HACKR.GG
▸ Hands-on cybersecurity training

Stop reading about it.
Hack it.

Real vulnerable machines. Real attack tools. No setup, no VPN. Practical ethical hacking and penetration testing — spin up a lab in one click and get your hands dirty.

Start hacking free →Browse labs
✓ No credit card✓ Isolated sandbox✓ First flag in ~10 min
A hooded hacker at a glowing laptop
90+
Courses & modules
80+
Vulnerable labs
Free
OWASP Top 10 included
1-click
Machine spin-up
SQL InjectionXSSIDORSSRFRace ConditionsCommand InjectionXXECSRFFile UploadJWT AttacksBroken AuthPath TraversalBusiness LogicSSTICORS AbuseEthical HackingPenetration TestingCybersecurity TrainingSQL InjectionXSSIDORSSRFRace ConditionsCommand InjectionXXECSRFFile UploadJWT AttacksBroken AuthPath TraversalBusiness LogicSSTICORS AbuseEthical HackingPenetration TestingCybersecurity Training
// Career tracks

Pick a path. We take you the rest of the way.

Structured, end-to-end journeys — from your first concept to a job-ready skill set. Every module is hands-on.

Bug Bounty Hunter
Most popular
Beginner · 35 modules
Bug Bounty Hunter
Find real vulns in production systems and get paid — from zero to your first paid report.
Explore track →
Web Penetration Tester
Intermediate
Web Penetration Tester
Run authorized assessments end to end — methodology, tooling, and report quality clients expect.
Explore track →
AI Red-Teamer
Advanced
AI Red-Teamer
Break LLM apps — prompt injection, jailbreaks, and the attack surface everyone is racing to secure.
Explore track →
// Earn as you go

Verifiable certificates

Finish a course, get a shareable certificate with a credential ID — add it straight to LinkedIn.

XP, ranks & streaks

Every task earns XP. Climb from Script Kiddie to the top ranks and keep your streak alive.

Badges for every skill

Clear a category and earn its badge. Your public profile shows everything you’ve mastered.

// Modules

Everything you need
to break in.

Cybersecurity training the way it should be. Theory first, then you attack a real machine and capture a flag. No tutorials. No fake environments.

All modules →
01Linux & CLI FundamentalsFREELABBeginner45 min02Cross-Site Scripting (XSS)FREELABBeginner60 min03JavaScript FundamentalsFREELABBeginner40 min04Python FundamentalsFREEBeginner45 min05How the Web WorksFREELABBeginner45 min06How Authentication WorksFREELABBeginner35 min07APIs & Modern Web AppsBeginner35 min08Browser DevTools for HackersBeginner20 min09SQL InjectionFREELABBeginner50 min10IDOR — Broken Access ControlLABBeginner50 min
// Learn free · get certified
Free — no card needed

Start learning today.

12 full courses — permanently free. No trial, no expiry, no credit card.

Create free account →
Get certified — HJPT · $99

Prove it. Get certified.

The HJPT — a real, hands-on penetration-testing certification. Auto-graded, no proctor, valid 2 years.

Hands-on labs on the live Hexapay neobank
CTF flag challenges + inline mini-labs
One end-to-end capstone engagement
A verifiable credential + badge for LinkedIn
Founding price $99 — reg. $250
Get certified — $99 →
// How it works
Pick a targetSTEP 01

Pick a target

Choose from 80+ real vulnerable apps — e-commerce platforms, banking portals, APIs. Each machine mirrors real-world CVEs and OWASP Top 10 vulnerabilities.

One-click live shellSTEP 02

One-click live shell

Your isolated container spins up in seconds. Full toolkit available. No install, no VPN, no config — just a shell and a target. Eliza AI is there if you get stuck.

Capture the flagSTEP 03

Capture the flag

Exploit the vulnerability, retrieve the flag, earn XP. Every lab maps to a course module so theory and practice reinforce each other.

// Who it's for

Complete beginners

Never hacked before? Start with OWASP Top 10 and the free fundamentals. You'll capture your first flag in under an hour.

Bug bounty hunters

Practice the exact vulns that show up in real programs — IDOR, SSRF, business logic, auth bypass. Build a repeatable methodology.

Students & self-learners

No expensive courses or bootcamps. Structured paths, real machines, and an AI tutor that explains everything in plain language.

Developers & defenders

See exactly how your code gets exploited. OWASP Top 10 is free — understanding attack patterns makes you a better builder.

// Start free. Upgrade when you're ready.

Your first flag is
one click away.

OWASP Top 10, Python, SQL Injection, XSS and more — all free, forever. No credit card. No time limit. Just hacking.

Want everything? Pro starts at $12/mo — cancel any time.

Create free account →Compare plans
Capture the flag