Vulnerable apps to benchmark your scanners and your skills
Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use them to test how effective vulnerability scanning tools are or for educational purposes.
Vulnerable systems
| Name | Url | Technologies | Vulnerabilities |
|---|---|---|---|
| FragileNode | https://pentest-ground.com:8080 | Nodejs | CVE-2022-29078 (RCE) |
| CipherHeart | pentest-ground.com:6379 | Redis | CVE-2022-0543 (RCE) |
| ShadowLogic | http://pentest-ground.com:7001 | WebLogic | CVE-2023-21839 (RCE) |
| MetaBreach | https://pentest-ground.com:3000 | Metabase | CVE-2023-38646 (RCE) |
| GuardianLeaks | https://pentest-ground.com:81 | Web App | CWE-79, CWE-918, CWE-94 |
| ShadowBI | https://pentest-ground.com:4443 | Web App | CWE-78 |
| WhisperBI | https://pentest-ground.com:4444 | Web App | CWE-200 |
You can scan all the applications and services on Pentest-Ground.com but keep in
mind that others may do the same – at the same time. Every 30 minutes, each
application is destroyed and redeployed to ensure a clean state of the exposed services.
Pentest Ground was designed for penetration testers, ethical hackers, and other
offensive security professionals. You can use it without authentication to simulate a realistic
vulnerable system exposed to the internet.
This free service is provided by
Pentest-Tools.com.
Powered by Pentest-Tools.com
