Real attack labs. Real tooling. Real skills. KaliRange gives you guided exercises in Kali Linux, penetration testing, and network fundamentals — built by practitioners, for learners who want to actually do, not just read.
No setup headaches. No subscription. Just open a browser and start.
Choose from 5 structured learning paths based on where you are — complete beginner to advanced specialist. Every path tells you exactly what to do next.
Each lab walks you through real tools and real techniques — step by step, command by command. Run nmap, exploit services, crack hashes, pivot through networks.
Track your progress, complete paths, and walk away with hands-on skills that map directly to OSCP, CEH, eJPT, and real security roles.
Structured, sequenced curricula — from total beginner to specialist. Pick where you are and follow the path.
Start from scratch. Build your Linux foundation, learn the hacker mindset, and run your first exploits. The essential starting point.
Master the OWASP Top 10 and beyond. SQLi, XSS, SSRF, SSTI, OAuth flaws — attack and defend modern web applications.
Pivot through networks, own domain environments. Kerberoasting, BloodHound, lateral movement, and full AD compromise.
Detect, respond, and hunt. SIEM, log analysis, memory forensics, incident response — see attacks from the defender's side.
Go deep on binary exploitation. Buffer overflows, ROP chains, format strings, shellcoding — understand the machine at its lowest level.
Cloud Security, OSINT, Cryptography, Social Engineering & more
Handpicked labs covering the most essential skills in cybersecurity.
Enumerate and attack WordPress sites — the most widely deployed CMS on the internet — from user discovery to full compromise.
Abuse the Kerberos protocol — Kerberoasting, AS-REP roasting, delegation and ticket forgery.
Collect and analyse Active Directory relationships to find the shortest path to Domain Admin.
Capture handshakes and recover WPA/WPA2 passphrases for personal and enterprise networks.
Manipulate large language model applications through direct and indirect prompt injection.
Escalate from a standard Windows user to SYSTEM via services, privileges and misconfiguration.
Every lab is guided, hands-on, and built to create real muscle memory — not just theory.
Every lab breaks into clear steps with exact commands, expected output, and explanations of what each flag does and why.
Mark steps complete and pick up exactly where you left off — across any device. Your dashboard shows everything in one place.
Labs link to the theory workbooks behind them. Learn the concept, then immediately apply it hands-on in the same session.
Labs run on a standard Kali Linux install. No subscriptions, no VMs to spin up in the cloud — just your machine and real tools.
Deep-dive workbooks you can work through at your own pace.
A complete journey through attacking Active Directory — from initial foothold to domain dominance.
Investigate compromises soundly — core forensic concepts, Windows artefacts and the incident-handling lifecycle.
A complete introduction to attacking AI and ML systems — the threats, methodology and defences.
From installation to advanced usage. File system, tools overview, scripting, and workflow optimization.
Core concepts, attack methodologies, CIA triad, threat modelling, and the penetration testing lifecycle.
Network models, IP addressing, routing protocols, switching, VLANs, ACLs, and network security fundamentals.
KaliRange was founded by Uzair Varsaji with a single mission: give people a place to actually practice cybersecurity — not just watch videos or read textbooks.
Every lab, workbook, and note here is designed to be hands-on. You'll run real commands, crack real hashes, analyze real traffic, and build real skills that translate directly into the field.
118 labs. 63 workbooks. 5 structured learning paths from beginner to expert. And it will always be completely free.
"The only way to learn offensive security is to actually do it. KaliRange is the training ground I wish I had when I started — practical, structured, and completely hands-on."
No account. No payment. Just open a lab and start learning. Your first exploit is one click away.