Your Progress
Complete all exercises to earn the Introduction Badge badge and certificate.
View the Unix Badge badge and complete the exercises to earn the certificate.
- Unix 00
- Unix 01
- Unix 02
- Unix 03
- Unix 04
- Unix 05
- Unix 06
- Unix 07
- Unix 08
- Unix 09
- Unix 10
- Unix 11
- Unix 12
- Unix 13
- Unix 14
- Unix 15
- Unix 16
- Unix 17
- Unix 18
- Unix 19
- Unix 20
- Unix 21
- Unix 22
- Unix 23
- Unix 24
- Unix 25
- Unix 26
- Unix 27
- Unix 28
- Unix 29
- Unix 30
- Unix 31
- Unix 32
- Unix 33
- Unix 34
Complete all exercises to earn the Unix Badge badge and certificate.
View the Essential Badge badge and complete the exercises to earn the certificate.
- Authentication 01
- Authentication 02
- Authentication 03
- Authentication 04
- Authentication 05
- Authorization 01
- Authorization 02
- Authorization 03
- Authorization 04
- Authorization 05
- Authorization 06
- Code Execution 01
- Code Execution 02
- Code Execution 03
- Code Execution 04
- Code Execution 05
- Code Execution 06
- Code Execution 07
- Code Execution 08
- Code Execution 09
- Command Execution 01
- Command Execution 02
- Command Execution 03
- Directory Traversal 01
- Directory Traversal 02
- Directory Traversal 03
- File Include 01
- File Include 02
- LDAP 01
- LDAP 02
- MongoDB Injection 01
- MongoDB Injection 02
- Open Redirect 01
- Open Redirect 02
- SQL Injection 01
- SQL Injection 02
- SQL Injection 03
- SQL Injection 04
- SQL Injection 05
- SQL Injection 06
- Server Side Request Forgery 01
- Server Side Request Forgery 02
- Server Side Request Forgery 03
- Server Side Request Forgery 04
- Server Side Template Injection 01
- Server Side Template Injection 02
- File Upload 01
- File Upload 02
- XML Attacks 01
- XML Attacks 02
- XSS 01
- XSS 02
- XSS 03
- XSS 04
- XSS 05
- XSS 06
- XSS 07
- XSS 08
- XSS 09
- XSS 10
Complete all exercises to earn the Essential Badge badge and certificate.
View the PCAP badge badge and complete the exercises to earn the certificate.
- PCAP 01
- PCAP 02
- PCAP 03
- PCAP 04
- PCAP 05
- PCAP 06
- PCAP 07
- PCAP 08
- PCAP 09
- PCAP 10
- PCAP 11
- PCAP 12
- PCAP 13
- PCAP 14
- PCAP 15
- PCAP 16
- PCAP 17
- PCAP 18
- PCAP 19
- PCAP 20
- PCAP 21
- PCAP 22
- PCAP 23
- PCAP 24
- PCAP 25
- PCAP 26
- PCAP 27
- PCAP 28
- PCAP 29
- PCAP 30
- PCAP 31
- PCAP 32
- PCAP 33
- PCAP 34
- PCAP 35
Complete all exercises to earn the PCAP badge badge and certificate.
View the HTTP Badge badge and complete the exercises to earn the certificate.
- HTTP 01
- HTTP 02
- HTTP 03
- HTTP 04
- HTTP 05
- HTTP 06
- HTTP 07
- HTTP 08
- HTTP 09
- HTTP 10
- HTTP 11
- HTTP 12
- HTTP 13
- HTTP 14
- HTTP 15
- HTTP 16
- HTTP 17
- HTTP 18
- HTTP 19
- HTTP 20
- HTTP 21
- HTTP 22
- HTTP 23
- HTTP 24
- HTTP 25
- HTTP 26
- HTTP 27
- HTTP 28
- HTTP 29
- HTTP 30
- HTTP 31
- HTTP 32
- HTTP 33
- HTTP 34
- HTTP 35
- HTTP 36
- HTTP 37
- HTTP 38
- HTTP 39
- HTTP 40
- HTTP 41
- HTTP 42
- HTTP 43
Complete all exercises to earn the HTTP Badge badge and certificate.
- CVE-2014-6271/Shellshock
- JSON Web Token None Algorithm
- From SQL Injection to Shell
- CVE-2007-1860: mod_jk double-decoding
- Pickle Code Execution
- Electronic Code Book
Complete all exercises to earn the White Badge badge and certificate.
