Chimera icon
Chimera
Vulnerable Targets
VULNERABLE API PLATFORM

Most labs cover one vertical. This one covers twenty-five.

Chimera is a vulnerable API platform at roughly 10x the scale of any comparable open-source lab. 480+ endpoints across 25 industry verticals, 12 wrapped in branded production-style web apps. Healthcare, banking, e-commerce, SaaS, government, telecom, and more. Real attack surfaces with remediation built in. The standardized canvas every adversary scenario writes against.

480+ API Endpoints
25 Industry Verticals
12 Branded Frontends
MIT License
View on GitHub Documentation Atlas Crew Security

Twenty-five verticals. Four hundred eighty ways in.

WHAT'S INSIDE

Branded portals across the industries you actually defend.

Generic OWASP-style labs teach the patterns. Chimera's branded portals teach you the attacks that show up in production — business-logic flaws specific to how a healthcare portal authenticates patients, how a bank portal authorizes transfers, how a SaaS admin panel handles role assignment. Twelve verticals get the full UI treatment. The other thirteen are API-only with the same attack-surface depth.

Chimera branded industry portals — healthcare, banking, e-commerce, and other production-style frontends
— Twelve branded frontends. Real-world UI patterns. Real-world attack surfaces.
CAPABILITIES

Built for learning, instrumented for measuring.

Learn Exploit Tours

Step-by-step guided walkthroughs of complete exploit chains. Follow along as attacks unfold across realistic multi-step scenarios — recon, exploit, escalate, exfil — with the full chain demonstrated against real endpoints.

Inspect X-Ray Inspector

See exactly where vulnerabilities exist in the source and how to remediate them. Connects every attack surface to the line of code that introduced it, with actionable fixes attached. The "why" behind every flaw.

Defend WAF Visualization

Blue-team mode integrates with Synapse to show attack flows as they hit the defender. Watch detection cycles run, see which rules catch what, debug WAF policy in real time against real attack traffic.

AI LLM Kill Chain

Track and visualize exploit chains targeting LLMs. Prompt injection, jailbreaking, indirect injection, data exfiltration through tool calls — mapped to attack stages and tied to remediation patterns.

INSIDE THE LAB

From visualizer to source-line remediation.

Chimera attack visualization — payload flow through endpoints
— Attack flow visualization
Chimera guided exploit tour — step-by-step kill chain walkthrough
— Guided exploit tour
Chimera exploit hint UI — contextual learning prompts
— Contextual hints
EXAMPLE EXPLOIT CHAIN

Healthcare IDOR → Mass assignment → Privilege escalation.

A typical exploit tour walks you through a real chain — not toy CTF puzzles. Each step shows the request, the unexpected response, the X-Ray Inspector explanation tying it back to source, and the remediation. The example below comes from the healthcare vertical's patient-records endpoint.

chimera — healthcare portal exploit tour
═══ EXPLOIT TOUR: Healthcare IDOR Chain ═══════════════ Step 1 Enumerate patient IDs via /api/v1/healthcare/patients Step 2 Access records with tampered ID → 200 OK (should be 403) ⚠ X-Ray: Missing ownership check at patientController.ts:47 → remediation: enforce req.user.id === patient.ownerId Step 3 Escalate: modify role via mass assignment on /users/{id} Step 4 PATCH { "role": "admin", "name": "..." } → 200 OK ⚠ X-Ray: No allowlist on update payload at userService.ts:118 → remediation: pick({ name, email }) before .save() ✓ Chain complete 3 vulns demonstrated · 2 remediation patterns attached

Chimera is the targets layer of Atlas Crew Security.

On its own, Chimera is a vulnerable API lab — useful for hands-on training, secure-coding workshops, and AppSec onboarding. Inside the platform, it's the standardized canvas Crucible writes assertions against and Synapse defends. Together, the four products form a closed-loop measurement system that tells you whether your defenses actually do what you think they do.

See the platform
GET STARTED

Run Chimera locally in one command.

Local-first, no signups. Pull the image, expose the portals on localhost, and start exploring. For the integrated Atlas Crew Security stack, use npx @atlascrew/bridge up instead.

~/lab — chimera
$ docker run -p 8080:8080 atlas-crew/chimera ↳ booting 25 verticals ............................. ready ↳ portals: http://localhost:8080 ↳ docs: http://localhost:8080/x-ray $ _
View source Full documentation