GoatPen is a collection of vulnerable-by-design applications and infrastructure (“goats”) for learning cloud and infrastructure security. It includes:

• AWSGoat — AWS Security
• GCPGoat — GCP Security
• AzureGoat — Azure Security
• GearGoat — Automobile Security
• ICSGoat — ICS Security

The collection has over 2,700 stars and 1,200 forks on GitHub, and is deployable with Docker via built-in deployment helpers.

Presented at BlackHat EU Arsenal 2024 by Nishant Sharma and Shantanu Kale.