Complete all exercises to earn the Serialize Badge badge and certificate.
- CVE-2016-10033: PHPMailer RCE
- CVE-2016-2098
- Cipher block chaining
- Play Session Injection
- Play XML Entities
- JWT Algorithm Confusion
- Struts s2-045
Complete all exercises to earn the Yellow Badge badge and certificate.
- S2-052
- JWT VII
- Git Information Leak
- JWT V
- Git Information Leak II
- JWT kid Injection
- JWT IV
- JWT VI
- CBC-MAC II
- CBC-MAC
- CVE-2018-0114
Complete all exercises to earn the Blue Badge badge and certificate.
- GraphQL Introspection
- Ruby 2.x Universal RCE Deserialization Gadget Chain
- GraphQL: SQL Injection
- CVE-2019-5420
- From SQL injection to Shell III
- Length Extension Attack
- Gogs RCE
- Gogs RCE II
- JWT VIII
- JWT IX
- JWT XII
- cve-2019-5420 II
- CVE-2019-5418
- IDOR to Shell
- JWT X
- JWT XI
Complete all exercises to earn the Green Badge badge and certificate.
- XSS Include
- Introduction to CSP
- JSON Cross-Site Request Forgery
- SVG XSS
- CVE-2018-6574: go get RCE
- CVE-2016-5386: HTTPoxy/Golang HTTProxy namespace conflict
- Cross-Origin Resource Sharing II
- Cross-Site WebSocket Hijacking
- postMessage()
- postMessage() II
- postMessage() III
- postMessage() IV
- Cross-Site Request Forgery
- CVE-2018-11235: Git Submodule RCE
- Cross-Site Leak
Complete all exercises to earn the Orange Badge badge and certificate.
Complete all exercises to earn the Intercept Badge badge and certificate.
- SAML: Introduction
- OAuth2: Authorization Server CSRF
- SAML: Signature Stripping
- SAML: Comment Injection
- SAML: PySAML2 SSRF
- SAML: CVE-2021-21239
- SAML: Malicious IDP
- SAML: Signature Wrapping III
- OAuth2: Authorization Server XSS
- SAML: Comment Injection II
- OAuth2: State Fixation
- SAML: SAMLResponse forwarding
- SAML: Trusted Embedded Key
- SAML: Known Key
- OAuth2: Client CSRF II
- OAuth2: Client CSRF
- OAuth2: Client OpenRedirect
- OAuth2: Authorization Server OpenRedirect
- OAuth2: Predictable State
- OAuth2: Predictable State II
- SAML: Signature Wrapping
- SAML: Signature Wrapping II
- OAuth2: Client Server XSS
- OAuth2: Authorization Server XSS II
- OAuth2: Github HTTP HEAD
Complete all exercises to earn the Authentication / Authorization Badge badge and certificate.
Complete all exercises to earn the Android Badge badge and certificate.
Complete all exercises to earn the Capture-The-Flag Badge badge and certificate.
- Signing Oracle
- JS Prototype Pollution
- CVE-2021-41773
- JSON Web Encryption
- GCM Nonce Reuse
- Apache Pluto RCE
- CVE-2021-40438
- Unicode and Uppercase
- Unicode and Downcase
- Zip symlink
- Express Local File Read
- CVE-2020-14343: PyYAML unsafe loader
- CVE-2022-21449
- CVE-2021-41773 II
- CVE-2020-7115: Aruba Clearpass RCE
- CGI and Signature
- EDDSA vulnerability in Monocypher
- Unicode and NFKC
- From SQL injection to Shell III: PostgreSQL Edition
- Spring Actuators
- PHP phar://
- RCE via argument injection
- Ox Remote Code Execution
- JWT Algorithm Confusion with RSA Public Key Recovery
- CVE-2020-8163: Rails local name RCE
- Ox Remote Code Execution II
Complete all exercises to earn the Brown Badge badge and certificate.
View the Recon Badge badge and complete the exercises to earn the certificate.
- Recon 00
- Recon 01
- Recon 02
- Recon 03
- Recon 04
- Recon 05
- Recon 06
- Recon 07
- Recon 08
- Recon 09
- Recon 10
- Recon 11
- Recon 12
- Recon 13
- Recon 14
- Recon 15
- Recon 16
- Recon 17
- Recon 18
- Recon 19
- Recon 20
- Recon 21
- Recon 22
- Recon 23
- Recon 24
- Recon 25
- Recon 26
Complete all exercises to earn the Recon Badge badge and certificate.
