Vulnerable apps to benchmark your scanners and your skills

Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use them to test how effective vulnerability scanning tools are or for educational purposes.

Vulnerable systems

Name Url Technologies Vulnerabilities
FragileNode https://pentest-ground.com:8080 Nodejs CVE-2022-29078 (RCE)
CipherHeart pentest-ground.com:6379 Redis CVE-2022-0543 (RCE)
ShadowLogic http://pentest-ground.com:7001 WebLogic CVE-2023-21839 (RCE)
MetaBreach https://pentest-ground.com:3000 Metabase CVE-2023-38646 (RCE)
GuardianLeaks https://pentest-ground.com:81 Web App CWE-79, CWE-918, CWE-94
ShadowBI https://pentest-ground.com:4443 Web App CWE-78
WhisperBI https://pentest-ground.com:4444 Web App CWE-200

You can scan all the applications and services on Pentest-Ground.com but keep in mind that others may do the same – at the same time. Every 30 minutes, each application is destroyed and redeployed to ensure a clean state of the exposed services.

Pentest Ground was designed for penetration testers, ethical hackers, and other offensive security professionals. You can use it without authentication to simulate a realistic vulnerable system exposed to the internet. This free service is provided by Pentest-Tools.com.

Powered by Pentest-Tools.com