Re: Article on Pentesting Study Frameworks

From: psiinon <psiinon@xxxxxxxxx>
Date: Tue, 19 Apr 2011 09:43:16 +0100

Theres a good list here:
http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/

Psiinon

On Fri, Apr 15, 2011 at 4:19 AM, Felipe Martins
<martins.felipe.security@xxxxxxxxx> wrote:

Hi there,

I'm planning on developing an article about pentest study frameworks,
with a full description and test on each one. Till now I've traced the
following:

. WEB
- WebGoat,
(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)
- Gruyere (antigo Codelab), (http://google-gruyere.appspot.com/)
- DVWA (Damn Vulnerable Web App), (http://www.dvwa.co.uk/)
- Hacme, (http://hacmegame.org/)
- Multilidae,
(http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10)
. War Games
- Hack This Site (http://www.hackthissite.org/)
- Over the Wire (http://www.overthewire.org/wargames/)
. Insecure Distributions
- Metasploitable,
(http://blog.metasploit.com/2010/05/introducing-metasploitable.html)
- de-ICE,
(http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks)
- Moth (Bonsai Security Software),
(http://www.bonsai-sec.com/en/research/moth.php)
- PwnOS, (http://www.neildickson.com/os/)
- DVL, (http://www.damnvulnerablelinux.org/)

Do you happen to know any other pentest study framework ?

Thanks in advance.

--
---
Felipe Martins
Security Analyst

Skype: martins.felipe
URL: http://www.felipemartins.info/
E-mail: martins.felipe.security@xxxxxxxxx

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

References:
- Article on Pentesting Study Frameworks
  - From: Felipe Martins

Prev by Date: RE: Graduate CS Pen Testing Class
Next by Date: Re: Graduate CS Pen Testing Class
Previous by thread: Article on Pentesting Study Frameworks
Next by thread: RE: Article on Pentesting Study Frameworks
Index(es):
- Date
- Thread

Relevant Pages

Re: Professional Scrpt Kiddies vs Real Talent
... CLUE to how the machine works either, ... * Kevin Finisterre ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
(Pen-Test)
Re: Professional Scrpt Kiddies vs Real Talent
... there is plenty of work to go around and not every security job ... * Kevin Finisterre ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
(Pen-Test)
Re: Several Metasploit plugins and tutorials
... Not so much a ready-to-use module, but some discourse into Metasploit ... bypassing proxies with metasploit. ... Information Assurance Certification Review Board ...
(Pen-Test)
[TOOL] New w3af release!
... The development team is proud to announce a new w3af release! ... Bonsai Information Security - CTO ... Information Assurance Certification Review Board ...
(Pen-Test)