Hack-Hub
A repository of ethical hacking guidelines and resources
A Word on Pen Testing Tools
Kali Linux itself is a gold mine for penetration testing tools, and many of the tools mentioned below come pre-installed with Kali. I highly recommend familiarizing yourself with as many of the tools in Kali as possible, but don't limit yourself to those tools or to the tools below. Research other tools and test them within a controlled environment to ensure they are legitimate and that you understand how they work.
A Word on Vulnerable Machines
When dealing with any vulnerable technology, ensure you are not opening your own systems to the outside world. Keep the vulnerable technology off of live/production environments.
A Word on Vulnerable Web Apps
OWASP is a great source of web application security knowledge and tools. There are a great deal of intentionally vulnerable web applications in a variety of languages and formats available for your use. I have only listed those that I have experience with or that have been recommended to me by others, but OWASP has their own comprehensive list here. Additionally, Exploit-DB provides vulnerable versions of real web applications associated with exploits.
When dealing with any vulnerable technology, ensure you are not opening your own systems to the outside world. Keep the vulnerable technology off of live/production environments.