Welcome to OWASP WrongSecrets

Learn about secrets management by finding real secrets hidden in code, configuration files, and cloud infrastructure.


Pro Tip: Each challenge below has a different difficulty level and may require different environments. Start with the easier ones and work your way up! πŸš€

Difficulty: ⭐ (Easy) ⭐⭐ (Medium) ⭐⭐⭐ (Hard) ⭐⭐⭐⭐ (Expert) ⭐⭐⭐⭐⭐ (Master) | Environment: Where the challenge can be solved
#  Challenge      Focus    Difficulty        Runs on environment (current: Heroku) Solved
0   Challenge 0 Intro β˜…β˜†β˜†β˜†β˜† Docker
1   Challenge 1 Git β˜…β˜†β˜†β˜†β˜† Docker
2   Challenge 2 Git β˜…β˜†β˜†β˜†β˜† Docker
3   Challenge 3 Docker β˜…β˜†β˜†β˜†β˜† Docker
4   Challenge 4 Docker β˜…β˜…β˜†β˜†β˜† Docker
5   Challenge 5 Configmaps β˜…β˜…β˜†β˜†β˜† K8s
6   Challenge 6 Secrets β˜…β˜…β˜†β˜†β˜† K8s
7   Challenge 7 Vault β˜…β˜…β˜…β˜…β˜† K8s with Vault
8   Challenge 8 Logging β˜…β˜…β˜†β˜†β˜† Docker
9   Challenge 9 Terraform β˜…β˜…β˜…β˜†β˜† AWS, GCP, Azure
10   Challenge 10 CSI-Driver β˜…β˜…β˜…β˜…β˜† AWS, GCP, Azure
11   Challenge 11 IAM privilege escalation β˜…β˜…β˜…β˜…β˜† AWS, GCP, Azure
12   Challenge 12 Docker β˜…β˜…β˜…β˜†β˜† Docker
13   Challenge 13 CI/CD β˜…β˜…β˜…β˜†β˜† Docker
14   Challenge 14 Password Manager β˜…β˜…β˜…β˜…β˜† Docker
15   Challenge 15 Git β˜…β˜…β˜†β˜†β˜† Docker
16   Challenge 16 Front-end β˜…β˜…β˜…β˜†β˜† Docker
17   Challenge 17 Docker β˜…β˜…β˜…β˜†β˜† Docker
18   Challenge 18 Cryptography β˜…β˜…β˜…β˜…β˜… Docker
19   Challenge 19 Binary β˜…β˜…β˜…β˜…β˜† Docker
20   Challenge 20 Binary β˜…β˜…β˜…β˜…β˜† Docker
21   Challenge 21 Binary β˜…β˜…β˜…β˜…β˜… Docker
22   Challenge 22 Binary β˜…β˜…β˜…β˜…β˜… Docker
23   Challenge 23 Front-end β˜…β˜†β˜†β˜†β˜† Docker
24   Challenge 24 Cryptography β˜…β˜…β˜†β˜†β˜† Docker
25   Challenge 25 Web3 β˜…β˜…β˜†β˜†β˜† Docker
26   Challenge 26 Web3 β˜…β˜…β˜†β˜†β˜† Docker
27   Challenge 27 Web3 β˜…β˜…β˜†β˜†β˜† Docker
28   Challenge 28 Documentation β˜…β˜†β˜†β˜†β˜† Docker
29   Challenge 29 Documentation β˜…β˜†β˜†β˜†β˜† Docker
30   Challenge 30 Front-end β˜…β˜…β˜†β˜†β˜† Docker
31   Challenge 31 Front-end β˜…β˜†β˜†β˜†β˜† Docker
32   Challenge 32 AI β˜…β˜…β˜†β˜†β˜† Docker
33   Challenge 33 Secrets β˜…β˜…β˜†β˜†β˜† K8s
34   Challenge 34 Cryptography β˜…β˜…β˜†β˜†β˜† Docker
35   Challenge 35 Documentation β˜…β˜†β˜†β˜†β˜† Docker
36   Challenge 36 Binary β˜…β˜…β˜…β˜…β˜… Docker
37   Challenge 37 CI/CD β˜…β˜…β˜†β˜†β˜† Docker
38   Challenge 38 Git β˜…β˜†β˜†β˜†β˜† Docker
39   Challenge 39 Cryptography β˜…β˜†β˜†β˜†β˜† Docker
40   Challenge 40 Cryptography β˜…β˜†β˜†β˜†β˜† Docker
41   Challenge 41 Cryptography β˜…β˜…β˜…β˜†β˜† Docker
42   Challenge 42 Logging β˜…β˜…β˜†β˜†β˜† Docker
43   Challenge 43 Documentation β˜…β˜†β˜†β˜†β˜† Docker
44   Challenge 44 Vault β˜…β˜…β˜…β˜…β˜† K8s with Vault
45   Challenge 45 Vault β˜…β˜…β˜…β˜…β˜† K8s with Vault
46   Challenge 46 Vault β˜…β˜…β˜…β˜…β˜† K8s with Vault
47   Challenge 47 Vault β˜…β˜…β˜†β˜†β˜† K8s with Vault
48   Challenge 48 Secrets β˜…β˜…β˜†β˜†β˜† K8s
49   Challenge 49 Cryptography β˜…β˜…β˜…β˜†β˜† Docker
50   Challenge 50 Binary β˜…β˜…β˜†β˜†β˜† Docker
51   Challenge 51 Secrets β˜…β˜…β˜†β˜†β˜† Docker
52   Challenge 52 Secrets β˜…β˜…β˜†β˜†β˜† Docker
53   Challenge 53 Secrets β˜…β˜…β˜…β˜†β˜† K8s
54   Challenge 54 Secrets β˜…β˜…β˜†β˜†β˜† Docker
55   Challenge 55 Secrets β˜…β˜†β˜†β˜†β˜† Docker
56   Challenge 56 AI β˜…β˜†β˜†β˜†β˜† Docker
57   Challenge 57 AI β˜…β˜…β˜†β˜†β˜† Docker

Total score: 0

Hasty? Here is the Vault secret;-)

Wondering what a secret is? A secret is often a confidential piece of information that is required to unlock certain functionalities or information. It can exists in many shapes or forms, for instance:
  • 2FA keys
  • Activation/Callback links
  • API keys
  • Credentials
  • Passwords
  • Private keys (decryption, signing, TLS, SSH, GPG)
  • Secret keys (symmetric encryption, HMAC)
  • Session cookies
  • Tokens (Session, Refresh, Authentication, Activation, etc.)
Want to see if your tool of choice detects all the secrets available in this project?
Check the instructions in the README .
Developing our solution in 3 clouds costs money. Want to help us to cover our cloud bills? Donate.