Vulnerable apps to benchmark your scanners and your skills

Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use them to test how effective vulnerability scanning tools are or for educational purposes.

Vulnerable systems

Name Url Technologies Vulnerabilities
FragileNode Nodejs CVE-2022-29078 (RCE)
CipherHeart Redis CVE-2022-0543 (RCE)
ShadowLogic WebLogic CVE-2023-21839 (RCE)
MetaBreach Metabase CVE-2023-38646 (RCE)
GuardianLeaks Web App CWE-79, CWE-918, CWE-94
ShadowBI Web App CWE-78
WhisperBI Web App CWE-200

You can scan all the applications and services on but keep in mind that others may do the same – at the same time. Every 30 minutes, each application is destroyed and redeployed to ensure a clean state of the exposed services.

Pentest Ground was designed for penetration testers, ethical hackers, and other offensive security professionals. You can use it without authentication to simulate a realistic vulnerable system exposed to the internet. This free service is provided by

Powered by