- API 01
- API 02
- API 03
- API 04
- API 05
- API 06
- API 07
- API 08
- API 09
- API 10
- API 11
- API 12
- API 13
- API 14
- API 15
- API 16
- API 17
- API 18
- API 19
- API 20
- API JWT REVOCATION
- API Mass-Assignment 01
- API Mass-Assignment 02
- API Mass-Assignment 03
- API Payments 01
- API Payments 02
- API Payments 03
- API Payments 04
- API Payments 05
- API Payments 06
- API Payments 07
- GraphQL Authorization 01
- GraphQL Authorization 02
- Mongo IDOR
- Mongo IDOR II
- Mongo IDOR III
- Mongo IDOR IV
- ORM LEAK 01
- ORM LEAK 02
- ORM LEAK: SQLite
- UUIDv1 IDOR
Complete all exercises to earn the API Badge badge and certificate.
- SSRF in PDF generation
- ODF XXE Coming soon
- Latex: --shell-escape
- CVE-2022-24720
- CVE-2022-39224
- XSL PHP
- XSL PHP II
- DOMPDF RCE
- XSL PHP IV
- DOMPDF RCE III
- XSL Java
- DOMPDF RCE II
- XSL PHP III
- CVE-2021-33564 Argument Injection in Ruby Dragonfly
- CVE-2021-22204: Exiftool RCE II
- SSRF via FFMPEG
- XSL PHP V
- CVE-2021-22204: Exiftool RCE
- SSRF via FFMPEG II
- DOMPDF RCE IV
Complete all exercises to earn the Media Badge badge and certificate.
View the Code Review Badge badge and complete the exercises to earn the certificate.
- CVE-2020-17xx7
- CVE-2020-9x9x
- Golang Snippet #02
- Golang Snippet #05
- Golang Snippet #06
- Golang Snippet #07
- Golang Snippet #10
- Golang Snippet #11
- Javascript Snippet #05
- Ruby Snippet #01
- Ruby Snippet #05
- Ruby Snippet #06
- CVE-2009-3x8x
- CVE-2008-5x8x
- CVE-2008-1x3x
- CVE-2008-4x9x
- Python Snippet #02
- TypeScript Snippet #01
- TypeScript Snippet #02
- TypeScript Snippet #06
- TypeScript Snippet #07
- Java Snippet #04
- Java Snippet #05
- Java Snippet #08
- Python Snippet #08
- Java Snippet #10
- Code Review 08
- Code Review 16
- CVE-2020-11xxx
- CVE-2020-17xx8
- Golang Snippet #04
- Golang Snippet #09
- Javascript Snippet #02
- Javascript Snippet #03
- Javascript Snippet #06
- Python Snippet #01
- Ruby Snippet #03
- Ruby Snippet #07
- Ruby Snippet #08
- CVE-2021-37xxx
- PHP Snippet #01
- PHP Snippet #03
- Java Snippet #01
- Java Snippet #03
- CVE-2006-4xxx
- CVE-2006-4xxx_ii
- PHP Snippet #06
- CVE-2021-39x3x
- TypeScript Snippet #04
- TypeScript Snippet #08
- CVE-2021-4379x
- CVE-2021-45xx9
- Python Snippet #03
- Golang Snippet #01
- Python Snippet #04
- Python Snippet #05
- PHP Snippet #07
- Java Snippet #07
- Python Snippet #06
- Python Snippet #07
- Python Snippet #09
- Java Snippet #11
- Java Snippet #12
- CVE-2022-3x7x1
- Code Review 10
- Code Review 12
- Code Review 14
- Code Review 15
- Code Review 17
- Code Review 18
- CVE-2020-13xxx
- Golang Snippet #03
- Golang Snippet #08
- Javascript Snippet #01
- Javascript Snippet #04
- Javascript Snippet #07
- Ruby Snippet #02
- Ruby Snippet #04
- Ruby Snippet #09
- PHP Snippet #02
- Golang Snippet #12
- Java Snippet #02
- CVE-2019-5x2x
- PHP Snippet #04
- PHP Snippet #05
- CVE-2008-5x8x_ii
- CVE-2021-381xx
- TypeScript Snippet #03
- TypeScript Snippet #05
- TypeScript Snippet #09
- CVE-2021-4xx50
- Java Snippet #06
- Java Snippet #09
- Code Review 01
- Code Review 02
- Code Review 06
- CVE-2022-26xx9
- PHP Snippet #09
- Code Review 03
- Code Review 04
- Code Review 05
- Code Review 07
- Code Review 09
- Code Review 11
- Code Review 13
- PHP Snippet #08
- CVE-2005-2x8x
Complete all exercises to earn the Code Review Badge badge and certificate.
