion, remote code execution, etc.
Link address: http://sourceforge.net/projects/mutillidae&usg=ALkJrhij9PvIMC87_oaHlm0cKkTHvKodO Q" target="_blank" rel="noopener"> http://sourceforge.net/projects/mutillidae
SQLol is a configurable SQL injection test platform, which contains a series of challenge tasks, allowing you to test and learn SQL injection statements in the challenge. This program was released by Spider Labs at the Austin Hacking Conference.
Link address: https://github.com/SpiderLabs/SQLol&usg=ALkJrhgTqsfMF1FH7q4jtd_L7BaTkjf-Q Q" target="_blank" rel="noopener"> https://github.com/SpiderLabs/SQLol
hackxor is an online hacking game developed by albino. You can also download and install the full version for deployment, including common web vulnerability drills. Contains common vulnerabilities XSS, CSRF, SQL injection, RCE, etc.
Link address: http://sourceforge.net/projects/hackxor&usg=ALkJrhgQtPF6YRHIxO3tauk4g6GmkmI77 Q" target="_blank" rel="noopener"> http://sourceforge.net/projects/hackxor
BodgeIt is a fragile web program written in Java. It includes XSS, SQL injection, debugging code, CSRF, unsafe object applications, and some issues with program logic.
Link address: http://code.google.com/p/bodgeit&usg=ALkJrhjzU3_3x-T2oa_-gkVqs7x7jgcyY w" target="_blank" rel="noopener"> http://code.google.com/p/bodgeit
Exploit KB / exploit.co.il This program contains various vulnerable web applications that can test various SQL injection vulnerabilities. This application is also included in BT5.
Link address: http://exploit.co.il/projects/vuln-web-app&usg=ALkJrhihPrCis6udSl7Ym_gX3RMa0isvf Q" target="_blank" rel="noopener"> http://exploit.co.il/projects/vuln-web-app
WackoPicko is a fragile web application released by Adam Doupé. For testing web application vulnerability scanning tools. It includes command line injection, sessionid issues, file inclusion, parameter tampering, sql injection, xss, flash form reflective xss, weak password scanning, and more.
Link address: https://github.com/adamdoupe/WackoPicko&usg=ALkJrhgp-rN5nM1iTlXjjAEcVucx0KJEm A" target="_blank" rel="noopener"> https://github.com/adamdoupe/WackoPicko
WebGoat is a flawed J2EE web application maintained by the famous OWASP. These vulnerabilities are not bugs in the program, but are deliberately designed to teach web application security courses. This application provides a realistic teaching environment with relevant clues for users to complete the course.
Link address: http://code.google.com/p/webgoat&usg=ALkJrhi3aFb1CMudlSSdk6AqVGZIrgTpi A" target="_blank" rel="noopener"> http://code.google.com/p/webgoat
OWASP Hackademic is a project developed by OWASP. You can use it to test various attack methods. It currently contains 10 problematic WEB applications.
Link: https://code.google.com/p/owasp-hackademic-challenges&usg=ALkJrhhbNaeux1ot6Ou1mqffi-bAkYZc5 Q" target="_blank" rel="noopener"> https://code.google.com/p/owasp-hackademic-challenges
XSSeducation is a set of programs specifically developed to test cross-sites developed by AJ00200. It contains tests for various scenarios.
Link address: http://wiki.aj00200.org/wiki/XSSeducation&usg=ALkJrhgha-YUXA4KiNPLl7ZCSp5odc8tq A" target="_blank" rel="noopener"> http://wiki.aj00200.org/wiki/XSSeducation
黑客主要有两种:黑帽黑客、白帽黑客。黑帽黑客为了个人利益,利用自身的计算机系统知识侵入系统,这种做法是违法的,需要负法律责任,而白帽黑客是利用相同的知识来保护系统或者使应用程序免受攻击,因此,他们也被称为道德黑客。
废话不多说了,下面还是一起来揭晓这8个网站都是哪些吧:
1. SecurityTube
SecurityTube的所有视频都是引用自YouTube,上面的视频种类十分丰富,从攻防安全基础到编写测试,再到攻击等方面,这些视频都是由行业专业人士或者是经验丰富的安全研究人员编写的。该网站还提供一个名为SISE的IOS安全认证。
网站最主要的三大功能如下:
安全培训
渗透测试教程
项目讨论
地址: http://www.securitytube.net/
2. Cybrary
Cybrary是一个免费的在线网络安全网站,旨在提供来自不同行业专业人士的培训材料和资源。但如果你想要获得结业证书,或参加评估和考试,你必须付费(约99美元/月)。可以选择适合自己的道德黑客课程,如渗透测试或网络工程师,甚至创建自己的教学大纲。你还可以根据技能类型、级别或证书搜索课程。
该网站能够顺利运转主要得益于其庞大的社区,它总是能够提供最新的资源,从而创建一个最佳的学习体验
3. Hack This Site
这个站点是一个寻找高质量资源的好地方,这些资源对一些攻击是如何进行的有一个深入的了解。最吸引人的地方是,它很多项目都是由一个大型的开发人员社区开发的,允许对各种各样的攻击进行尝试和测试。同时还有大量的黑客文章和一个巨大的论坛,用户可以在这里讨论黑客攻击,网络安全,此外,该网站还提供挑战任务来学习并练习黑客技术,从初学者水平到高级难度的都有
地址: https://www.hackthissite.org/
4. Hacking-Tutorial
这个网站收集了数百个关于黑客和网络安全的教程,电子书和黑客工具等等都可以在该网站找到,此外,还提供了有关如何在本地入侵(比如在一台计算机上运行脚本)的相关知识。
地址: https://www.hacking-tutorial.com/
5. Exploit Database
无论你是白帽黑客还是黑帽黑客,数据库都是黑客的一个重要工具。如果你想了解更多关于以前黑客是如何攻击和修补漏洞的,那这个网站就是为你准备的你还可以下载上面的杂志,这些杂志涵盖了过去十几年里世界上最大规模的网络攻击
地址: https://www.hacking-tutorial.com/
6. Hellbound Hackers
该网站提供了各种各样的安全实践方法和挑战,教你如何识别攻击和代码的补丁建议。是最大的一个黑客社区之一,已经有10万左右的用户注册
地址: https://www.hellboundhackers.org/
7. HackingLoops
HackingLoops是一个博客网站,主要面向初级水平的黑客,网站上有许多非常有用的工具以及经验分享,包括渗透测试、测试实践、移动黑客等
地址: https://www.hackingloops.com/
8. Hack In The Box
该网站专注于安全和道德黑客,实际上由四个主要的子域名组成,每个子域名都有一个特定的目的,即为世界各地的黑客服务。
HITBSecNews:这个流行的博客提供涵盖所有主要行业的安全新闻。主题包括Microsoft、Apple和Linux等主要平台。其他主题包括国际黑客新闻、科学技术等。
HITBSecConf:这是一个年度会议,吸引了来自世界各地的黑客专家和研究人员,每年在荷兰举行
HITBPhotos:一个简单的相册集,主要是一些年度大会的图片
HITBMagazine:黑客季刊杂志,虽然这个站点依然活跃并且持续有内容更新,但是,已经没有其他新的杂志输出。
实际上这个网站不能算是真正学习黑客技术的地方,而是一个每日获取最新黑客新闻的途
