eLearnSecurity Blog

20+ Free Resources To Legally Practice Your Ethical Hacking Skills

There’s no better way to gaining confidence in your ethical hacking skills than by actually practicing them in real-life. So, where can one do that? We searched the web for solutions, and here are the top free resources we found.


  1. Hack.me hosts a number of vulnerable apps and allows its community to build, host and share their vulnerable application code for educational and research purposes. 

  2. Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests.
  3. Hack This Site is more than just another hacker wargames site, it’s a living, breathing community with many active projects in development.
  4. Try2Hack provides several security oriented challenges for your entertainment.
  5. HackThis  is a legal and safe network security resource where users test their hacking skills on various challenges and learn more about hacking.
  6. CTF365 allows you to defend your servers and launch attacks on others, all using the exact same techniques that work in the real world.
  7. OverTheWire helps you learn and practice security concepts in the form of fun-filled games.
  8. Hacking-Lab  is providing CTF and mission style challenges for international competitions, like the European Cyber Security Challenge.
  9. Pwnable.kr is a non-commercial wargame site which provides various pwn challenges regarding system exploitation.
  10. SmashTheStack is a wargaming Network hosting several wargames.
  11. IO is a wargaming community with several free wargames available.
  12. Microcorruption is an embedded security CTF where you have to reverse engineer fictional Lockitall electronic lock devices.
  13. W3Challs  is a penetration testing platform, which offers various computer challenges, in categories related to security: Hacking, Cracking, Wargame, Forensic, Cryptography, Steganography and Programming.
  14. PWN0 is the VPN where (almost) anything goes, that allows you to go up against pwn0bots or other users and score points by gaining root on other systems.
  15. Hellbound Hackers is a completely legal, web-based security training ground, offering challenges that teach you how computer based exploits work.
  16. Damn Vulnerable iOS App (DVIA) provides a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.

  17. Root Me allows you to practice your ethical hacking skills across a variety of scenarios.
  18. CTFtime  is great resource to stay up-to-date on CTF events happening around the globe.
  19. WebGoat is an insecure app available for Windows, OS X Tiger and Linux and also runs in Java and .NET environments.
  20. Juice Shop  is an insecure web application based on JavaScript for anyone that’s into coding or testing JavaScript but don’t understand the security issues that can arise. 

  21. Hackademic is an OWASP open-source project and offers 10 realistic scenarios which are full of vulnerabilities

  22. Hackxor  is a web app hacking game focusing on cross-site scripting, cross-site request forgery and SQL injection vulnerabilities. 

  23. BodgeIt Store  is a vulnerable web application which is currently aimed at people who are new to pen testing.
  24. EnigmaGroup is designed for anyone that wishes to improve their security knowledge and hosts a wide variety of vulnerabilities

  25. Google Gruyere is designed for the absolute beginner to learn how hackers find security vulnerabilities, how they exploit web applications and how to protect applications from being exploited.

Tools to legally practice your ethical hacking skills are not what’s missing on the web, and some really good ones are even free to use. Let us know if you’ve tried some other good ones and think they’d be a great addition to this list. 😉 

Want to learn modern security testing skills? Discover our Penetration Testing Professional (PTP) and Web Application Penetration Testing (WAPT) training courses today:

Sources: WheresMyKeyboard?Bonkers about Tech, Checkmarx

Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram

Tags: , , , ,


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page