Lab Setup

If you are serious about pen testing you need somewhere to practice your skills. Many course now provided a lab that you can pay to have access to for a certains period of course this is great but you can always build your own lab.

In order to build you own lab you need half decent computer that can run multiple virtual machines. I would say any PC or Laptop that has at least 4GB of Ram should be enough to start off with.

The type of lab you have really does depend on what area you wish to focus my contains a mixture of web and network based virtual machines.These are all sotred on a HP n40L mini server running Esxi. There are many great resources for building a lab this post will mainly provide links to resources and help you get setup with a lab in no time at all.

Complete OS
Name: Damn Vulnerable Linux

Name: De-ICE
Homepage: or
Notes: There are also some others that are no listed above but you can find them with a google search.

Name: Hackademic

Name: Kioptrix

Name: Metasploitable

Name: pWnOS

Offline Web sites

Name: Damn Vulnerable Web App

Name: Hacme

Name: Moth

Name: Mutillidae

Name: OWASP WebGoat

There are also online sites for a more complete list visit g0tmi1k blog as he done excellent job in listing them all.

another new site is this is an online website where you get your own sandbox to practice in. The great thing about this is if you are a developer you can build other challenges for others to attempt.

There are also many books that provide detail on settings up a lab:
Professional pentester by Thomas Whilem goes into great details about labs
Advanced Penetration Testing for Highly-Secured Environments by Lee Allen also covers labs and adds additional open source components like pfsense to the mix.

Leave a Reply