- CVE-2022-21724: JDBC RCE PostgreSQL
- H2 RCE
- JDBC RCE
- Log4j RCE
- Log4j RCE II
- Java Serialize 01
- Java Serialize 02
- Java Serialize 03
- Java Serialize 04
- Java Serialize 05
- Java Serialize 06
- Java Serialize 07 Coming soon
Complete all exercises to earn the Java Deserialization Badge badge and certificate.
- CVE-2022-2X457
- CVE-2009-387X
- CVE-2023-5143X
- CVE-2023-4X25X
- CVE-2023-5X38X
- CVE-2024-2X31X
- CVE-2025-NOID
- CVE-2024-X875X
- CVE-2025-627X0
- CVE-2022-2X24X
- CVE-2023-3X4X6
- CVE-2022-4x3x5
- CVE-2009-26X3
- CVE-2020-9X8X
- CVE-2018-XX34
- CVE-2022-X51X3
- CVE-2022-458X1
- CVE-2022-357X1
- CVE-2007-546X
- CVE-2023-350XX
- CVE-2011-XX61
- CVE-2022-x0x08
- CVE-2022-x0x09
- CVE-2022-4504x
- CVE-2014-7X09
- CVE-2023-X48X9
- CVE-2022-342XX
- CVE-2022-X50X6
- CVE-2023-25X4X
- CVE-202X-2561X
- CVE-2023-46XX2
- CVE-2006-6X6X
- CVE-2015-3XX0
- CVE-2022-393XX
- CVE-2023-2XX60
- CVE-2023-2XX61
- CVE-2023-XXX83
- CVE-2023-289X6
- CVE-2022-378xx
- CVE-2022-4x13x
- CVE-2014-X80X
- CVE-2022-X41X9
- CVE-2012-5XX3
- CVE-2023-30XX1
- CVE-2023-2X8X1
- CVE-2022-XX910
- CVE-2018-8x14
- GHSA-95XX
- Java Code Review 01
- Java Code Review 02
- Java Code Review 03
- Java Code Review 04
- Java Code Review 05
- Java Code Review 06
- Java Code Review 07
- Java Code Review 08
- Java Code Review 09
- Java Code Review 10
- Java Code Review 11
- Java Code Review 12
- Java Code Review 13
- Java Code Review 14
- Java Code Review 15
- Java Code Review 16
Complete all exercises to earn the Java Code Review Badge badge and certificate.
- CVE-2025-XX559 Coming soon
- CVE-2026-XXX50
- CVE-2025-XXX57
- CVE-2026-X189X
- CVE-2026-XX871
- CVE-2025-XX662
- CVE-2026-XX928 Coming soon
- CVE-2026-XX242 Coming soon
- CVE-2026-XX738 Coming soon
- CVE-2026-XX790 Coming soon
- CVE-2026-XX130 Coming soon
- CVE-2026-XX039 Coming soon
- CVE-2026-XX905 Coming soon
- CVE-2026-XX802 Coming soon
- CVE-2026-XX485 Coming soon
- CVE-2026-XX09 Coming soon
- CVE-2026-XX064 Coming soon
- CVE-2025-XX473 Coming soon
- CVE-2026-21XX3 Coming soon
- CVE-2026-2413X Coming soon
- CVE-2024-X68X
- CVE-2025-X270X
- CVE-2025-6X5X7
- CVE-2025-6X9X2
- CVE-2025-X942X
- CVE-2025-6X85
- CVE-2025-0X6X
- CVE-2025-XX149
- CVE-2024-419XX
- CVE-2024-433XX
- CVE-2023-51XX9 Coming soon
- CVE-2024-XX3X9
- CVE-2023-3X829 Coming soon
- Python Code Review 01
- Python Code Review 02
- Python Code Review 03
- Python Code Review 04
- Python Code Review 05
- Python Code Review 06
- Python Code Review 07
- Python Code Review 09
Complete all exercises to earn the Python Code Review Badge badge and certificate.
