HACKR.GG
// hackr.gg roadmap

Your Path to
Offensive Security

Work through each phase in order. Every module links to hands-on labs. No roadmap ends — this is where you start.

Completed
In Progress
Not Started
Pro
00
FOUNDATIONS
Start Here
Before you break things, understand how they work. Every exploit you will ever write is built on this layer.
How the Web Works
45 minBeginnerLAB
How Authentication Works
35 minBeginnerLAB
Browser DevTools for Hackers
PRO
20 minBeginner
APIs & Modern Web Apps
PRO
35 minBeginner
Linux & CLI Fundamentals
45 minBeginnerLAB
1 / 2
01
CROSS-SITE SCRIPTING
XSS & Client-Side Attacks
JavaScript execution in the victim's browser. From basic alert() to session hijacking, cookie theft, and full account takeover.
Cross-Site Scripting (XSS)
60 minBeginnerLAB
Stored XSS — Persistent Cross-Site Scripting
45 minBeginnerLAB
DOM-Based XSS
45 minIntermediateLAB
Blind XSS — Attacking Without Feedback
40 minIntermediateLAB
XSS to Account Takeover
PRO
45 minIntermediateLAB
1 / 2
02
INJECTION ATTACKS
Injection
User input reaches an interpreter without sanitisation — SQL, OS shell, NoSQL, templates, XML. Same root cause, different damage.
SQL Injection
50 minBeginnerLAB
NoSQL Injection
PRO
40 minIntermediateLAB
Command Injection
PRO
55 minIntermediateLAB
Server-Side Template Injection (SSTI)
PRO
45 minIntermediateLAB
XML External Entity (XXE)
PRO
40 minIntermediateLAB
03
ACCESS CONTROL
Broken Access Control
The #1 OWASP risk. Users reach data or actions they shouldn't — IDOR, privilege escalation, mass assignment, and logic flaws.
IDOR — Broken Access Control
PRO
50 minBeginnerLAB
Mass Assignment
PRO
35 minIntermediateLAB
Open Redirect
PRO
40 minBeginnerLAB
Parameter Tampering
PRO
45 minBeginnerLAB
Business Logic Flaws
PRO
40 minIntermediateLAB
1 / 2
04
AUTHENTICATION ATTACKS
Auth & Session Security
No rate limiting, weak tokens, enumerable usernames. Attackers walk through the front door.
Broken Authentication
PRO
50 minIntermediateLAB
JWT Attacks
PRO
40 minIntermediateLAB
Session Security
PRO
40 minIntermediateLAB
2FA / MFA Bypass
PRO
35 minIntermediateLAB
Password Attacks
PRO
45 minIntermediateLAB
1 / 2
05
SERVER-SIDE VULNERABILITIES
Server-Side Attacks
Weak cryptography, request forgery, deserialization, file upload abuse, and every misconfiguration that exposes the server.
SSRF — Server-Side Request Forgery
PRO
50 minIntermediateLAB
Path Traversal
PRO
45 minBeginnerLAB
File Upload Vulnerabilities
PRO
45 minIntermediateLAB
Deserialization Attacks
PRO
45 minIntermediateLAB
Cryptographic Failures
PRO
40 minBeginner
1 / 2
06
ADVANCED WEB
Advanced Exploitation
Beyond the basics — forged requests, prototype chains, cache poisoning, OAuth abuse, request smuggling.
CSRF — Cross-Site Request Forgery
PRO
45 minIntermediateLAB
Clickjacking
PRO
35 minIntermediate
Prototype Pollution
PRO
45 minIntermediate
DOM Clobbering
PRO
35 minIntermediate
Host Header Attacks
PRO
40 minIntermediate
1 / 3
07
RECON & TOOLING
Find What Others Miss
Asset discovery, fingerprinting, secrets in source, and the tools that make it all possible.
Recon — Asset Discovery
PRO
35 minBeginnerLAB
Recon — Content Discovery
PRO
35 minBeginnerLAB
Recon — Tech Stack Fingerprinting
PRO
30 minIntermediateLAB
Recon — Google Dorking
PRO
30 minBeginnerLAB
Recon — Shodan
PRO
35 minIntermediateLAB
1 / 3
08
AI SECURITY
Attacking AI Systems
Prompt injection, jailbreaking, and indirect manipulation of LLM-powered applications.
Prompt Injection
35 minBeginnerLAB
Indirect Prompt Injection
PRO
30 minIntermediateLAB
LLM Jailbreaking
PRO
30 minBeginnerLAB
09
PRACTICE LABS
Full Application Labs
Real applications with multiple chained vulnerabilities. No hints. Test everything you have learned.
FirstBank — Brute Force
PRO
30 minBeginnerLAB
FirstBank — Account Statements
PRO
20 minBeginnerLAB
FirstBank — Session Token
PRO
35 minIntermediateLAB
FirstBank — Transfer Funds
PRO
20 minIntermediateLAB
IDOR — Going Deeper
PRO
40 minBeginnerLAB
1 / 2
10
SPECIALISE
Choose Your Career Track
Each path sequences the modules above for a specific role. Enrol in a path to get a curated order, progress tracking, and a completion certificate.
🎯
Bug Bounty Hunter
Find real vulnerabilities in production systems and get paid.
View path
⚔️
Web Penetration Tester
Conduct authorized security assessments of web applications.
View path
🛡️
AppSec Engineer
Build security in from the design phase. Threat model, audit, remediate.
View path
🤖
AI Red Teamer
Attack AI/ML systems. Prompt injection, jailbreaking, model extraction.
View path
// NEW CONTENT ADDED REGULARLY
Browse all modules →