26 intentionally vulnerable web apps for real-world penetration testing practice. From SQL injection to Active Directory attacks.
Click any lab to open it. Each one is live and ready to attack.
Choose from 26 vulnerable apps covering web, network, AD, cryptography, and more.
Use real tools - Burp Suite, sqlmap, Metasploit, Hashcat - against real vulnerabilities.
Each lab links to lessons on pracivo.com. Generate a course and the matching lab appears automatically.