awesome-selfhosted /
awesome-selfhosted
A list of Free Software network services and web applications which can be hosted on your own servers
90/100 healthLoading repository data…
iknowjason / repository
Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
A transparent discovery signal based on current public GitHub metadata.
This score does not audit code, security, maintainers, documentation quality, or suitability. Verify the repository and its current documentation before adoption.
A list of free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
| Name | Technology | Category | Author | Notes |
|---|---|---|---|---|
| The Ultimate Cloud Security Championship | AWS | Author-hosted CTF Challenge | Wiz | A monthly CTF challenge, with challenges curated by a Star Wiz researcher. Challenges and leaderboard hosted by Wiz. |
| CloudFoxable | AWS | Self-hosted CTF Challenge | Seth Art | Create your own vulnerable by design AWS penetration testing playground |
| Pwned Labs | AWS | Author-hosted Guided Labs, CTF | Ian Austin | Requires account registration; Commercial paid subscriptions; free hosted labs for learning cloud security |
| The Big IAM Challenge | AWS | Author-hosted CTF Challenge | Wiz | CTF challenge to identify and exploit IAM misconfigurations |
| The Cloud Hunting Games | AWS | Author-hosted CTF Challenge | Wiz | CTF ransomware challenge designed to teach real-world cloud investation based on TTPs seen in the wild |
| CloudSec Tidbits |
Selected from shared topics, language and repository description—not editorial ratings.
awesome-selfhosted /
A list of Free Software network services and web applications which can be hosted on your own servers
90/100 healthdalisoft /
List of awesome hosting sorted by minimal plan price
87/100 healthiSoumyaDey /
| AWS |
| Self-hosted Challenge |
| Doyensec |
| Three web app security flaws specific to AWS cloud, self-hosted with terraform |
| AWS Well-Architected Security Workshop | AWS | Self-hosted, guided labs | AWS Well-Architected | Several hands-on-labs to help you learn, measure, and improve the security of your architecture using best practices from the Security pillar of the AWS Well-Architected Framework. |
| AWS CIRT Workshop | AWS | Self-hosted, guided lab | AWS CIRT | Build with Cloudformation, explore 5 common incident response scenarios observed by AWS CIRT |
| CloudGoat | AWS | Self-hosted, guided vulnerability lab | Multiple, Rhino Security Labs | Python orchestration of terraform |
| Attacking and Defending Serverless Applications | AWS | Self-hosted, guided vulnerability workshop | Ryan Nicholson | Attack and defend a Lambda that you build in your own AWS account with author provided terraform |
| IAM Vulnerable | AWS | Self-hosted, guided vulnerability lab | Seth Art | IAM-focused priv esc playground with 31 pathways, create in your own AWS account using terraform, solid docs |
| flaws.cloud | AWS | Author-hosted, CTF challenge | Scott Piper | Challenge style with levels and clues |
| flaws2.cloud | AWS | Author-hosted, CTF challenge | Scott Piper | Challenge style Attacker and Defender paths |
| CI/CDon't | AWS | Self-hosted CTF walkthrough | Nick Frichette | Host with terraform in your own AWS account, vulnerable CI/CD CTF infrastructure |
| AWSGoat | AWS | Self-hosted, attack and defense manuals | Multiple, ine-labs | Bring your own aws account, Build with terraform, two modules, provides attack and defense manuals |
| Sadcloud | AWS | Self-hosted | Multiple, NCC Group | Terraform code; not guided like CloudGoat |
| DVCA | AWS | Self-hosted demo lab | Maxime Leblanc | Deploy a Damn Vulnerable Cloud Application in your own AWS account to practice privilege escalation |
| lambhack | AWS | Self-hosted lab | James Wickett | Deploy a very vulnerable AWS lambda serverless application in your AWS account |
| AWSCloudPentest | AWS | Self-hosted lab | Punit Darji | Deploy vulnerable AWS scenarios in your account using terraform and learn how to exploit them. Companion YouTube channel. |
| EntraGoat | Azure | Self-hosted lab | Semperis | A deliberately vulnerable Microsoft Entra ID infrastructure. Uses Powershell Graph SDK scripts with a nice NodeJS web UI for management. Six vulnerable attack path scenarios with solutions documented. |
| BadZure | Azure | Self-hosted lab | Mauricio Velazco | Powershell Graph SDK script that spins up your own Azure AD (Entra ID) lab with attack paths. Currently no walk through or guide. |
| Broken Azure | Azure | Author-hosted, CTF challenge | Secura | Provides hints, optionally self-host in your own Azure account using terraform |
| Mandiant Azure Workshop | Azure | Self-hosted, guided commands | Multiple | Vulnerable by design Azure lab with two scenarios; build with terraform |
| AzureGoat | Azure | Self-hosted, attack and defense manuals | Multiple, ine-labs | Bring your own Azure tenant, Build with terraform, one module, provides attack and defense manuals |
| XMGoat | Azure | Self-hosted, guided labs | Multiple | Build with terraform, 5 scenarios, solution docs provided |
| CONVEX | Azure | Self-hosted, CTF | Multiple | Spin up three Capture the Flag environments in your Azure tenant using powershell |
| GCP CTF Workshop | GCP | Self-hosted, lab guide | Marion Säckel, Marcus Hallberg | Host in your own GCP account, build with terraform using bash setup script, solution and hints provided |
