BugBounty
BETA

Vulnerable Targets

Practice your security skills on intentionally vulnerable applications and systems

Showing 50 of 50 targets

OWASP Juice Shop
Beginner
Active
Modern and sophisticated insecure web application for security trainings
234
Hunters
45
Vulns
$1000
Max Reward
Discovery Progress67%
OWASP
JavaScript
Node.js
DVWA
Intermediate
Active
Damn Vulnerable Web Application - PHP/MySQL web application
189
Hunters
32
Vulns
$800
Max Reward
Discovery Progress45%
PHP
MySQL
Classic
WebGoat
Intermediate
Active
Deliberately insecure application maintained by OWASP
156
Hunters
28
Vulns
$750
Max Reward
Discovery Progress78%
Java
Spring
Educational
VulnHub Challenge
Advanced
Active
Custom vulnerable VM with multiple attack vectors
67
Hunters
15
Vulns
$1500
Max Reward
Discovery Progress23%
Linux
Privilege Escalation
Network
Mobile Security Lab
Advanced
Coming Soon
Android application with various mobile security flaws
89
Hunters
22
Vulns
$1200
Max Reward
Discovery Progress34%
Android
Mobile
APK
API Security Challenge
Intermediate
Active
RESTful API with authentication and authorization flaws
145
Hunters
18
Vulns
$900
Max Reward
Discovery Progress56%
REST API
JWT
OAuth
HackTheBox - Optimum
Intermediate
Active
Windows-based vulnerable machine from HackTheBox platform
134
Hunters
12
Vulns
$1000
Max Reward
Discovery Progress48%
Windows
Reverse Shell
Exploit Development
PortSwigger Web Security Academy
Beginner
Active
Free online security labs covering web vulnerabilities
305
Hunters
50
Vulns
$700
Max Reward
Discovery Progress72%
XSS
SQLi
CSRF
Metasploitable 2
Beginner
Active
Intentionally vulnerable Linux VM for penetration testing
200
Hunters
20
Vulns
$600
Max Reward
Discovery Progress58%
Linux
Network
Privilege Escalation
OWASP Security Shepherd
Intermediate
Active
Open-source web and mobile security training platform
111
Hunters
30
Vulns
$850
Max Reward
Discovery Progress35%
OWASP
CORS
IDOR
TryHackMe - RootMe
Beginner
Active
A beginner-friendly Linux machine with common web vulnerabilities.
450
Hunters
8
Vulns
$700
Max Reward
Discovery Progress80%
Linux
Web
Filesystem
Web for Pentester
Intermediate
Active
Contains various web vulnerabilities to practice web penetration testing.
95
Hunters
25
Vulns
$850
Max Reward
Discovery Progress60%
SQLi
XSS
LFI
HackTheBox - Lame
Beginner
Active
Classic easy Linux box for basic enumeration and privilege escalation.
280
Hunters
5
Vulns
$650
Max Reward
Discovery Progress90%
Linux
FTP
Samba
OWASP Broken Web Applications Project
Intermediate
Active
Collection of vulnerable web applications for security testing.
170
Hunters
40
Vulns
$950
Max Reward
Discovery Progress55%
OWASP
Multiple
PHP
Vulnerable Java Application
Intermediate
Active
A sample Java application designed to be vulnerable for learning.
75
Hunters
15
Vulns
$780
Max Reward
Discovery Progress40%
Java
Spring
Serialization
MobileGoat
Intermediate
Coming Soon
An Android application designed to be vulnerable for mobile security training.
60
Hunters
18
Vulns
$1100
Max Reward
Discovery Progress28%
Android
Reverse Engineering
Frida
HackTheBox - Grandpa
Beginner
Active
An old Windows XP machine with common vulnerabilities.
190
Hunters
7
Vulns
$700
Max Reward
Discovery Progress75%
Windows
SMB
Exploit
Damn Vulnerable iOS App (DVIA)
Advanced
Coming Soon
An iOS application that is intentionally vulnerable.
50
Hunters
15
Vulns
$1300
Max Reward
Discovery Progress15%
iOS
Swift
Objective-C
OWASP API Security Top 10
Intermediate
Active
A practical playground for the OWASP API Security Top 10.
100
Hunters
10
Vulns
$950
Max Reward
Discovery Progress65%
API
OWASP
Authentication
TryHackMe - Blue
Beginner
Active
A Windows machine vulnerable to MS17-010 (EternalBlue).
400
Hunters
3
Vulns
$800
Max Reward
Discovery Progress95%
Windows
SMB
EternalBlue
HackTheBox - Devel
Beginner
Active
An easy Windows machine with IIS 7.5 upload vulnerability.
250
Hunters
4
Vulns
$720
Max Reward
Discovery Progress88%
Windows
IIS
Upload
OWASP Web Security Testing Guide (WSTG)
All
Active
Provides comprehensive testing methodology for web applications.
500
Hunters
100
Vulns
$0
Max Reward
Discovery Progress100%
OWASP
Methodology
Documentation
PentesterLab - SQLi
Intermediate
Active
Specific labs focusing on SQL injection vulnerabilities.
120
Hunters
10
Vulns
$700
Max Reward
Discovery Progress60%
SQLi
Database
Injection
TryHackMe - Simple CTF
Beginner
Active
A basic CTF machine to practice web enumeration and privilege escalation.
300
Hunters
6
Vulns
$680
Max Reward
Discovery Progress85%
Linux
CTF
Enumeration
OWASP Top 10
Beginner
Active
The top 10 most critical web application security risks.
600
Hunters
10
Vulns
$0
Max Reward
Discovery Progress100%
OWASP
Awareness
Risk
