Penetration Testing Labs.

A place to learn and improve penetration testing/ethical hacking skills for FREE. The labs consist of 100+ real world scenarios to practice the latest exploits and cutting edge hacking techniques.

See how it works

Challenges

Vulnmachines Latest Challenges

Misconfigured Bucket

Misconfigured Bucket

Special Policy Bucket

Special Policy Bucket

Vulnerable Instance

Vulnerable Instance

Serverless Application

Serverless Application

Public Bucket

Public Bucket

Basic Labs

CORS

CORS

SQL Injection

SQL Injection

Cross-Site Scripting

Cross Site Scripting

SXML External Entity

XML External Entity

Insecure Deserialization

Insecure Deserialization

IDOR

IDOR

Local File Inclusion

Local File Inclusion

CSRF

CSRF

Server Side Request Forgery

Server Side Request Forgery

Intermediate Labs

File Upload

File Upload

HTTP Request Smuggling

HTTP Request Smuggling

SSTI

SSTI

JWT Token

JWT Token

GraphQL

GraphQL

Django Sqled

Django Sqled

Grabbing Attack

Grabbing Attack

Spring For Shell

Spring For Shell

Bypass Regex

Bypass Regex

NoSQL Injection

NoSQL Injection

Advanced Labs

Zero is Cool

Zero is Cool

It's Not My Mistake

It's Not My Mistake

4JLogs

4JLogs

Spring Actuators

Spring Actuators

Why So Serialize

Why So Serialize

Vulnmachine - Insecure Server

Vulnmachine - Insecure Server

Text4Shell

Text4Shell

OGNL Injection

OGNL Injection

Type Juggling

Type Juggling

Warm Up

Warmup 1

Warmup 1

Warmup 2

Warmup 2

Warmup 3

Warmup 3

Easy

Easy 1

Easy 1

Easy 2

Easy 2

Easy 3

Easy 3

Easy 4

Easy 4

Medium & Hard

Medium 1

Medium 1

Medium 2

Medium 2

Medium 3

Medium 3

Medium 4

Medium 4

Medium 5

Medium 5

Hard 1

Hard 1

Hard 2

Hard 2

Hard 3

Hard 3

Hard 4

Hard 4

Hard 5

Hard 5

Badge Hacking

Badge Hacking

OSINT Lab 1

OSINT Lab 1

OSINT Lab 2

OSINT Lab 2

OSINT Lab 3

OSINT Lab 3

OSINT Lab 4

OSINT Lab 4

Register Now

Writeups

Read the Writeups

Misconfigured Bucket

Cloud Labs

Misconfigured Bucket

Read More

Special Policy Bucket

Cloud Labs

Special Policy Bucket

Read More

Vulnerable Instance

Cloud Labs

Vulnerable Instance

Read More

Serverless Application

Cloud Labs

Serverless Application

Read More

Benefits

What Will You Get

Step by Step Process

Learn penetration testing with real-time vulnerabilities and exploits

24 X 7 Access

Get access through your browser

Learn Hacking From Browser

Access labs from your browser and start learning

Videos

Explore the Video Library

wso2 api manager

FAQs

Frequently Asked Questions

Vulnmachines is a cybersecurity learning platform where security enthusiasts can get hands-on experience on various skills in cybersecurity through Capture The Flag Contests.

Yes

Nope! Vulnmachines is 100% browser-based.

There is no invite challenge. Click here. You can start immediately for free!

Cybersecurity enthusiasts should solve the hosted challenges and participate in competitions. They can also globally compete with other talents.

account.vulnmachines.com
www.vulnmachines.com

In-scope targets will have "hackme" or "vulnerability name" in scope.

Every 24 hours, the labs will be restored to their initial condition.

You can mail us on bug@vulnmachines.com