Vulnerable apps to benchmark your scanners and your skills
Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use them to test how effective vulnerability scanning tools are or for educational purposes.
Vulnerable systems
| Name | Url | Technologies | Vulnerabilities |
|---|---|---|---|
| Damn Vulnerable Web Application | https://pentest-ground.com:4280 | Classic Web App | CSRF, XSS, SQLi |
| Damn Vulnerable GraphQL Application | https://pentest-ground.com:5013 | GraphQL | CMDi, XSS, SQLi |
| RestFlaw | https://pentest-ground.com:9000 | REST API | SQLi, Code Injection, XXE |
| ShadowLogic | https://pentest-ground.com:7001 | WebLogic | CVE-2023-21839 (RCE) |
| CipherHeart | pentest-ground.com:6379 | Redis | CVE-2022-0543 (RCE) |
| GuardianLeaks | https://pentest-ground.com:81 | Web App | XSS, SSRF, Code Injection |
You can scan all the applications and services on Pentest-Ground.com but keep in
mind that others may do the same – at the same time. Every 30 minutes, each
application is destroyed and redeployed to ensure a clean state of the exposed services.
Pentest Ground was designed for penetration testers, ethical hackers, and other
offensive security professionals. You can use it without authentication to simulate a realistic
vulnerable system exposed to the internet.
This free service is provided by
Pentest-Tools.com.
Powered by Pentest-Tools.com
Get a hacker's perspective on your web apps, network, and cloud.
Pentest-Tools.com helps security teams run the key steps of a penetration test, easily and without expert hacking skills.