渗透靶机汇总

靶机的重要性对网络安全人员来说，那就相当于磨刀石，是安全人员提高技能，学习工具，练习技巧的最佳选择， 下文列出业界知名的，常见的靶场，供大家下载使用；

 

1. The BodgeIt Store (Java): http://code.google.com/p/bodgeit/ (download)

2. The ButterFly Security Project (PHP): http://sourceforge.net/projects/thebutterflytmp/ (download)

3. bWAPP - an extremely buggy web application! (PHP): http://www.mmeit.be/bwapp/ (download) (docs)

4. Damn Vulnerable Web Application - DVWA (PHP): http://www.dvwa.co.uk (download)

5. Damn Vulnerable Web Services - DVWS (PHP): http://dvws.secureideas.net (download)

6. OWASP Hackademic Challenges Project (PHP): https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project (download)

7. Google Gruyere (Python): http://google-gruyere.appspot.com (download)

8. Hacme Bank (.NET): http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx (download)

9. Hacme Books (Java): http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx (download)

10. Hacme Casino (Ruby on Rails): http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx (download)

11. Hacme Shipping (ColdFusion): http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx (download)

12. Hacme Travel (C++): http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx (download)

13. OWASP Insecure Web App Project (Java): https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project (download - orphaned)

14. Mutillidae (PHP): http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 (download)

15. OWASP .NET Goat (C#): https://owasp.codeplex.com (download)

16. Peruggia (PHP): http://peruggia.sourceforge.net (download)

17. Puzzlemall (Java): https://code.google.com/p/puzzlemall/ (download) (docs)

18. Stanford Securibench (Java) & Micro: http://suif.stanford.edu/~livshits/securibench/ (download)

19. SQLI-labs (PHP): https://github.com/Audi-1/sqli-labs (download) (blog)

20. SQLol (PHP): https://github.com/SpiderLabs/SQLol (download)

21. OWASP Vicnum Project (Perl & PHP): https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project (download)

22. VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88 (CVS download & vulns)

23. WackoPicko (PHP): https://github.com/adamdoupe/WackoPicko (download) (whitepaper)

24. OWASP WebGoat (Java): https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project (download) (guide)

25. OWASP ZAP WAVE - Web Application Vulnerability Examples (Java): http://code.google.com/p/zaproxy/downloads/list

26. Wavsep - Web Application Vulnerability Scanner Evaluation Project (Java): https://code.google.com/p/wavsep/ (download) (docs)

27. WIVET - Web Input Vector Extractor Teaser: https://code.google.com/p/wivet/ (download) (tests)