Penetration testing and ethical hacking is a fast and growing field, there are so many student and learner around the world wants to learn penetration testing and some of them enrolled in different courses like CISSP, CEH and Cisco security. Practice makes a man perfect a famous proverb that is also applicable in the field of information security. So many people are using virtual machines to practice penetration testing but there are different tools and software are also available that give you the feature and learn and practice hacking.







Yes I am talking about Damn vulnerable application, different tools like damn vulnerable web application and Linux has been created for the sake to practice the penetration testing in ethical way. Below is the list of some tools that has been designed for hacking .

Damn Vulnerable Web Application

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

It is a best platform to practice web application hacking and security.

Damn Vulnerable Linux

Unix based Linux operating system is now become the most famous OS in server side, Linux seems to be most secure and reliable OS so if you want to practice your skills for Linux environment Damn vulnerable Linux is for you. Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

Hacking-Lab

This is the LiveCD project of Hacking-Lab. It gives you OpenVPN access into Hacking-Labs Remote Security Lab. The LiveCD iso image runs very good natively on a host OS, or within a virtual environment (VMware, VirtualBox).

The LiveCD gives you OpenVPN access into Hacking-Lab Remote.You will gain VPN access if both of the two pre-requirements are fulfilled.

HackXor

Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS , CSRF, SQLi , ReDoS, DOR, command injection, etc.

Web Security Dojo

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

WebMaven

WebMaven (better known as Buggy Bank) was an interactive learning environment for web application security. It emulated various security flaws for the user to find. This enabled users to safely & legally practice web application vulnerability assessment techniques. In addition, users could benchmark their security audit tools to ensure they perform as advertised.