β¨οΈPractice Platforms
This is an easy access collection of links I use to practice my skills, bug bounty hunting is 90% practice and the rest 10% whatever you feel like you have to have to do the practice!
PentesterLab PentesterLab is an interactive platform offering hands-on labs that teach web application and network security through real-world scenarios, CVEs, and code review exercises, making it ideal for aspiring pentesters and bug bounty hunters.
XSS Game XSS Game is a browser-based training tool by Google that guides users through practical challenges to find and exploit cross-site scripting (XSS) vulnerabilities, helping players understand and defend against XSS attacks.
Hack This Site Hack This Site is a free, community-driven platform featuring a variety of hacking challenges and missions that simulate real-world scenarios, allowing users to practice and improve their cybersecurity skills.
Root-Me Root-Me provides a wide array of realistic hacking and computer security challenges across categories like scripting, cryptography, forensics, and web technologies, encouraging users to fully compromise targets and participate in CTFs while fostering community learning.
HackTheBox HackTheBox is a popular platform where users can practice ethical hacking by exploiting intentionally vulnerable machines and networks, focusing on hands-on, research-driven learning with a strong community and regular CTF events.
DVWS - Damn Vulnerable Web Services DVWS is a deliberately insecure web application built on web sockets, designed for practicing and testing web socket vulnerabilities such as brute force, SQL injection, XSS, and command execution in a controlled environment.
CTF365 CTF365 is a gamified Capture The Flag platform that replicates real-life networks, allowing individuals and organizations to set up their own CTF infrastructure for ongoing competitions and practical security training.
Google Gruyere Google Gruyere is a vulnerable web application designed to teach web security by simulating attacks like XSS, CSRF, SQL injection, and code execution, with guided challenges and explanations for each exploit.
OWASP Juice Shop OWASP Juice Shop is an intentionally insecure, gamified web application featuring a wide range of vulnerabilities from the OWASP Top 10, offering hacking challenges of varying difficulty and a scoreboard to track progress.
flAWS Cloud flAWS Cloud is a learning platform focused on cloud security, presenting users with real-world AWS misconfigurations and vulnerabilities to exploit and learn from.
bWAPP bWAPP ("buggy web application") is a free, intentionally vulnerable PHP application that covers numerous web vulnerabilities-including all OWASP Top 10 risks-across multiple difficulty levels, suitable for ethical hacking training and classroom use.
OWASP Mutillidae OWASP Mutillidae is a free, open-source web application designed for pentesting practice, containing over 40 vulnerabilities structured around the OWASP Top Ten, and suitable for both self-study and classroom environments.
tryhackme TryHackMe is a gamified cybersecurity learning platform offering guided, interactive lessons ("rooms") on a wide range of topics, from beginner to advanced, with hands-on labs and CTF-style challenges.
Portswigger Labs (Web Security Academy) PortSwigger Labs, part of the Web Security Academy, provides free, constantly updated interactive labs and tutorials covering web application vulnerabilities, exploitation techniques, and defensive measures, created by the team behind Burp Suite.
OverTheWire OverTheWire hosts a series of "wargames"-interactive challenges that teach security concepts, Linux basics, and exploitation techniques, starting from beginner-friendly levels and progressing to advanced topics in a fun, hands-on way.
Last updated