Select Page

Legal training ground to penetration testing

Ethical Hacking

There are several platforms and websites that allow legal hacking and penetration testing. These sites provide opportunities for cybersecurity professionals and enthusiasts to test their skills in a controlled environment, without the risk of violating any laws. Below are some popular legal hacking platforms: (This can change in regular intervals please read Privacy / Terms before testing)

https://vulnweb.com

https://www.hackthissite.org

http://www.itsecgames.com/

https://hbh.sh/home

https://github.com/webpwnized/mutillidae

https://google-gruyere.appspot.com

https://defendtheweb.net

https://www.root-me.org/?lang=en

https://overthewire.org/wargames

https://github.com/prateek147/DVIA-v2

https://github.com/WebGoat/WebGoat

Below are some more popular legal hacking platforms:

1. Bug Bounty Programs

  • Many companies offer bug bounty programs where ethical hackers can legally test their systems for vulnerabilities. Examples include:
  • HackerOne: A platform connecting companies with ethical hackers. You can legally hack participating organizations’ systems in exchange for rewards.
  • Bugcrowd: Similar to HackerOne, Bugcrowd allows you to find bugs and earn rewards for participating companies.

2. Vulnerable by Design Websites

These websites are created specifically to be vulnerable and are designed for training and practice purposes:

  • DVWA (Damn Vulnerable Web Application): A PHP/MySQL web application vulnerable to common web attacks.
  • bWAPP (Buggy Web Application): A free and open-source vulnerable web app for learning security testing techniques.
  • WebGoat: A deliberately insecure web application maintained by OWASP for educational purposes.
    • Website: https://owasp.org/www-project-webgoat

3. Capture the Flag (CTF) Platforms

  • Hack The Box: An online platform that offers CTF challenges and penetration testing environments. Users can legally attempt to hack into virtual machines and solve security-related puzzles.
  • TryHackMe: An interactive platform offering hands-on training in cybersecurity. It includes various challenges, CTFs, and practical labs.
  • OverTheWire: A collection of war games where users solve hacking challenges and puzzles to enhance their skills.

4. Vulnerable Cloud Platforms

5. Self-Hosted Vulnerable Environments

  • Metasploitable: A vulnerable virtual machine maintained by Rapid7, designed to be used for penetration testing practice with tools like Metasploit.
    • Website: https://sourceforge.net/projects/metasploitable
  • VulnHub: A platform offering downloadable vulnerable VMs that you can run locally to practice penetration testing.

6. Open Bug Bounty

By participating in these platforms, ethical hackers can test their skills, gain experience, and even earn rewards or recognition, all while staying within the boundaries of the law.

Latest Post:

Pin It on Pinterest