One of the most helpful tools in learning the fundamentals of penetration testing is the ability to test your analysis against deliberately-vulnerable applications - sites and/or apps with consciously introduced flaws, catalogued for easy reference. Beyond a great introductory exercise, testing against deliberately vulnerable apps can also be a great way to calibrate new scanners or automated reconnaisance methods. And in addition to the actual vulnerable endpoints within the applications themselves, many of them also feature their own guided tutorials explaining how to detect - and often mitigate - the vulnerabilities they contain.
Of course a final, very-not-underrated advantage to these proving grounds is the complete freedom they give you to test out pentest technologies without fear of collateral damage to the business or other users. Even open, third-party bug bounties can have complex terms of engagement sufficient to make the use of potential tools a risky proposition. Locally-hosted desktop apps and sandboxed web applications don’t provide any sensitive data or business processes to compromise (or be sued over).
Here are a few of the most helpful tools and trainings grounds that you can use to build up your bug hunting skills.
Google Gruyere
Google Firing Range
Damn Vulnerable Web App
nmap’s scanme
Vulnerable Word Press(Docker Container)
Metasploitable
WebGoat
Hack this Site
Smash the Stack - Wargames
Over the Wire - Wargames
WackoPicko
Web Security Dojo
OWASP Vulnerable Web Applications Project
This is by no means an exhaustive list, but provides a good mix of different types of web technologies, for both locally and remotely hosted options. Now the next time you want to try the new automated hotness, you have a stable of unsuspecting crash test dummies to unleash it on.
Have fun and happy hunting!
