| Apocalyst | WordPress Exploitation · Information Leakage · Steganography (Stego) · Remote Code Execution (RCE) | 3 |
| Aragog | XML External Entity · WordPress Exploitation | 3 |
| Backend | Information Leakage · Remote Code Execution (RCE) · JSON Web Tokens (JWT) | 4 |
| BackendTwo | Information Leakage · Remote Code Execution (RCE) · JSON Web Tokens (JWT) | 3 |
| Bolt | SSTI (Server-Side Template Injection) · Subdomain Enumeration · Information Leakage | 3 |
| Book | Cross-Site Scripting (XSS) | 3 |
| Cache | Access Control / IDOR · Authentication Vulnerabilities · Information Leakage · SQL Injection · Remote Code Execution (RCE) | 3 |
| Catch | SSTI (Server-Side Template Injection) · Information Leakage · SQL Injection · Remote Code Execution (RCE) | 3 |
| Celestial | Insecure Deserialization · Remote Code Execution (RCE) | 3 |
| Chaos | Remote Code Execution (RCE) | 3 |
| Cronos | OS Command Injection · Transferencia de zona DNS · SQL Injection | 3 |
| DevOops | XML External Entity · Information Leakage | 4 |
| Devzat | Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| Enterprise | WordPress Exploitation · Buffer Overflow (BoF / ROP) · SQL Injection | 3 |
| Epsilon | SSTI (Server-Side Template Injection) · Authentication Vulnerabilities · Remote Code Execution (RCE) · JSON Web Tokens (JWT) | 3 |
| Europa | SQL Injection · Remote Code Execution (RCE) | 4 |
| Flustered | SSTI (Server-Side Template Injection) · Information Leakage · Remote Code Execution (RCE) | 3 |
| FluxCapacitor | OS Command Injection · Fuzzing de directorios | 3 |
| Forge | Server-Side Request Forgery | 3 |
| Haircut | OS Command Injection · Server-Side Request Forgery | 4 |
| Hawk | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | 3 |
| Inception | Local File Inclusion (LFI) · Port Forwarding / Pivoting · WebDAV · Fuzzing de directorios | 3 |
| Jewel | Information Leakage · Cracking Hashes (hashcat / John) · Insecure Deserialization · Remote Code Execution (RCE) | 3 |
| Lazy | SUID binaries | 3 |
| Luke | Information Leakage | 3 |
| Mango | SQL Injection · SUID binaries | 3 |
| Meta | Subdomain Enumeration · File Upload Vulnerabilities · Port Forwarding / Pivoting · Remote Code Execution (RCE) | 4 |
| Nineveh | Remote Code Execution (RCE) · Local File Inclusion (LFI) · Steganography (Stego) · Brute Force / Rate-Limit Bypass | 3 |
| Node | Information Leakage · OS Command Injection · Cracking Hashes (hashcat / John) · Buffer Overflow (BoF / ROP) · Port Forwarding / Pivoting · SUID binaries | 4 |
| Noter | SSTI (Server-Side Template Injection) · Information Leakage · OS Command Injection · Fuzzing de directorios · Remote Code Execution (RCE) · JSON Web Tokens (JWT) | 5 |
| Obscurity | Information Leakage · OS Command Injection · Race Conditions · Remote Code Execution (RCE) | 4 |
| October | Buffer Overflow (BoF / ROP) | 3 |
| Passage | CuteNews Exploitation Code Analysis USBCreator D-Bus Privilege Escalation… | 3 |
| Pit | Information Leakage · SNMP Enumeration · Remote Code Execution (RCE) | 3 |
| Poison | Local File Inclusion (LFI) · Remote Code Execution (RCE) | 4 |
| Ransom | Type Juggling / Confusion | 3 |
| RedCross | Subdomain Enumeration · Buffer Overflow (BoF / ROP) · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Retired | Local File Inclusion (LFI) · Buffer Overflow (BoF / ROP) · Port Forwarding / Pivoting | 4 |
| Schooled | Cracking Hashes (hashcat / John) · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | 3 |
| Seal | Information Leakage · Remote Code Execution (RCE) | 3 |
| Shibboleth | Remote Code Execution (RCE) | 3 |
| SneakyMailer | Information Leakage | 3 |
| SolidState | Information Leakage · Abuso de cron | 3 |
| Stratosphere | Apache Struts Exploitation (CVE-2017-5638) Python Library Hijacking (Privilege… | 3 |
| TartarSauce | Remote File Inclusion (RFI) · WordPress Exploitation · Remote Code Execution (RCE) | 4 |
| Tenet | Insecure Deserialization · Race Conditions | 3 |
| Tenten | WordPress Exploitation · Cracking Hashes (hashcat / John) · Steganography (Stego) | 3 |
| TheNotebook | File Upload Vulnerabilities · JSON Web Tokens (JWT) | 3 |
| Time | Server-Side Request Forgery · Remote Code Execution (RCE) | 4 |
| Timing | Local File Inclusion (LFI) · File Upload Vulnerabilities | 4 |
| Undetected | Subdomain Enumeration · Cracking Hashes (hashcat / John) · Remote Code Execution (RCE) | 3 |
| Unicode | Local File Inclusion (LFI) · JSON Web Tokens (JWT) | 3 |
| Union | OS Command Injection · SQL Injection · Remote Code Execution (RCE) | 4 |
| Waldo | Local File Inclusion (LFI) | 3 |
| Wall | Brute Force / Rate-Limit Bypass · SUID binaries · Fuzzing de directorios · Remote Code Execution (RCE) | 3 |
| Writer | OS Command Injection · Cracking Hashes (hashcat / John) · SQL Injection · Port Forwarding / Pivoting | 4 |