| GCP Goat (Josh Jebaraj) | GCP | Self-hosted, mdbook lab guide | Josh Jebaraj | Host in your own GCP account, build with provided scripts, nice guided lab workbook |
| GCPGoat (ine-labs) | GCP | Self-hosted, attack and defense manuals | Multiple, ine-labs | Bring your own GCP account, Build with terraform, one module, provides attack and defense manuals |
| Thunder CTF | GCP | Self-hosted, CTF | Multiple | Bring your own GCP account, 6 levels, practice attacking vulnerable cloud projects on GCP |
| OWASP EKS Goat | Kubernetes/EKS | Deployed into your own AWS EKS cluster | Anjali Shukla/Divyanshu Shukla | An intentionally vulnerable AWS EKS environment simulating real‑world misconfigurations, IAM flaws, and pod breakout paths along with aws native defense. Includes 20+ attack‑defense labs you can deploy and practice hands‑on. |
| K8s Lan Party | Kubernetes | Author hosted, CTF challenge | Wiz | To dive into a network full of misconfigurations and exploit vulnerabilities with the goal of conquering a Kubernetes cluster |
| EKS Cluster Games | Kubernetes | Author hosted, CTF challenge | Wiz | Vulnerable EKS pod with flag challenges across environment, with leaderboard and requires registration |
| Bustakube | Kubernetes | Self-hosted, import VMs | Jay Beale | Vulnerable K8S cluster, Download the VMs to build cluster and import into VMWare, run it |
| Kubernetes Goat | Kubernetes | Self-hosted, multi-cloud, K3S | Madhu Akula | Create and host in your own cloud account (GKE, EKS, AKS) or K3S and attack, has a guided workbook |
| Kubecon NA 2019 CTF | Kubernetes | Self-hosted in GKE | Multiple | Create GCP account, has a guided workbook with two attack and defense scenarios plus bonus challenges |
| Kube Security Lab | Kubernetes | Local, kubernetes in docker | Rory McCune | An awesome local lab to create 14 vulnerable Kubernetes clusters using Docker, Ansible, and Kind. Attack them after building, then destroy. Includes walkthroughs. |
| Container Security 101 | Container | Self-hosted, guided workshop | Jon Zeolla | A guided vulnerability workshop, host in your AWS account, provided CloudFormation |
| Contained.af | Container | Self-hosted Challenge | Jessie Frazelle | A container escape challenge, break out of it and email the author |
| TerraGoat | Terraform | Self-hosted multi-cloud (AWS, Azure, GCP) | Multiple, Bridgecrew | Vulnerable by design terraform repository |
| PurpleCloud | Azure | Research Lab | Jason Ostrom | Using python and terraform, build your own Azure security lab |
| SimuLand | Azure | Research Lab | Roberto Rodriguez | Using Azure RM templates, create your own Azure security lab |
| CNAPPgoat | AWS, Azure, GCP | Research Lab | Ermetic Research | Using Pulumi, modularly provision vulnerable-by-design components in AWS, GCP, Azure |
| CI/CD Goat | CI/CD | CTF, local docker | Palo Alto | Deliberately vulnerable CI/CD environment, hacking CI/CD pipelines with CTF. Host locally with docker. |
| Github Actions Goat | CI/CD | Self-hosted Github | StepSecurity | Deliberately vulnerable Github Actions CI/CD environment, hosted in your own Github account. Includes threat scenario descriptions mapped to vulnerabilities. |
| PaaS Cloud Goat | PaaS | Deployed into your Salesforce account | Coalfire Research | A simulated vulnerable Salesforce application, hosted in your own SF account. Simulates a deployed custom application with security tests and documentation you can use to learn. |
The Ultimate Guide to Free Cloud Hosting. Compare 100+ Free Tier vs Paid platforms: Vercel, Netlify, Heroku, AWS, & VPS. Deploy Node.js, Python, Docker, Databases (SQL/NoSQL), & AI Models for free.
nuhmanpk /
A curated list of free hosting providers for developers to deploy and manage web projects effortlessly. These platforms offer various features, including serverless functions, Git integration, unlimited bandwidth, and more.
86/100 healthCorreia-jpv /
A list of Free Software network services and web applications which can be hosted on your own servers. With repository stars⭐ and forks🍴
72/100 healthDelivery Boy Flutter App + PHP Laravel Admin Panel, Mobile app solution using a flutter framework created by Google is open-source mobile application development. It is used to develop applications for Android and iOS, as well as being the primary method of creating applications Our solution uses Laravel (PHP Framework for Web Artisans). Laravel is a web application framework with an expressive, elegant syntax. We’ve already laid the foundation — freeing you to create without sweating the small things. Here are the Flutter App Features: - Grocery, Food, Pharmacy, Store Management System - Google Maps for showing restaurants on the maps with direction to them - Entities & Models are ready to use. - Clean & organized Dart Language code using MVC Pattern - Easy to restyle and theming by on your branding sites. - Working fine with bright and dark mode. - Awesome animations are ready to use: Hero Animations, Parallax Animations, Sliding & Swiping animations - Working really well on both iOS and Android with support with 60 frames per second (fps). - Cash on delivery and payment on pickup methods - Support RTL languages (Arabic, Farisi…) - Push notification using FCM (Firebase Cloud Messaging) - Login - Register - Orders - Notifications - User Profile - Orders History - App Settings - App Languages - Help & Supports - Account Settings
66/100 health