HACKR.GG
hackr.gg is a hands-on cybersecurity training platform. Every module ends in a live lab — a real vulnerable application running inside an isolated container, accessible directly in your browser. No VM to configure. No VPN to fight with. No setup at all.
We built hackr.gg because the way most people learn security is backwards. Courses that are 80% slides and 20% lab don't produce people who can actually hack things. Watching a video of someone exploiting an SQL injection is not the same as doing it yourself against a live target, under time pressure, with a flag you have to retrieve.
Our model is the opposite: minimal theory, maximum hands-on time. Read enough to understand what's happening, then immediately attack something real and capture a flag. Skills stick when you earn them.
When you start a lab, we spin up two isolated containers: an attack machine pre-loaded with Kali tools (nmap, sqlmap, curl, ffuf, and more), and a target machine running a deliberately vulnerable application. Both are accessible from a single browser tab.
The containers are isolated from each other and from the internet — you can't accidentally attack anything real, and nothing you do in the lab can affect anyone else. When you're done, the containers are destroyed. Everything resets.
Everything on hackr.gg is designed for educational use in isolated, controlled environments. The skills taught here — SQL injection, XSS, command injection, privilege escalation — are the same skills used by professional penetration testers and bug bounty hunters operating legally with explicit authorisation.
We take this seriously. Labs are sandboxed and network-isolated. Techniques are taught in the context of defensive security — you learn how attacks work so you can defend against them, find them in bug bounty programmes, and build systems that don't have them.