Instant
Cyber Ranges,
On Demand.

Provision fully configured multi-machine lab environments in seconds using Docker Compose. Pick a scenario, configure your scope, and launch — the range is live before your team sits down.

Request Beta AccessSee scenarios →
LabGen
PROVISIONING
▲ UP
▼ DOWN
■ NETWORKS
■ SCORE
TOPOLOGY
⊕ ADD TARGET
DMZISOLATEDLABGEN172.20.0.1LAB-GW172.20.0.254172.20.0.0/24web-01172.20.0.10ABSENTmail-01172.20.0.12ABSENTlab-bsd172.20.0.30ABSENTdb-01172.21.0.10ABSENT5 hosts · 2 segments · pivot active

A live network you control completely.

A cyber range is an isolated, fully functional network environment used for hands-on security training. LabGen spins these up in Docker — no cloud account needed, no waiting for provisioning, no cleanup bill.

Each range includes realistic machines, real services, and configurable network topology. Instructors use them for curriculum. Teams use them to practice. Competitors use them to train under match conditions.

Instant boot~8 seconds
🐳 EngineDocker Compose
🔒 IsolationFull network namespace
💻 HostsLinux + FreeBSD + AD
🌐 InternetAir-gapped by default
🗑 TeardownOne command

Train for real conditions.

Competitive Defense

Advanced

Full-range environment for timed team competitions. Blue team defends, scoring is automated. Perfect for training under pressure.

linuxwebscoring

Incident Response

Intermediate

Pre-compromised environment with IOCs planted. Team must detect, contain, and eradicate. Debrief report generated after.

forensicslinux

Network Hardening

Beginner

Misconfigured network range. Team hardens services, patches vulnerabilities, and locks down access before the clock runs out.

linuxfirewallservices

Web App Defense

Intermediate

Intentionally vulnerable web stack. Team patches and hardens while a simulated attacker probes for weaknesses.

webhttpdatabases

Service Hardening

Beginner

Misconfigured Linux services across SSH, mail, and web. Team audits, locks down, and validates each service before time runs out.

linuxsshservices

Custom Scenario

Any

Define your own topology, services, and scoring rules. LabGen provisions whatever you configure.

custom

Range online in three clicks.

01

Pick a scenario

Choose from the built-in scenario library or load a custom configuration. Each scenario includes a full description, machine list, and expected learning outcomes.

Scenario Library
──────────────────────────────
▶ Competitive Defense    ←
  Incident Response
  Network Hardening
  Web App Defense
  Service Hardening
  [+] Load Custom...
02

Configure your scope

Set the subnet, number of machines, service versions, and any pre-planted flags or vulnerabilities. LabGen validates the config before provisioning.

Configure: Competitive Defense
──────────────────────────────
Subnet     192.168.100.0/24
Machines   4
Services   ssh  http  smb
Flags      ✓ pre-planted
──────────────────────────────
           [ Launch Range → ]
03

Launch

LabGen calls Docker Compose, waits for health checks, then displays the host map. Your range is live and isolated. Tear it down in one click when you're done.

  ✓ router      [192.168.100.1]
  ✓ web-01      [192.168.100.10]
  ✓ srv-01      [192.168.100.20]
  ✓ mail-01     [192.168.100.30]
  LAB ONLINE — 8.3s

Everything a cyber range needs.

Build any network in minutes

Design your network in the visual topology editor. Add Linux, CentOS, FreeBSD, or Active Directory targets. Drop in router and firewall nodes. Assign machines to DMZ, isolated, or custom subnet segments — each container is live in about 8 seconds.

  • Ubuntu, CentOS, FreeBSD, and Samba AD targets
  • Router and firewall nodes with real nftables rules
  • DMZ, isolated, and custom subnet segments
  • ⊕ ADD TARGET — container up in ~8 seconds
LabGen
ONLINE
▲ UP
▼ DOWN
■ NETWORKS
■ SCORE
TOPOLOGY
⊕ ADD TARGET
+ router
+ firewall
DMZISOLATEDLABGEN172.20.0.1LAB-GWweb-01172.20.0.10mail-01172.20.0.12lab-bsd172.20.0.30db-01172.21.0.105 hosts · 2 segments · pivot active

See LabGen in action.

ScreenshotNetwork topology builder
ScreenshotNetwork graph view

What's coming.

Docker Compose lab provisioning (~8s boot)

Shipped

Full multi-machine lab environments provisioned via Docker Compose. Range is live and healthy-checked in under 10 seconds.

11-machine lab — Linux, CentOS, FreeBSD, and Samba AD

Shipped

Pre-built target images across 3 network segments: core, DMZ, and servers — plus two isolated pivot-only hosts. Includes a full Samba Active Directory domain.

Router and firewall infrastructure nodes

Shipped

Configurable router and firewall containers with iptables/nftables rules, forming realistic network topologies.

Live TCP scoring board

Shipped

Real-time service availability scoring via TCP health checks — see which services are up across every machine at a glance.

Saved networks library

Shipped

Save, load, and share network configurations as reusable library entries.

WireGuard remote lab access

Shipped

Provision a WireGuard VPN peer config so remote students can connect directly into the lab network from anywhere.

CCDC scenario pack (Stage 1)

In Progress

A curated scenario pack targeting CCDC competition conditions: service coverage, scoring rules, and realistic blue team challenges.

Windows workstation targets

Planned

Windows 10/11 container targets for AD-joined workstation scenarios and endpoint defense training.

Automated IOC planting for IR scenarios

Planned

Pre-compromise IOC planting for incident response labs — artifacts, log entries, and malware traces placed automatically at launch.

Scoring API for external competition platforms

Planned

REST API for integrating LabGen scoring data with external competition dashboards and CTF platforms.

Real machines. Real services.

lab-gwCore gateway — NAT across 3 segments
lab-fwPerimeter firewall — zone-based, deny-all
lab-dc01Active Directory DC — CORP.LOCAL (Samba)
lab-bsdFreeBSD 13 — FTP anon + Telnet, weak creds
lab-webApache + FTP — DMZ, pivot host
lab-mailPostfix + MySQL mail backend — DMZ
lab-dnsBIND9 — authoritative for corp.local — DMZ
lab-dbMySQL (bind_all) — servers segment
lab-filesCentOS 9 — HTTP + FTP anon — servers segment
lab-internal-appInternal app — isolated, pivot via lab-db
lab-internal-hrInternal HR — isolated, pivot via lab-web

Currently in beta. Join the waitlist.

Your range.
Live in seconds.

Runs entirely on your hardware. No cloud bill, no VPN, no waiting. Docker is the only dependency.

Request Beta Access