Authorized CipherX training lab only. This app is intentionally vulnerable. Do not test systems outside this lab.

Vulnerability Lab Modules

Each module includes a complete workflow with Kali Linux tool guidance, lab-specific investigation forms, and a CipherX-branded PDF report export. No login required.

Kali Tool Cards

Per-lab tool guidance with example commands

Branded PDF Reports

Export professional CipherX pentest documents

No Login Needed

Enter your name and complete the workflow

Weak Password Accounts
easy
Discover and document demo accounts protected by common weak passwords.
Authentication10 pts5 tools
Start Workflow
Weak Supabase RLS
medium
Identify Row Level Security misconfigurations exposing data to unauthorized users.
Authorization15 pts5 tools
Start Workflow
Sensitive File Discovery
easy
Find exposed configuration files, backups, and internal documentation.
Information Disclosure10 pts5 tools
Start Workflow
Public Storage Bucket Exposure
medium
Discover publicly accessible Supabase Storage buckets containing sensitive demo files.
Storage15 pts4 tools
Start Workflow
Exposed Demo Secrets
medium
Locate hardcoded secrets, API keys, and credentials throughout the application.
Secrets Management15 pts4 tools
Start Workflow
Broken Object-Level Authorization
hard
Access resources belonging to other users by manipulating object identifiers.
Authorization20 pts4 tools
Start Workflow
Mass Assignment Profile Update
hard
Escalate privileges by modifying unauthorized profile fields during update requests.
Business Logic20 pts3 tools
Start Workflow
Verbose Error Messages
easy
Trigger error conditions that leak stack traces, SQL, or internal paths.
Information Disclosure10 pts3 tools
Start Workflow
Vulnerable RPC Function
hard
Exploit Supabase RPC functions with insufficient authorization checks.
API Security20 pts3 tools
Start Workflow
Unsafe Search Function
medium
Abuse the search API to extract data across multiple sensitive tables.
Injection15 pts3 tools
Start Workflow
Fake Outdated Dependencies
easy
Identify outdated dependencies with known CVEs listed in the application.
Supply Chain10 pts4 tools
Start Workflow
Final Report Writing
medium
Compile all module findings into a comprehensive penetration testing report.
Reporting25 pts3 tools
Start Workflow