https://github.com/zardus/wargame-nexus

A sorted and updated list of security wargame sites.
https://github.com/zardus/wargame-nexus

Last synced: about 2 months ago
JSON representation

A sorted and updated list of security wargame sites.

• Host: GitHub
• URL: https://github.com/zardus/wargame-nexus
• Owner: zardus
• License: gpl-3.0
• Created: 2017-12-15T06:11:02.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2024-05-17T10:05:55.000Z (4 months ago)
• Last Synced: 2024-05-17T11:25:18.110Z (4 months ago)
• Language: HTML
• Homepage:
• Size: 68.4 KB
• Stars: 811
• Watchers: 23
• Forks: 81
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-security-collection - **196**星

README

        
# Welcome to the Wargame Nexus

This is an organized, PR-able list of wargame sites.

If you know of a (reasonable) wargame site not on this list (and there are definitely some), [shoot me a PR](https://github.com/zardus/wargame-nexus).

You can aggregate your score across many of these sites by registering on [WeChall](http://www.wechall.net).

## Wargames Listing

### Legend

-  recommended wargame

-  beginner difficulty

-  downloadable challenges

-  no scoreboard

-  bitrotted

-  dead

-  only playable in language X

-  fails to work with the daily heartbeat check, so no promises about being up (but was up last time I checked)

The chals below are listed with recommended ones first, then the rest in alphabetical order.

### Beginner

- [OverTheWire Bandit](http://overthewire.org/wargames/bandit/)  

- [OverTheWire Leviathan](http://overthewire.org/wargames/leviathan/)  

- [SmashTheStack Blowfish](http://smashthestack.org/blowfish.html) 

### General

- [pwn.college](https://pwn.college)  

- [TryHackMe](http://tryhackme.com)  

- [PicoCTF](http://picoctf.com)  

- [root-me](http://root-me.org) 

- [W3Challs](https://w3challs.com/) 

- [WeChall](http://www.wechall.net/) 

- [archive.ooo](https://archive.ooo) 

- [247CTF](https://247ctf.com)

- [0x539](https://0x0539.net/)

- [Block Harbor Automotive Cybersecurity](https://ctf.blockharbor.io/)

- [CTFLearn](https://ctflearn.com/)

- [CpawCTF2](https://ctf2.cpaw.site/)

- [CpawCTF](https://ctf.cpaw.site/)  

- [Defend the Web](https://defendtheweb.net/?hackthis)

- [Dreamhack](https://dreamhack.io/wargame) 

- [Electrica](http://www.caesum.com/game/)

- [elhacker](https://warzone.elhacker.net/) 

- [ExploitExercises Main Sequence](https://exploit.education/main-sequence/)  

- [ExploitExercises Nebula](https://exploit.education/nebula/)   

- [Flagyard](https://flagyard.com/)

- [HackBBS](https://hackbbs.org/index.php)

- [Hacking-Challenges](http://www.hacking-challenges.de/) 

- [Hackropole](https://hackropole.fr/en/)  

- [HackTheBox](https://www.hackthebox.com)

- [HackThisSite](https://www.hackthissite.org/)

- [HellBound Hackers](https://www.hellboundhackers.org/)

- [Komodo CTF](http://ctf.komodosec.com/)

- [MAGURO β](https://score.maguro.run/)

- [MNCTF](http://mnctf.info/) 

- [Ma's Reversing](http://3564020356.org/) 

- [Net-Force](https://net-force.nl/)

- [NewbieContest](https://www.newbiecontest.org/) 

- [Open Security Training](https://opensecuritytraining.info/Welcome.html)  

- [Open Security Training 2](https://p.ost2.fyi/) 

- [OverTheWire Semtex](http://overthewire.org/wargames/semtex/)

- [PWN.TN](https://pwn.tn/)

- [Rankk.org](https://www.rankk.org/)

- [Revolution Elite](https://www.revolutionelite.co.uk/)

