CTF平台集合 CTF Platforms 黑客技术靶场

CTF简介

CTF（Capture The Flag，夺旗赛）是一种网络安全竞赛，参与者通过解决各种挑战来获取“旗标”（flag），这些旗标通常是一些字符串，证明参赛者成功完成了某个任务。CTF比赛通常包含以下几类题目：

1. Web安全：寻找Web应用程序中的漏洞，例如SQL注入、XSS、CSRF等。
2. 逆向工程：分析二进制程序或软件，了解其内部工作原理，找到其中的漏洞或隐藏信息。
3. 密码学：解决与加密和解密相关的难题，破解密码或加密算法。
4. 取证：从受损的系统或文件中恢复数据，寻找隐藏的线索。
5. Pwn：通过漏洞利用获得对系统的控制权限，常见的有缓冲区溢出、格式化字符串漏洞等。
6. 隐写术：在图片、音频或其他文件中隐藏信息，解码并提取出来。

黑客靶场

黑客靶场（Hack The Box，简称HTB）是一个提供合法的、模拟的网络安全环境的平台，旨在帮助网络安全爱好者、渗透测试人员、以及CTF竞赛者练习和提升自己的技术。它通过设置各种具有挑战性的靶机（虚拟机）供用户攻破，并且每台靶机的目的是让参与者找到漏洞、利用漏洞、并最终获得特定的“旗标”（flag）

列表

1. HackTheBox App – link
2. HackTheBox Academy – link
3. TryHackMe – link
4. VulnLab – link
5. VulnHub – link
6. CryptoHack – link
7. Portswigger Web Security Academy – link
8. CTFTime – link
9. PicoCTF – link
10. PWNable – link
11. RE Challenges – link
12. XSS Game – link
13. Game Of Active Directory – link
14. Vulnerable Active Directory – link
15. Vulnerable Active Directory Plus – link
16. All Damn Vulnerable Resources – link
17. Lets Defend – link
18. CyberDefenders – link
19. Ethernaut – wargames – link
20. API Security University – link
21. Expose Lab – link
22. Damn Vulnerable GraphQL Application – link
23. CloudLabsAD – link
24. Offensive Security Labs – link
25. ICS Security Labs – link
26. SANS Holiday Hack Challenge – link
27. Damn Vulnerable DeFi – link
28. Vulnerable app with examples showing how to not use secrets – link
29. Learn to Code Blockchain DApps by Building Simple Games – link
30. CodeWars: Achieve mastery through challenge – link
31. Sad Servers – link
32. RHme Challanges 2015 – link
33. RHme Challanges 2016 – link
34. RHme Challanges 2017 – link
35. Crackmes – link
36. Cryptopals – link
37. ROP Emporium – link
38. CloudGoat – link
39. IAM Vulnerable – link
40. SadCloud – link
41. Damn Vulnerable GraphQL Application – link
42. MemLabs: Educational, CTF-styled labs for individuals interested in Memory Forensics. – link
43. PWNED Labs – link
44. Hands-on Security Labs focused on Azure IaaS Security – link
45. Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure – link
46. AWSGoat : A Damn Vulnerable AWS Infrastructure – link
47. AzureGoat : A Damn Vulnerable Azure Infrastructure – link
48. Damn Vulnerable Web Application (DVWA) – link
49. Damn Vulnerable Web Services – link
50. Damn Vulnerable Hybrid Mobile App – link
51. A deliberately vulnerable CI/CD environment – link
52. Vulnerable REST API with OWASP top 10 vulnerabilities for security testing – link
53. Damn Vulnerable Serverless Application – link
54. Damn Vulnerable Thick Client App developed in C# .NET – link
55. Damn Vulnerable Java (EE) Application – link
56. Damn Vulnerable IoT Device – link
57. Damn Vulnerable Python Web App – link
58. Damn Vulnerable Bank – link
59. Damn Vulnerable WordPress Site – link
60. Damn Vulnerable NodeJS Application – link
61. Damn Vulnerable Rails app – link
62. Damn Vulnerable Grade Management System – link
63. Damn Vulnerable C# Application (API) – link
64. Damn Vulnerable iOS App – link
65. Damn Vulnerable iOS App #2 – link
66. The Damn Vulnerable Router Firmware Project – link
67. Damn Vulnerable Functions as a Service – link
68. Damn Vulnerable Cloud Application – link
69. Create a vulnerable active directory that’s allowing you to test most of the active directory attacks in a local lab – link
70. An active directory laboratory for penetration testing – link
71. The Ethernaut is a Web3/Solidity based wargame – link
72. APIsec University – link
73. OverTheWire – link
74. CrypTool – link
75. Root Me – link
76. Webhacking.kr – link
77. Damn Vulnerable Restaurant – link
78. Reverse Engineering challenges – link
79. HackMyVM – link
80. UnderTheWire – link
81. Google CTF – link
82. Proving Grounds Play (Offsec) – link
83. OWASP crAPI – link
84. OWASP NodeGoat – link
85. OWASP Juice Shop – link
86. OWASP Mutillidae II – link
87. vAPI (vulnerable API) – link
88. AI Security Challenge – link
89. Gandalf: Test Your Prompt Injection Skills – link
90. DockerLabs – link
91. The Hackers Labs – link