hackxor

A webapp hacking game, where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc

Features

Client attack simulation using HtmlUnit; no alert('xss') here.
Smooth difficulty gradient from moderately easy to fiendishly tricky.
Realistic vulnerabilities modelled from Google, Mozilla, etc (No rot13!)
Open ended play; progress by any means possible.

Project Activity

See All Activity >

License

Apache License V2.0

Follow hackxor

hackxor Web Site

Other Useful Business Software

$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.

Start Free Trial

Rate This Project

User Ratings

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

User Reviews

Filter Reviews:

All

robertcorreia Posted 2013-06-11

Great stuff.

1 user found this review helpful.

Additional Project Details

Registered

2011-01-29

Similar Business Software

ManageEngine Endpoint Central

ManageEngine Endpoint Central is built to secure the digital workplace while also giving IT teams complete control over their enterprise endpoints. It delivers a security-first approach by combining advanced endpoint protection with comprehensive management, allowing IT teams to manage the...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Control D

Control D is a customizable DNS filtering and traffic redirection platform that leverages Secure DNS protocols like DNS-over-HTTPS, DNS-over-TLS and DNS-over-QUIC, with support for Legacy DNS. - Block malicious threats - Block unwanted types of content network wide (ads & trackers, IoT...

See Software
myACI

ACI Learning delivers hands-on IT and cybersecurity training built for modern teams. Expert-led videos, interactive labs, and certification prep for today’s top credentials turn knowledge into real-world skill. Whether you’re training a team or advancing your career, myACI makes it easy to...

See Software
Google Cloud Platform

Google Cloud is a cloud-based service that allows you to create anything from simple websites to complex applications for businesses of all sizes. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage...

See Software
FusionAuth

FusionAuth is a modern, developer-focused identity and access management platform built to give you full control over your authentication stack. Whether you’re building a startup app or managing enterprise-scale infrastructure, FusionAuth delivers all the must-have features — from login and SSO...

See Software