Online CTF Websites

There are many online CTF / Hacking websites out there that you can train yourself and improve your knowledge in infosec world.

Here some of them that I got by some google-fu and also from variety of other sources.

  1. General_CTF
  2. Web_Exploitation
  3. Boot2root
  4. Reverse_Engineering
  5. Pwn
  6. Cryptography
  7. Network_Forensics
  8. Forensics Challenge
  9. Penetration Testing Lab

General_CTF

  1. https://www.net-force.nl/challenges/ - Net-Force.nl is a website where people interested in (internet) security can play so-called ‘hack challenges’
  2. https://ctfs.me/ - Ctfs.me is a place where you can learn about various category of hacking everytime and get you skill increased.
  3. http://www.wechall.net/challs
  4. http://www.mod-x.co.uk/main.php - You will be tested on everything from javascript/encryptions/encodings to daemon vulnerabilities/disassembling/http knowledge…and most importantly, common sense!
  5. https://www.root-me.org/?lang=en - The fast, easy, and affordable way to train your hacking skills.
  6. https://picoctf.com/ - picoCTF is a free computer security game targeted at middle and high school students. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge.
  7. http://hax.tor.hu/welcome/ - Random challenges by level.
  8. https://ringzer0team.com/home - RingZer0 Team’s online CTF offers you tons of challenges designed to test and improve your hacking skills through hacking challenges.
  9. https://backdoor.sdslabs.co/ - Backdoor is a platform for hackers to show their talent in a competitive environment.
  10. http://shell-storm.org/repo/CTF/ - Repo for previous CTF writeups
  11. https://w3challs.com/ - W3Challs is a penetration testing training platform, which offers various computer challenges, in categories related to security: Hacking, Cracking, Wargame, Forensic, Cryptography, Steganography and Programming.
  12. https://ctflearn.com/ - CTFlearn is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge and skills. There are more than a hundred high quality cybersecurity challenges, ranging from cryptography, forensics, web exploitation, and more.
  13. https://ctf365.com/ - CTF365 (Capture the flag 365) is a “security training platform for it industry” with a focus on security professionals, system administrators and web developers.
  14. https://www.hellboundhackers.org/ - Welcome to HellBound Hackers. The hands-on approach to computer security. Learn how hackers break in, and how to keep them out.
  15. https://www.hackthis.co.uk/ - Want to learn about hacking and network security? Discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis!!
  16. https://www.enigmagroup.org/ - Since 2003, Enigma Group has been providing its members a legal and safe security resource where they can develop their pen-testing skills on various challenges provided by this site.
  17. http://ctf.komodosec.com/index.php - This is a game designed to challenge your application hacking skills. There are several challenges that stand before you. Each challenge contains a section of code that has vulnerable weak points.\Your mission, should you choose to accept it, is to identify the vulnerability that exists in each challenge.
  18. http://bright-shadows.net/ - bright-shadows.net was a website that offered you hundreds of challenges in the fields of programming, JavaScript, PHP, Java, steganography, cryptography and others.
  19. https://ctf101.org/ - Just another CTF challenge site.
  20. https://hackcenter.com - Learn cybersecurity skills by playing Capture the Flag. Compete with other players and become a hacker today.
  21. https://www.hackthissite.org/ - Offline for Maintenance
  22. https://www.rankk.org/ - Rankk is about solving challenges, discovering and learning new knowledge. It’s a journey, a sacred, personal experience.
  23. https://canhack.me/ - This website offers the opportunity for to test your hack skills. To solve the challenge, capture the flag.
  24. https://hackburger.ee/challenge/ - The site has been closed
  25. https://www.hackergateway.com/ - General CTF
  26. https://www.wixxerd.com/challenges/ - General CTF
  27. https://www.sabrefilms.co.uk - Revolution Elite is a computer security, math-based and programming-based challenge site. Categories include Android, Cryptography, Javascript, Java, Logic, Steganography, Exploitation, Programming, and other miscellaneous categories.
  28. https://www.challengeland.co/# - Unknown
  29. https://ctf.hackerfire.com/ - Welcome to HackerFire! A learning CTF from the developers of CTFd. Play around, don’t be mean, and have fun.
  30. http://ctf.infosecinstitute.com/index.php - The Infosec Instite n00bs CTF Labs is a web application that hosts 15 mini Capture the Flag (CTF) challenges intended for beginners.

