(opens in new window)

OWASP Vulnerable Web Applications Directory

An OWASP production project

A comprehensive registry of known vulnerable web and mobile applications for legal security testing and training.

Game of Active Directory

Pentest Active Directory lab project. Vulnerable AD environment ready for practicing common attack techniques. Labs: GOAD (5 VMs, 2 forests, 3 domains), GOAD-Light (3 VMs), MINILAB (2 VMs), SCCM, NHA challenge.

Collections container
Technology Windows Active Directory
Categories Free-form Single-player
Author Orange-Cyberdefense
Stars 7946 stars
Last contribution Mar 12, 2026 < 6mo
Link Guide

Notes

Extremely vulnerable; do not deploy on Internet without isolation. Uses free Windows VMs (180-day eval). Requires a considerably powerful system. Docs: https://orange-cyberdefense.github.io/GOAD/.

← Back to directory