HACKR.GG
▸ Hands-on cybersecurity training

Stop reading about it.
Hack it.

Real vulnerabilities, real payloads — right in your browser. Practical ethical hacking and penetration testing through interactive lessons and hands-on inline labs. No setup, no install.

Start hacking free →Browse the Academy
✓ No credit card✓ Isolated sandbox✓ First flag in ~10 min
A hooded hacker at a glowing laptop
90+
Courses & modules
80+
Hands-on labs
Free
OWASP Top 10 included
1-click
Machine spin-up
SQL InjectionXSSIDORSSRFRace ConditionsCommand InjectionXXECSRFFile UploadJWT AttacksBroken AuthPath TraversalBusiness LogicSSTICORS AbuseEthical HackingPenetration TestingCybersecurity TrainingSQL InjectionXSSIDORSSRFRace ConditionsCommand InjectionXXECSRFFile UploadJWT AttacksBroken AuthPath TraversalBusiness LogicSSTICORS AbuseEthical HackingPenetration TestingCybersecurity Training
// Career tracks

Pick a path. We take you the rest of the way.

Structured, end-to-end journeys — from your first concept to a job-ready skill set. Every module is hands-on.

// Earn as you go

Verifiable certificates

Finish a course, get a shareable certificate with a credential ID — add it straight to LinkedIn.

XP, ranks & streaks

Every task earns XP. Climb from Script Kiddie to the top ranks and keep your streak alive.

Badges for every skill

Clear a category and earn its badge. Your public profile shows everything you’ve mastered.

// Learn free · get certified
Free — no card needed

Start learning today.

12 full courses — permanently free. No trial, no expiry, no credit card.

Create free account →
Get certified — HJPT · $49

Prove it. Get certified.

The HJPT — a real, hands-on penetration-testing certification. Auto-graded, no proctor, valid 2 years.

Hands-on labs on the Hexapay neobank
CTF flag challenges + inline mini-labs
One end-to-end capstone engagement
A verifiable credential + badge for LinkedIn
Founding price $49 — reg. $99
Get certified — $49 →
// How it works
Pick a moduleSTEP 01

Pick a module

Choose from 80+ modules built around real vulnerable apps — e-commerce platforms, banking portals, APIs. Each one mirrors real-world CVEs and OWASP Top 10 vulnerabilities.

Exploit it inlineSTEP 02

Exploit it inline

Every lesson pairs the theory with a hands-on inline lab — type the real payload and watch it fire, validated instantly. No install, no VPN, no config. Eliza AI is there if you get stuck.

Capture the flagSTEP 03

Capture the flag

Land the exploit, capture the flag, earn XP. Theory and hands-on practice reinforce each other in every module.

// Who it's for

Complete beginners

Never hacked before? Start with OWASP Top 10 and the free fundamentals. You'll capture your first flag in under an hour.

Bug bounty hunters

Practice the exact vulns that show up in real programs — IDOR, SSRF, business logic, auth bypass. Build a repeatable methodology.

Students & self-learners

No expensive courses or bootcamps. Structured paths, real machines, and an AI tutor that explains everything in plain language.

Developers & defenders

See exactly how your code gets exploited. OWASP Top 10 is free — understanding attack patterns makes you a better builder.

// Start free. Upgrade when you're ready.

Your first flag is
one click away.

OWASP Top 10, Python, SQL Injection, XSS and more — all free, forever. No credit card. No time limit. Just hacking.

Want everything? Pro starts at $12/mo — cancel any time.

Create free account →Compare plans
Capture the flag