- [RingZer0Team Online CTF](https://ringzer0team.com/home)

- [SmashTheStack Logic](http://logic.smashthestack.org:88/) 

- [SuNiNaTaS](http://suninatas.com/) 

- [ThisisLegal.com](https://www.thisislegal.com/)

- [TryThis0ne.com](http://www.trythis0ne.com/)

- [VulnHub](https://www.vulnhub.com/)  

- [YEHD 2015 CTF](https://2015-yehd-ctf.meiji-ncc.tech/) 

- [akictf](https://ctf.katsudon.org/)  

- [hacker.org](http://www.hacker.org/)

- [ksnctf](http://ksnctf.sweetduet.info/)

- [World of Wargame](https://wow.sinfocol.org/) 

- [柚子胡椒CTF](https://ctf.mzyy94.com/) 

### Binary Pwning

- [pwnable.kr](http://pwnable.kr) 

- [pwnable.tw](http://pwnable.tw) 

- [ExploitExercises Fusion](https://exploit.education/fusion/)   

- [ExploitExercises Phoenix](https://exploit.education/phoenix/)   

- [HackSys Extreme Vulnerable Driver](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver) 

- [IO64](http://io.netgarage.org:8064/) 

- [IO](https://io.netgarage.org/) 

- [Microcorruption](https://microcorruption.com/login)

- [Nightmare](https://github.com/guyinatuxedo/nightmare) 

- [OverTheWire Behemoth](http://overthewire.org/wargames/behemoth/) 

- [OverTheWire Drifter](http://overthewire.org/wargames/drifter/) 

- [OverTheWire Manpage](http://overthewire.org/wargames/manpage/) 

- [OverTheWire Maze](http://overthewire.org/wargames/maze/) 

- [OverTheWire Narnia](http://overthewire.org/wargames/narnia/)  

- [OverTheWire Unomo](http://overthewire.org/wargames/utumno/) 

- [OverTheWire Vortex](http://overthewire.org/wargames/vortex/) 

- [ROP Emporium](https://ropemporium.com/)

- [ROP.sh](https://github.com/xelenonz/game/)  

- [pwnable.xyz](https://pwnable.xyz/)

### Binary Reversing

- [reversing.kr](http://reversing.kr) 

- [challenges.re](https://challenges.re/) 

- [crackmes.one](https://crackmes.one/)

- [IOLI64](https://github.com/BinaryResearch/IOLI64)  

### Prompt Injection

- [Gandalf](https://gandalf.lakera.ai/)

- [GPT Prompt Attack](https://gpa.43z.one)

### Mobile

- [reyammer.io](https://challs.reyammer.io/)

### Web

- [alert(1) to win](https://alf.nu/alert1/)

- [websec.fr](http://websec.fr) 

- [webhacking.kr](http://webhacking.kr/) 

- [0xf.at](https://0xf.at/)

- [Google Gruyere](http://google-gruyere.appspot.com/)  

- [HackerTest](https://www.hackertest.net/)

- [HackingHub](https://app.hackinghub.io/) 

- [Lords of SQLInjection](https://los.rubiya.kr/)

- [OverTheWire Natas](http://overthewire.org/wargames/natas/) 

- [PortSwigger Web Security Academy](https://portswigger.net/web-security)

- [RedTiger's Hackit](https://redtiger.labs.overthewire.org/)

- [Stereotyped Challenges](https://chall.stypr.com)  

- [Wizer CTF](https://wizer-ctf.com/) 

- [XSS Game](https://www.xssgame.com/)

- [XSS PwnFunction](https://xss.pwnfunction.com/)

- [XSS game area](https://xss-game.appspot.com/)

- [YesWeHack DOJO](https://dojo-yeswehack.com/)

### Crypto

- [Crypto Hack](https://cryptohack.org/) 

- [id0-rsa](https://id0-rsa.pub/) 

- [Matasano Cryptopals](https://cryptopals.com/)  

