| Admirer | Information Leakage | 3 |
| Antique | SNMP Enumeration | 4 |
| Backdoor | Local File Inclusion (LFI) · WordPress Exploitation · Remote Code Execution (RCE) | 4 |
| Bank | Information Leakage · DNS zone transfer · File Upload Vulnerabilities · SUID binaries · Remote Code Execution (RCE) | 4 |
| Bashed | Cron abuse · Sudo abuse · phpbash (PHP web shell) | 2 |
| Beep | Local File Inclusion (LFI) · Information Leakage · File Upload Vulnerabilities · Shellshock (CVE-2014-6271) · Elastix LFI · Remote Code Execution (RCE) | 3 |
| Blocky | WordPress Exploitation · Information Leakage | 3 |
| Blunder | Directory / Path Traversal · File Upload Vulnerabilities | 3 |
| BountyHunter | XML External Entity | 4 |
| Delivery | Subdomain Enumeration · Information Leakage · Cracking Hashes (hashcat / John) | 4 |
| Doctor | SSTI (Server-Side Template Injection) · OS Command Injection · Remote Code Execution (RCE) | 3 |
| Frolic | Remote Code Execution (RCE) · Information Leakage | 4 |
| GoodGames | SSTI (Server-Side Template Injection) · Port Forwarding / Pivoting · SQL Injection | 4 |
| Haystack | Information Leakage | 3 |
| Horizontall | Information Leakage · Port Forwarding / Pivoting | 3 |
| Knife | Remote Code Execution (RCE) | 3 |
| Laboratory | Information Leakage · Insecure Deserialization · SUID binaries · Remote Code Execution (RCE) | 3 |
| Lame | Samba 3.0.20 RCE (CVE-2007-2447) | 5 |
| Late | SSTI (Server-Side Template Injection) · Subdomain Enumeration · File Upload Vulnerabilities | 4 |
| Mirai | Default credentials · USB forensics · Pi-hole default credentials | 3 |
| Nibbles | Remote Code Execution (RCE) · File Upload Vulnerabilities | 4 |
| NodeBlog | Authentication Vulnerabilities · Insecure Deserialization · SQL Injection · XML External Entity | 3 |
| NunChucks | SSTI (Server-Side Template Injection) | 4 |
| OpenSource | Local File Inclusion (LFI) · Information Leakage · Port Forwarding / Pivoting · File Upload Vulnerabilities · Remote Code Execution (RCE) | 3 |
| Pandora | Remote Code Execution (RCE) · Information Leakage · Port Forwarding / Pivoting · SQL Injection · SNMP Enumeration | 3 |
| Paper | Information Leakage · WordPress Exploitation | 4 |
| Postman | Redis Exploitation | 4 |
| RouterSpace | OS Command Injection · linPEAS · Remote Code Execution (RCE) | 3 |
| Safe | Information Leakage · Buffer Overflow (BoF / ROP) | 3 |
| ScriptKiddie | OS Command Injection · Port Forwarding / Pivoting · Remote Code Execution (RCE) | 3 |
| Secret | JSON Web Tokens (JWT) | 4 |
| Sense | Information Leakage · pfSense · Remote Code Execution (RCE) | 3 |
| Shocker | Shellshock (CVE-2014-6271) | 4 |
| SteamCloud | Kubernetes API Enumeration (kubectl) Kubelet API Enumeration (kubeletctl)… | 3 |
| SwagShop | Remote Code Execution (RCE) | 3 |
| Tabby | Local File Inclusion (LFI) | 3 |
| Teacher | Information Leakage · Cracking Hashes (hashcat / John) · Directory fuzzing · Remote Code Execution (RCE) | 4 |
| Traverxec | Nostromo Exploitation Abusing Nostromo HomeDirs Configuration Exploiting… | 4 |
| Valentine | Cracking Hashes (hashcat / John) · Race Conditions | 3 |
| Validation | Information Leakage · SQL Injection · Remote Code Execution (RCE) | 4 |