Web_Exploitation

  1. https://hack.me/s/ - Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online.
  2. http://www.gameofhacks.com/ - This game was designed to test your application hacking skills. You will be presented with vulnerable pieces of code and your mission if you choose to accept it is to find which vulnerability exists in that code as quickly as possible
  3. https://join.eset.com/en/challenges - Challenges made by ESET
  4. http://www.dvwa.co.uk/ - Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  5. http://google-gruyere.appspot.com/ - This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks.
  6. http://www.hackertest.net/ - Test your hacking skills
  7. http://www.hacking-challenges.de/ - More than 100 hackits, riddles and challenges await you here from currently 8 different areas. These are Javascript, Cryptography, Steganography, Logic, Programming, Web, Cracking and Miscellaneous.
  8. https://redtiger.labs.overthewire.org/ - This hackit is for people who want to test their knowledge in PHP / SQL security.
  9. https://chall.stypr.com/ - This wargame is intended for offensive security experts who are willing to overcome situations of getting stuck in breaking into web services or web-based solutions.

Boot2root

  1. https://www.hackthebox.eu/ - Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.
  2. https://www.vulnhub.com/ - To provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.
  3. https://lab.pentestit.ru/ - Penetration testing laboratories “Test lab” emulate an IT infrastructure of real companies and are created for a legal pen testing and improving penetration testing skills.

Reverse_Engineering

  1. https://microcorruption.com/ - Given a debugger and a device, find an input that unlocks it. Solve the level with that input.
  2. http://reversing.kr/challenge.php - This site tests your ability to Cracking & Reverse Code Engineering.
  3. https://www.malwaretech.com/beginner-malware-reversing-challenges - The purpose of these challenges is to familiarize beginners with common malware techniques.
  4. https://crackmes.one/ - This is a simple place where you can download crackmes to improve your reverse engineering skills.
  5. https://challenges.re/ - Well, “challenges” is a loud word, these are rather just exercises for RE.
  6. https://reverse.put.as/crackmes/ - A collection of crackmes for OS X. Send them to me if you have new ones to add!
  7. https://join.eset.com/en/challenges - If you want to join the team that every day faces global cyber-threats, uncover a hidden puzzle in the crackme program and prove us your potential.
  8. http://flare-on.com/ - FireEye’s challenge RE.
  9. https://ropemporium.com/ - Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.

Pwn

  1. http://pwnadventure.com/ - Pwn Adventure 3: Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That’s because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away. Are you ready for the mayhem?!
  2. https://exploit.education/ - exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.
  3. http://pwnable.kr/play.php - ‘pwnable.kr’ is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’. please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose.
  4. https://pwnable.tw/challenge/ - Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.
  5. https://www.pentestpractice.com/ - “Practice makes Pwnage”
  6. http://io.netgarage.org/ - This is the frontpage of the IO wargame. IO is our most mature game, but is never the less in continually updated as technology develops. We provide recent radare2 and gdb builds.
  7. http://smashthestack.org/wargames.html -
  8. http://overthewire.org/wargames/ - The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. To find out more about a certain wargame, just visit its page linked from the menu on the left.
  9. http://www.underthewire.tech/wargames.htm -

Cryptography

  1. http://cryptopals.com/ - This site will host all eight sets of our crypto challenges, with solutions in most mainstream languages.
  2. https://id0-rsa.pub/ - Below are some problems related to computer security (specifically poorly implemented security). Do Them. You are free to use any language and environment you like to complete them. The problems require familiarity with programming, but not necessarily with applied cryptography or computer security in general.
  3. http://www.caesum.com/game/ - Electrica is a puzzle/challenge site which has grown from two previous sites - C&C and the Cronos Crypto Challenge.
  4. https://www.trytodecrypt.com/index.php - … is a website to train your brain.
  5. https://www.cryptoclub.org/challenges/index.php - Crack mysterious messages, submit jokes for others to decrypt, and access secret messages within your private groups.

Network_Forensics

  1. https://forensicscontest.com/ - PCAP forensics

Forensics

enter image description here

Credit: https://www.amanhardikar.com/mindmaps/ForensicChallenges.html

Pentest_Lab

enter image description here

Credit: https://www.amanhardikar.com/mindmaps/Practice.html