awesome-cyber-range-list
A curated list of tools and technologies that support building Cyber Ranges
https://github.com/thomas-mckanna/awesome-cyber-range-list
Last synced: about 5 hours ago
JSON representation
-
Infrastructure Tooling
- Ansible - source automation tool for configuration management, application deployment, and task automation across multiple systems.
- OpenTofu - source alternative to Terraform, providing similar infrastructure provisioning capabilities.
- Puppeteer - level API to control headless Chrome or Chromium browsers for automated testing and scraping.
- LocalStack
- Fail2Ban
- Playwright - to-end testing framework supporting multiple browsers, enabling reliable and fast browser automation.
- noVNC - based VNC client that allows remote desktop access directly through a browser without additional plugins.
- Serverless Framework - source framework for building and deploying serverless applications across various cloud providers.
- Code Server
- Authentik - source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols.
- Docker OSX - specific testing environments.
- stress-ng
- Chocolatey
- Boxstarter
- Lambda Powertools
- AWS SAM (Serverless Application Model)
- Multi Juicer
- Greybox
- Terraform
- Packer
- Molecule
- Apache Guacamole
- Undo WinRMConfig
- GHOSTS NPC Framework - player characters (NPCs) in simulation environments, enhancing the realism and interactivity of cyber range scenarios.
-
Pre-built Cyber Range Environments and Content
- Awesome Mobile CTF
- Facebook CTF
- Vulnhub - built vulnerable environments using Docker-Compose, suitable for penetration testing practice and training.
- DetectionLab
- Attack Range
- BadBlood
-
Tools for LMS Content Creation
- yt-dlp - line program to download videos from YouTube and other platforms, enabling offline access to educational video content.
- Whisper
- VHS - quality recordings and GIFs of terminal sessions, useful for demonstrations and tutorials.
- stable-ts - precision transcripts for videos by aligning text with timestamps, enhancing the accessibility and usability of video content.
-
Educational Aides
- Insomnia - source tool for testing and debugging web APIs, supporting REST, GraphQL, and other protocols.
- Web Check - in-one Open Source Intelligence (OSINT) tool for analyzing websites, assisting in reconnaissance and information gathering tasks.
- Arkime - source, large-scale packet capturing, indexing, and database system for network traffic analysis and security monitoring.
- containerlab - based networking labs, supporting scalable and reproducible network environments.
- BOAST - source out-of-band testing tool that integrates with the ZAP web application scanner to enhance security assessments.
- Kathara - based network emulation system that allows the creation of complex network topologies for testing and training.
- TrailShark
- EdgeShark - container communications.
- Evil noVPC
-
AI and Simulation Tools
- Open WebUI - source user interface for interacting with Large Language Models (LLMs), similar to ChatGPT, facilitating conversational AI integrations.
- Tabby - source text editor interface for interacting with and managing machine learning models, providing a user-friendly environment for AI-driven tasks.
-
Learning Management Systems (LMS)
- Canvas
- Moodle - source LMS that provides a customizable platform for creating online courses, assessments, and collaborative learning environments.
- edX Platform - source platform developed by edX for delivering massive open online courses (MOOCs) and other educational content.
-
Intentionally Vulnerable Challenges
- Juice Shop
- CloudGoat
- Damn Vulnerable Restaurant
- Damn Vulnerable Web Application (DVWA)
- CI/CD Goat
- GOAD
- AWSGoat
- Cloudfoxable - by-design AWS penetration testing playgrounds, allowing for realistic cloud security assessments.
- XMGoat
- Simulator - based security training platform that simulates various attack scenarios for hands-on learning.
- CNAPPgoat - native application protection platform (CNAPP) infrastructures for security training and testing.
- AHHHZURE
-
CTF Content Creation
- Screenshot to Code
- Draw-a-UI - drawn UI mockups using large language models (LLMs), streamlining the design-to-development process.
-
White Zone Tooling
- Monitoror
- CTFd - source platform for hosting Capture The Flag (CTF) competitions, featuring team management, scoring, and challenge integration.
- Terraform AWS CTFd
- CTFd Plugins - developed plugins that extend the functionality of the CTFd platform.
-
Security Operations Tools
- Iris Web - source incident response platform that centralizes data collection, analysis, and reporting for security investigations.
Programming Languages
Categories
Infrastructure Tooling
24
Intentionally Vulnerable Challenges
12
Educational Aides
9
Pre-built Cyber Range Environments and Content
6
Tools for LMS Content Creation
4
White Zone Tooling
4
Learning Management Systems (LMS)
3
CTF Content Creation
2
AI and Simulation Tools
2
Security Operations Tools
1
Sub Categories
Keywords
security
10
python
7
docker
6
ctf
4
aws
4
javascript
4
appsec
3
hacking
3
terraform
3
serverless
3
kubernetes
3
testing
3
security-tools
3
developer-tools
3
chromium
3
ai
3
simulation
2
ansible
2
detection
2
novnc
2
monitoring
2
websockets
2
macos
2
c
2
vagrant
2
containers
2
aws-lambda
2
openai
2
llms
2
ctfd
2
training
2
infosec
2
ide
2
automation
2
chrome
2
firefox
2
web
2
owasp
2
powershell
2
lambda
2
linux
2
big-data
1
webui
1
ui
1
pentesting
1
self-hosted
1
vulnapp
1
rag
1
openapi
1
vulnerable
1