Shadow Garden

shadowgarden

Phase-Based Pentest Platform + Security LMS

Professional penetration testing workflow with AI-powered mentoring and adaptive learning. 721 labs. 712 tools. Six attack phases. One platform.

Start Free →Sign In

01 Recon02 Scan03 Enum04 Vuln05 Exploit06 Report

721

Labs

710+

API Endpoints

712

Tools

Web Tools

Practice Targets

87+

Docker Images

Six-Phase Methodology

Structured attack workflow with auto-chain data flow

Recon

Asset discovery, subdomain enumeration, OSINT gathering

Scan

Port scanning, service detection, vulnerability identification

Enum

Deep enumeration, credential harvesting, access mapping

Vuln

Vulnerability analysis, exploit matching, risk assessment

Exploit

Exploitation, privilege escalation, lateral movement

Report

Finding documentation, executive summary, remediation

Platform Features

Everything you need for security training and real engagements

◈

6-Phase Attack Engine

Structured pentest workflow from reconnaissance to reporting. Auto-chain data flow between phases — nmap output feeds directly into vulnerability analysis.

⚡

AI-Powered Mentoring

Claude and Groq-powered AI adapts to 4 operation modes. Real-time command analysis, contextual hints, and adaptive difficulty in learning mode.

▣

721 Isolated Labs

Docker-based sandboxed environments with real vulnerable targets. Corporate network simulations, CTF challenges, and progressive difficulty paths.

◎

712 Security Tools

Full tool encyclopedia from nmap to Ghidra. 622 installed in the toolbox, 21 browser-based web tools, all documented with usage guides.

✦

Adaptive Learning Engine

BKT mastery tracking, IRT ability estimation, SM-2 spaced repetition. Skills unlock progressively with XP, streaks, and leaderboard rankings.

⬡

Pro Toolbox

Full Kali-grade Docker container with 2886 packages and 4407 binaries. Internet-connected, AI-assisted, accessible via CLI or browser.

Web Tool Arsenal

21 browser-based security tools — no installation required

Burp Suite

Web Security

OWASP ZAP

Web Security

Wireshark

Network

CyberChef

Crypto/Encoding

BloodHound

AD Recon

Ghidra

Reverse Eng.

Faraday

Collab Pentest

OpenVAS

Vuln Scanner

SpiderFoot

OSINT

TheHive

Incident Resp.

Grafana

Monitoring

Jupyter

Notebooks

Kibana

Log Analysis

MISP

Threat Intel

Graylog

SIEM

Wazuh

SIEM

DefectDojo

AppSec

Cortex

Analysis

Hoppscotch

API Testing

Draw.io

Diagramming

Cutter

Reverse Eng.

CLI Experience

AI-first interactive REPL with full tool access

sg — Shadow Garden CLI

$ pip install sg-cli

$ sg

Shadow Garden v1.0 — AI-First Security Platform

Type anything to chat with AI. Use ! prefix for commands.

sg > how do I enumerate subdomains?

Use subfinder for passive enumeration, then amass for active DNS brute-forcing...

sg > !nmap -sV -sC 10.10.10.1

Running nmap... [AI analyzes output automatically]

sg > lab start web-exploitation/sql-injection-basics

Lab started — target at 172.20.0.2:80

Pricing

Start free, upgrade when you need premium AI and the full toolbox

Free

$0forever

AI: Groq llama-3.3-70b

+721 labs with isolated environments
+AI mentor (Groq-powered)
+Adaptive learning engine
+Tool encyclopedia (712 tools)
+CTF challenges + leaderboard
+Skill tracking + XP system
+CLI interactive mode

Get Started

PREMIUM

Pro Max

$19/month

AI: Claude claude-haiku-4-5

+Everything in Free
+Claude AI mentor (premium)
+Pro Toolbox (2886 packages)
+21 browser-based web tools
+Internet-connected container
+Campaign management
+Priority support

Go Pro →

FAQ

Do I need to install anything?+

No. Labs, tools, and the toolbox all run in Docker containers provisioned automatically. The CLI installs with pip (pip install sg-cli) and the web UI works in any modern browser.

Is this for beginners or professionals?+

Both. The platform has 4 operation modes — Learning mode with guided hints for students, and Professional mode with full autonomy for experienced pentesters. The AI adapts to your skill level.

What makes this different from HackTheBox or TryHackMe?+

Shadow Garden is a complete pentest workflow platform, not just a CTF box. You get structured 6-phase methodology, AI-powered mentoring, adaptive learning algorithms (BKT + IRT + SM-2), a full tool encyclopedia, and campaign management for real engagements.

Can I use my own tools?+

Yes. The Pro Toolbox is a full Kali-grade container with 2886 packages. You can install additional tools, and the AI mentor understands any tool you use.

How do web tools work?+

Web tools like Burp Suite, Wireshark, and Ghidra run in Docker containers with browser-based UIs. You get a secure tunnel URL — no local installation needed. Up to 2 concurrent tools per session.

Ready to start?

721 labs, 712 tools, AI-powered mentoring. Free forever — no credit card required.

Create Free Account →