Topics in Offensive Security

Metasploitable3 by Rapid7

VM with a lot of security flaws

Includes modules on:

  • Windows-based vulnerabilities
  • Linux-based vulnerabilities
  • Can be run in CTF-style
  • Vulnerable services: GlassFish, Apache Struts, Tomcat, Jenkins, IIS, SSH, WinRM, ManageEngine, SNMP, MySQL, Wordpress, SMB, etc.
  • Check out this walk-through to learn how to do Metasploitable3

Juice Shop by OWASP

Sophisticated insecure web application

Includes modules on:

  • ~70 vulnerabliities: injections, broken access and authentication, sensitive data exposure, XSS, XXE, race condition, insecure deserialization, improper input validation, etc.
  • Free deployment on Heroku
  • Written mainly in Javascript
  • Can be run in CTF-style
  • Contains an official companion guide for self-study

WebGoat by OWASP

Deliberately insecure web application

Includes modules on:

  • HTTP basics and proxies
  • SQL injections
  • XXE
  • Authentication bypass
  • JWT tokens
  • Password reset
  • XSS
  • Insecure derect object reference
  • Insecure login
  • CSRF
  • Many more

SecKnitKit

Bash/C++

Includes modules on:

  • VirtualBox setup and utilization
  • Network security (ARP poisoning, IP spoofing MITM, WEP cracking)
  • Operating systems (race conditions, covert channels, heartbleed)
  • Software engineering (buffer overflow, improper initialization, improper operand)
  • Database management (SQL injections)

NICE Challenge

Hands-on labs

Includes modules on:

  • Vulnerability assessment and management
  • Dirty COW sandbox
  • EternalBlue sandbox
  • Heartbleed sandbox
  • Shellshock sandbox

Security Injections: Secure Coding

PHP/Ruby on Rails/SQL

Includes modules on:

  • Web development (XSS)
  • Databases (SQL injection)
  • Networking (Wi-Fi, MITM)
  • Software development life cycle
  • Encapsulation
  • Data hiding
  • Exception handling

SEED Labs

C/Bash/SQL/JS

Includes modules on:

  • Network security (TCP/IP, heartbleed, local/remote DNS, packet sniffing/spoofing)
  • Web security (XSS, CSRF, web tracking, SQL injection)
  • System security (meltdown, spectre)
  • Cryptography (MD5 collision)

Licensed under GNU General Public License v3.0 | Maintained by Vitaly Ford