- [OverTheWire Krypton](http://overthewire.org/wargames/krypton/)  

- [Brain Quest](https://www.bqbi.net/)

- [Énigmes À Thématiques](https://enigmes-a-thematiques.fr/front/) 

- [Ethernaut (Solidity)](https://ethernaut.zeppelin.solutions/)  

- [Gekkó](https://gekko.csokavar.hu/login)

- [MysteryTwister](https://mysterytwister.org/)

- [try to decrypt](https://www.trytodecrypt.com/)

### Forensics

- [Digital Forensics Lab](https://github.com/frankwxu/digital-forensics-lab)  

### Cloud

- [flAWS](http://flaws.cloud/) 

- [flAWS 2](http://flaws2.cloud/) 

### Unsorted

- [CTF 101](https://ctf101.org/)

- [InterruptLabs Challenges](https://www.interruptlabs.co.uk/challenges)

- [IO07](http://io.netgarage.org:777/) 

- [SANS Holiday Hack Challenge 2023](https://2023.holidayhackchallenge.com/invite)

- [SmashTheStack Amateria](http://amateria.smashthestack.org:89/) 

- [SmashTheStack Tux](http://tux.smashthestack.org:86/) 

- [Viblo](https://ctf.viblo.asia/landing)

- [runZero Coin Challenge](https://info.runzero.com/challenge-coin)

### Recon

- [ae27ff](https://ae27ff.com/about.php) 

### Not Security

Developing some core CS skills can be useful for security as well!

- [Tensor Puzzles](https://github.com/srush/Tensor-Puzzles)

- [SadServers](https://sadservers.com/)

- [PyDéfis](https://pydefis.callicode.fr/) 

- [Prompt Riddle](https://promptriddle.com/)

### Gone, but not forgotten

These sites have gone offline (or taken their challenges offline).

I track them here to periodically check for their return (which does happen sometimes!).

-  [Backdoor](https://backdoor.sdslabs.co/challenges)

-  [Bright Shadows](http://bright-shadows.net/) 

-  [CHALLENGE LAND](http://challengeland.co/) 

-  [crackmes.de (mirror)](https://crackmes.dreamhosters.com/)   

-  [ctfs.me](http://ctfs.me/) 

-  [HackBurger](https://hackburger.ee/) 

-  [HackMe](https://hack.me/) 

-  [HallsOfValhalla](https://halls-of-valhalla.org/beta/) 

-  [hax.tor](http://hax.tor.hu/welcome/) 

-  [IOarm](http://ioarm.netgarage.org/)  

-  [The Enigma Group](https://www.enigmagroup.org/) 

-  [WTHack](https://www.onlinectf.com/challenges/) 

-  [MMA CTF](https://ctf.mma.club.uec.ac.jp/)  

-  [CodeEngn](http://ch.codeengn.com/)  

-  [HackerGateway](https://www.hackergateway.com/) 

-  [Mod-X](http://www.mod-x.co.uk/main.php) 

## Credit

I acquired the links here over a very long career.

At some point, I started noting down resources that led me to these links.

They are:

-  [https://medium.com/@a.hilton83/learning-resources-a0a859bf9dbd](https://medium.com/@a.hilton83/learning-resources-a0a859bf9dbd)

-  [http://captf.com/practice-ctf/](http://captf.com/practice-ctf/)

-  [http://www.wechall.net/sites.php](http://www.wechall.net/sites.php)

-  [http://ctf.forgottensec.com/wiki/index.php?title=Main_Page](http://ctf.forgottensec.com/wiki/index.php?title=Main_Page)

-  [https://github.com/carpedm20/awesome-hacking](https://github.com/carpedm20/awesome-hacking)

-  [https://csea-iitb.github.io/IITBreachers-wiki/2020/08/01/Hacking-Sites.html](https://csea-iitb.github.io/IITBreachers-wiki/2020/08/01/Hacking-Sites.html)