We are always working on producing new challenges, and porting existing ones to other languages and frameworks. Pro subscribers already know as they have early access to all of them.

We are happy to announce that we will finally be releasing all the new challenges publicly, some of them are Signature (meaning pro only) but others are free for everyone.

Signature (Available to Pro users):

AI:

• Integer Overflow.ml
• Malicious Model.ml
• Float Overflow.ml
• Randomness.ml
• Malicious Model II.ml
• Prompt Injection.ml
• Prompt Injection 2.ml
• Prompt Injection 3.ml
• Information Disclosure.ml
• DoS.ml
• Insecure Output Handling.ml
• Insecure Plugin Design.ml
• Integer Overflow II.ml
• Malicious Model III.ml
• Excessive Agency.ml

Android:

• Start Here.android
• SharedPrefs.android
• Intent.android
• Garbage Collector.android
• Broadcast Receiver.android
• Biometric.android
• Random.android
• SSL.android
• PII.android
• ProGuard.android
• Permission.android

API:

• Overflow.api
• Leak.api
• DoS.api
• Mass Assignment.api
• SSRF.api

C#:

• Command Injection.cs
• UUID.cs
• Battle Challenge: Solar.cs.hth
• Ubor.cs

Go:

• UUID.go
• Panic DoS.go
• Withdraw.go

Java:

• UUID.java
• DoS.java
• Pollution.java

JavaScript:

• UUID.js
• Path Traversal II.js

PHP:

• Start Here.php
• Integer Overflow.php
• XSS.php

Python:

• SQL Injection II.py
• Privilege Escalation.py
• Path Traversal II.py

Ruby:

• Randomness.rb
• UUID.rb
• Battle Challenge: Solar.rb.hth
• Bad password.rb

TypeScript:

• UUID.ts

Free (Available to everyone):

All our community contributed challenges are open to everyone.

Go:

• OPain.go (Contributed by @becojo)

Java:

• Mass Assignment.java (Contributed by @joe keenj)

Python:

• XSS Store.py (Contributed by @Matt M4773L)
• Untar.py (Contributed by @Matt M4773L)
• Calculator.py (Contributed by @sealldeveloper)
• Badtar.py (Contributed by @Matt M4773L)

Ruby:

• Command Injection.rb

TypeScript:

• BadVal.ts (Contributed by mickanm)