Online
- flaws.cloud
- flaws2.cloud
- serverless.fail: Damn Vulnerable Serverless Application
Offline
-
cloudgoat: Rhino Security Labs’ “Vulnerable by Design” AWS infrastructure setup tool
-
dvca: Damn Vulnerable Cloud Application
-
AWSDetonationLab: This script is used to generate some basic detections of the aws security services
-
AWS-Vulnerable-Lambda: An AWS Lambda vulnerable application written in flask.
-
lambhack: A very vulnerable serverless application in AWS Lambda
-
honeyLambda: honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
-
Honey Buckets – Find out who is snooping through your Amazon S3 buckets.
-
sadcloud: A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure
-
Kubernetes Goat: Intentionally vulnerable cluster environment to learn and practice Kubernetes security by Madhu Akula
-
kube-goat: A deliberately vulnerable Kubernetes cluster
-
TerraGoat: Bridgecrew’s “Vulnerable by Design” Terraform stack
-
Cfngoat: Bridgecrew’s “Vulnerable by design” Cloudformation template
-
Kubernetes Local Security Testing Lab: Lab environment for testing Kubernetes exploits and security tools entirely locally on a single machine
-
Pequod - Container hacking lab environment.
-
kctf - kCTF is a Kubernetes-based infrastructure for CTF competitions.
-
Simulator - A distributed systems and infrastructure simulator for attacking and debugging Kubernetes
-
IAM Vulnerable - Deploys over 250 IAM resources in your account and supports around 31 privelege esclation paths.