Here’s a list of some CTF practice sites and tools or CTFs that are long-running. Thanks, RSnake for starting the original that this is based on. If you have any corrections or suggestions, feel free to email ctf at the domain psifertex with a dot com tld.
Live Online Games 线上竞赛
Whether they’re being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.这些网站一般都是长期运营
http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges) https://picoctf.com/ (Designed for high school students while the event is usually new every year, it’s left online and has a great difficulty progression) https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430) https://learn.abctf.xyz (a new CTF based learning platform with user-contributed challenges) http://reversing.kr/ http://hax.tor.hu/ https://w3challs.com/ https://pwn0.com/ https://io.netgarage.org/ http://ringzer0team.com/ http://www.hellboundhackers.org/ http://www.overthewire.org/wargames/ http://counterhack.net/Counter_Hack/Challenges.html http://www.hackthissite.org/ http://vulnhub.com/
https://backdoor.sdslabs.co/ http://smashthestack.org/wargames.html http://hackthecause.info/ http://bright-shadows.net/ http://www.mod-x.co.uk/main.php http://scanme.nmap.org/ http://www.hackertest.net/ http://net-force.nl/ http://securityoverride.org/ Some good concepts, but “canned” vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons
http://www.wechall.net/sites.php (excellent list of challenge sites) http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC) http://repo.shell-storm.org/CTF/ (great archive of CTFs)
http://demo.testfire.net/ http://wocares.com/xsstester.php http://crackme.cenzic.com/ http://test.acunetix.com/ http://zero.webappsecurity.com/
http://computer-forensics.sans.org/community/challenges http://computer-forensics.sans.org/community/challenges http://forensicscontest.com/
https://www.praetorian.com/challenges/pwnable/ http://rtncyberjobs.com/ http://0x41414141.com/ Paid Training
http://heorot.net/ Downloadable Offline Games
http://www.badstore.net/ http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.owasp.org/index.php/Owasp_SiteGenerator Damn Vulnerable Web App Stanford SecureBench Stanford SecureBench Micro http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
https://pentesterlab.com/exercises/ http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ Damn Vulnerable Linux (not currently live? local mirror)
Just around for historical sake, or on the off-chance they come back.
http://rootcontest.com/ http://intruded.net/ https://how2hack.net WebMaven (Buggy Bank) http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm http://hackme.ntobjectives.com/ http://testphp.acunetix.com/ http://testasp.acunetix.com/Default.asp http://prequals.nuitduhack.com http://www.gat3way.eu/index.php (Russian) http://exploit-exercises.com/ (challenges mirrored on vulnhub) http://damo.clanteam.com/ http://p6drad-teel.net/~windo/wargame/ http://roothack.org/ http://ha.ckers.org/challenge/ http://ha.ckers.org/challenge2/ http://www.dc3.mil/challenge/ [ICO] Name Last modified Size [DIR] Parent Directory - Indices 1.1
