| AdmirerToo | Remote Code Execution (RCE) · Subdomain Enumeration · Server-Side Request Forgery | 3 |
| Altered | Brute Force / Rate-Limit Bypass · SQL Injection · Type Juggling / Confusion · Remote Code Execution (RCE) | 4 |
| Charon | Cracking Hashes (hashcat / John) · SQL Injection · SUID binaries | 3 |
| CrimeStoppers | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 3 |
| Dab | Cracking Hashes (hashcat / John) · Server-Side Request Forgery · SUID binaries · Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| EarlyAccess | Information Leakage · Port Forwarding / Pivoting · SQL Injection · Local File Inclusion (LFI) · Cross-Site Scripting (XSS) | 3 |
| Ellingson | Buffer Overflow (BoF / ROP) · SUID binaries · Remote Code Execution (RCE) | 3 |
| Falafel | Information Leakage · SQL Injection · Type Juggling / Confusion · File Upload Vulnerabilities | 3 |
| Feline | Information Leakage · Insecure Deserialization · Directory / Path Traversal · Port Forwarding / Pivoting · Remote Code Execution (RCE) | 4 |
| Flujab | SQL Injection · SUID binaries · Remote Code Execution (RCE) | 3 |
| Holiday | SQL Injection · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Joker | Cracking Hashes (hashcat / John) · Port Forwarding / Pivoting · Remote Code Execution (RCE) | 3 |
| Kotarak | Information Leakage · Port Forwarding / Pivoting · Server-Side Request Forgery | 3 |
| Mischief | Information Leakage · SNMP Enumeration | 4 |
| Monitors | Local File Inclusion (LFI) · Information Leakage · Insecure Deserialization · WordPress Exploitation · Remote Code Execution (RCE) | 4 |
| Oouch | Subdomain Enumeration · Information Leakage · Port Forwarding / Pivoting · OAuth Authentication Vulnerabilities · Remote Code Execution (RCE) | 3 |
| Overflow | Buffer Overflow (BoF / ROP) · SQL Injection · Remote Code Execution (RCE) | 4 |
| OverGraph | Subdomain Enumeration · Cross-Site Scripting (XSS) · Information Leakage · SQL Injection · File Upload Vulnerabilities · Fuzzing de directorios · GraphQL Vulnerabilities · Server-Side Request Forgery · SUID binaries · Remote Code Execution (RCE) · JSON Web Tokens (JWT) | 3 |
| Oz | SSTI (Server-Side Template Injection) · SQL Injection · Port Forwarding / Pivoting · Remote Code Execution (RCE) | 3 |
| Phoenix | Cracking Hashes (hashcat / John) · SQL Injection · File Upload Vulnerabilities · WordPress Exploitation | 3 |
| Player | Subdomain Enumeration · Information Leakage · OS Command Injection · Remote Code Execution (RCE) · JSON Web Tokens (JWT) | 4 |
| Pressed | WordPress Exploitation | 3 |
| Quick | Information Leakage · Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 4 |
| Scavenger | Transferencia de zona DNS · SQL Injection | 3 |
| Shrek | Information Leakage · Steganography (Stego) · Port Forwarding / Pivoting | 3 |
| Static | Port Forwarding / Pivoting · SUID binaries · Remote Code Execution (RCE) | 3 |
| Talkative | Information Leakage · Port Forwarding / Pivoting · Remote Code Execution (RCE) · File Upload Vulnerabilities | 3 |
| Tentacle | Active Directory | 3 |
| Travel | WordPress Exploitation · Insecure Deserialization · Remote Code Execution (RCE) | 3 |
| Unbalanced | Information Leakage · Cracking Hashes (hashcat / John) · Port Forwarding / Pivoting · Pi-hole credenciales por defecto · Remote Code Execution (RCE) | 3 |
| Unobtainium | Local File Inclusion (LFI) · Information Leakage · Prototype Pollution · OS Command Injection · Port Forwarding / Pivoting · Remote Code Execution (RCE) | 3 |
| Zetta | Information Leakage · SQL Injection · Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | 3 |