- CVE-2025-3X5X
- CVE-2019-379X
- CVE-2019-X03X
- CVE-2024-6X3X
- CVE-2025-XX95X
- CVE-2025-4913X
- CVE-2023-3219X
- CVE-2022-37X1
- CVE-2025-5X3X9
- CVE-2025-6XX4
- CVE-2025-5XX2X
- CVE-2023-2758X
- CVE-2025-X93X0
- CVE-2025-X215X
- CVE-2017-1XX74
- CVE-202X-15X7
- CVE-2024-x730x
- CVE-2023-28XX9
- CVE-2022-2X8XX
- CVE-2022-X10X8
- CVE-2022-X87X
- CVE-2024-X90X6
- CVE-2023-51XX2
- CVE-2024-2791X
- CVE-2023-X5821
- CVE-2024-X3X06
- CVE-2022-XX975
- CVE-2024-X5X87
- CVE-2023-XX463
- CVE-2021-X5X8
- Golang Code Review #01
- Golang Code Review #02
- Golang Code Review #03
- Golang Code Review #04
- Golang Code Review #05
- Golang Code Review #06
- Golang Code Review #07
- Golang Code Review #08
- Golang Code Review #09
- Golang Code Review #10
Complete all exercises to earn the Golang Code Review Badge badge and certificate.
- CVE-2021-X27X0
- CVE-2026-XX951
- CVE-2025-XX953
- CVE-2026-XX050
- CVE-2026-XX888
- CVE-2025-XX864
- CVE-2020-XX079
- CVE-2025-625X8
- CVE-2025-X23XX
- CVE-2025-X9X28
- placeholder Coming soon
- CVE-2024-X170X
- CVE-2021-437XX
- CVE-2026-XX938 Coming soon
- CVE-2026-XX047 Coming soon
- CVE-2025-XX400 Coming soon
- CVE-2022-XX785 Coming soon
- CVE-2025-XXXXX Coming soon
- CVE-2024-X7X95 Coming soon
Complete all exercises to earn the JavaScript Code Review badge and certificate.
- CVE-2022-0415
- JWT: Invalid Algorithm
- JWT: Signature Leak
- JWT: Refresh Token Bypass Coming soon
- Cache Deception 01
- Cache Deception 02
- CVE-2014-4511: Gitlist RCE
- CVE-2008-1930: WordPress Cookie Integrity Flaw
- CVE-2024-47081
- From SQL Injection to Shell: PostgreSQL edition
- From SQL Injection to Shell II
- Cache Poisoning 01
- GCM Tag Truncation
- JSON Web Token XV: CVE-2022-39227
- JWT Algorithm Confusion with ECDSA Public Key Recovery
- CVE-2026-24895: FrankenPHP Path Confusion RCE using Unicode
- SAML: CVE-2025-25291
- SAML: CVE-2025-29775
- SAML: CVE-2025-29775 Signed Metadata
All the online free labs you have access to.
View the Recon Badge badge and complete the exercises to earn the certificate.
- Recon 00
- Recon 01
- Recon 02
- Recon 03
- Recon 04
- Recon 05
- Recon 06
- Recon 07
- Recon 08
- Recon 09
- Recon 10
- Recon 11
- Recon 12
- Recon 13
- Recon 14
- Recon 15
- Recon 16
- Recon 17
- Recon 18
- Recon 19
- Recon 20
- Recon 21
- Recon 22
- Recon 23
- Recon 24
- Recon 25
- Recon 26
Complete all exercises to earn the Recon Badge badge and certificate.
Offline free labs you can run on your own computer using virtualisation software.
Web for Pentester
This exercise is a set of the most common web vulnerabilities.
Web for Pentester II
This exercise is a set of the most common web vulnerabilities.
From SQL Injection to Shell
This exercise demonstrates how to leverage a SQL injection to gain access to the admin console, and from there, how to execute commands on the underlying system
PHP Include And Post Exploitation
This exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.
CVE-2012-1823: PHP CGI
This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.
Linux Host Review
This exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.
CVE-2008-1930: WordPress Cookie Integrity Flaw
This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.
Axis2 Web service and Tomcat Manager
This exercise explains the interactions between Tomcat and Apache, then it shows how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain command execution.
From SQL Injection to Shell II
This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then once in the administration console, how you can run commands on the system.
Electronic Code Book
This exercise explains how you can tamper with encrypted cookies to access another user's account
CVE-2007-1860: mod_jk double-decoding
This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to inaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
Introduction to code review
This exercise covers the different ways to perform code review. It also contains a simple application to review to help you get started.
