Security training and penetration testing company Offensive Security announced today that it has acquired open-source vulnerability resource service VulnHub.

Founded in 2012, VulnHub is an open-source, continually updated catalog of information technology assets that are legally hackable, breakable and exploitable by design. The company says the catalog is a unique opportunity for security and IT professionals to try their hand at penetration testing in a safe, controlled environment, gaining real-world experience in the process.

“Before you can run, you need to be able to walk. You do so by learning the basics so you can gain the theory,” VulnHub explains on its website. “Once you’re up and walking, you need ‘something’ to run to (something to aim for) and you need ‘somewhere’ that’s padded with foam to run about in (so it doesn’t matter if you fall over). This is where VulnHub comes in.”

Offensive Security, formally named OffSec Services Ltd., intends to maintain VulnHub as a free service as part of its ongoing commitment to open source. The service also complements a number of other Offensive Security open source tools designed to help security professionals gain hands-on experience including Kali Linux, Exploit DB and Metasploit Unleashed.

The acquisition is part of Offensive Security’s ongoing mission to provide practical training content to aspiring cybersecurity professionals. “VulnHub’s mission perfectly aligns with our ethos of providing material that allows anyone to ‘try harder’ by gaining practical, hands-on experience in digital security, computer software and network administration,” Ning Wang, Offensive Security’s chief executive officer, said in a statement.

Offensive Security claims clients include Accenture plc, Amazon.com Inc., Cisco Systems Inc., Citigroup Inc., Deloitte Touche Tohmatsu, Oracle Corp., Salesforce Inc., International Business Machines Corp. and Microsoft Corp., along with the U.S. Army, Navy, Marines and Air Force.

Image: VulnHub