Blog
Jul 29, 2020
VulnHub Joins the OffSec Family
Offensive Security is pleased to announce the acquisition of VulnHub, the platform offering free offline virtual machines for information security training.
2 min read

We have exciting news to announce!
As part of Offensive Security’s ongoing commitment to information security community projects, we are pleased to announce that VulnHub has become part of the OffSec family. VulnHub joins The Exploit Database, Metasploit Unleashed, and Kali Linux in our efforts to support infosec learners with free, high-quality training resources.
VulnHub offers offline virtual machines, allowing users to practice without competing with other learners. There’s no need to worry about consistent internet access, high pings, or latency. Users can set up their own private labs to practice and learn new skills. The platform is also used by schools, universities, and governments for training, as well as by organizations in interview scenarios.
This resource was created to cover as much training material as possible for personal development, creating a catalogue that is legally breakable, hackable, and exploitable. It provides a safe environment in which to practice.
VulnHub started as Boot2Root, a single static-page archive with download links to virtual machines. As it became more popular, people wanted to know more about the machines, asking for pictures and descriptions to better understand what they were downloading. The name also needed to change in order to encompass the vast range of information security topics beyond rooting. With the updates, VulnHub was born.
With OffSec’s backing, VulnHub now has an opportunity to grow to its full potential. As before, we hope that the community will continue to come together to help each other learn, either by making new material or providing walkthroughs or solutions.
Offensive Security is committed to maintaining VulnHub’s mission. We will continue to provide material that allows anyone to gain practical, hands-on experience in digital security, computer software, and network administration. All content on VulnHub will continue to be offered to the community for free.
When something is added to VulnHub’s database we will index it as best we can to support learning goals. We will also continue to ask for permission from the original source to mirror the material and preserve the resources.
Over time, we will work toward an expansion of the services available on VulnHub and its integration with OffSec products. The goal of any changes will be to expand accessibility to information security training resources to as many people as possible. If you aren’t already familiar with VulnHub, now is the perfect time to check it out and start making use of the free resources. We welcome you to experience them first-hand, hosted in OffSec’s infrastructure.
Ready to get started? Head to the VulnHub website to learn how to set up a local lab.
Latest from OffSec

Enterprise Security
Building a Cyber-Resilient Public Sector Through Hands-on Security Training
Learn how hands-on cybersecurity training equips public sector teams to protect critical infrastructure, featuring real-world cases from Atlanta, Oldsmar, and Texas that demonstrate why practical experience trumps theoretical knowledge alone. Discover why agencies are moving beyond certifications to combat-ready security training.
Feb 5, 2025
4 min read

Research & Tutorials
CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability
Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks.
Feb 3, 2025
3 min read

Research & Tutorials
My Journey with IR-200: Becoming an OffSec Certified Incident Responder (OSIR)
Embark on a journey to become an OffSec Certified Incident Responder (OSIR) through the IR-200 course, as described by a Student Mentor who tested its effectiveness.
Jan 24, 2025
6 min read