HackTheBox - Chatterbox
Intermediate
Active
Windows machine with a vulnerable chat application.
110
Hunters
9
Vulns
$900
Max Reward
Discovery Progress52%
Windows
Buffer Overflow
Exploit
Exploit-Exercises - Protostar
Advanced
Active
A series of challenges to learn exploit development.
40
Hunters
20
Vulns
$1800
Max Reward
Discovery Progress10%
Linux
Buffer Overflow
ROP
Game of Hacks
Beginner
Active
Interactive game to identify vulnerabilities in code snippets.
180
Hunters
30
Vulns
$500
Max Reward
Discovery Progress70%
Code Review
Quiz
Educational
TryHackMe - Kenobi
Intermediate
Active
A Linux machine with Samba and ProFTPD vulnerabilities.
350
Hunters
7
Vulns
$850
Max Reward
Discovery Progress68%
Linux
Samba
ProFTPD
CyberTalents CTF Platform
Mixed
Active
Various CTF challenges across different security domains.
200
Hunters
50
Vulns
$1000
Max Reward
Discovery Progress40%
CTF
Forensics
Reverse Engineering
Google CTF
Advanced
Inactive (Past)
Annual Capture The Flag competition by Google.
100
Hunters
25
Vulns
$2000
Max Reward
Discovery Progress20%
CTF
Reversing
Pwn
Web Security Dojo
Intermediate
Active
A fully-featured Linux environment for web security testing.
90
Hunters
35
Vulns
$800
Max Reward
Discovery Progress30%
Linux
Web
Tools
Vulnerable React App
Intermediate
Active
A modern React application with common frontend vulnerabilities.
70
Hunters
12
Vulns
$900
Max Reward
Discovery Progress45%
React
JavaScript
Frontend
HackTheBox - Optimum
Intermediate
Active
Windows-based vulnerable machine from HackTheBox platform
134
Hunters
12
Vulns
$1000
Max Reward
Discovery Progress48%
Windows
Reverse Shell
Exploit Development
Security Innovation - CMD+CTRL
Mixed
Active
Interactive web application security training platform.
150
Hunters
30
Vulns
$1000
Max Reward
Discovery Progress60%
Web
Training
Gamified
Root-Me
Mixed
Active
Online platform with various challenges in web, network, and reverse engineering.
280
Hunters
80
Vulns
$1200
Max Reward
Discovery Progress55%
CTF
Web
Network
Crypto
eLearnSecurity - INE Labs
Mixed
Active
Hands-on labs for various security certifications.
100
Hunters
50
Vulns
$1500
Max Reward
Discovery Progress30%
Penetration Testing
Certifications
Labs
Open Source Vulnerable PHP App
Beginner
Active
A simple PHP application with known vulnerabilities for practice.
100
Hunters
15
Vulns
$600
Max Reward
Discovery Progress70%
PHP
SQLi
XSS
Virtual Hacking Labs
Mixed
Active
Online penetration testing lab environment for various difficulty levels.
70
Hunters
40
Vulns
$1600
Max Reward
Discovery Progress25%
Labs
Penetration Testing
VMs
Exploit Database - Shellcodes
Advanced
Active
A repository of shellcodes and exploits, useful for learning.
80
Hunters
200
Vulns
$0
Max Reward
Discovery Progress10%
Exploit
Shellcode
Assembly
HackTheBox - UnsecuredAPI
Advanced
Active
A REST API lab simulating insecure deserialization vulnerabilities.
55
Hunters
5
Vulns
$1100
Max Reward
Discovery Progress30%
Deserialization
Java
Python
PortSwigger SSRF Lab
Intermediate
Active
PortSwigger's dedicated labs covering server-side request forgery (SSRF).
90
Hunters
7
Vulns
$950
Max Reward
Discovery Progress50%
SSRF
Network
Cloud
WebGoat - XXE
Intermediate
Active
WebGoat challenge focusing on XML External Entity (XXE) injection.
85
Hunters
6
Vulns
$900
Max Reward
Discovery Progress48%
XXE
XML
Parsing
TryHackMe - WebSockets Lab
Advanced
Active
Hands-on lab covering WebSocket security and authentication issues.
60
Hunters
8
Vulns
$1200
Max Reward
Discovery Progress35%
WebSockets
Real-time
Authentication
HackTheBox - IDOR Exploit
Beginner
Active
Bug bounty simulation for insecure direct object references (IDOR).
160
Hunters
10
Vulns
$750
Max Reward
Discovery Progress65%
IDOR
Authorization
Access Control
PortSwigger CSRF Labs
Beginner
Active
Interactive CSRF exploitation labs with various difficulty levels.
140
Hunters
9
Vulns
$700
Max Reward
Discovery Progress70%
CSRF
Web
Session
OWASP Cryptography Playground
Advanced
Active
API lab simulating cryptography flaws and weak encryption implementations.
45
Hunters
7
Vulns
$1300
Max Reward
Discovery Progress25%
Cryptography
API
Encryption
CloudGoat by Rhino Security
Advanced
Coming Soon
Cloud-based security challenge covering AWS misconfigurations.
30
Hunters
10
Vulns
$1700
Max Reward
Discovery Progress15%
Cloud
AWS
Azure
Misconfiguration
CTF Learn: Container Breakout
Advanced
Coming Soon
A capture-the-flag challenge simulating container escape attacks.
25
Hunters
5
Vulns
$1900
Max Reward
Discovery Progress10%
Docker
Kubernetes
Container
VulnHub - JWT War
Advanced
Active
Virtual machine challenge simulating web and API vulnerabilities in JWT and OAuth flows.
250
Hunters
30
Vulns
$1480
Max Reward
Discovery Progress50%
JWT
OAuth