Vulnerable apps to benchmark your scanners and your skills
Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use them to test how effective vulnerability scanning tools are or for educational purposes.
Vulnerable systems
| Name | Url | Technologies | Vulnerabilities |
|---|---|---|---|
| Damn Vulnerable Web Application | https://pentest-ground.com:4280 | Classic Web App | CSRF, XSS, SQLi |
| Damn Vulnerable GraphQL Application | https://pentest-ground.com:5013 | GraphQL | CMDi, XSS, SQLi |
| RestFlaw | https://pentest-ground.com:9000 | REST API | SQLi, Code Injection, XXE |
| ShadowLogic | https://pentest-ground.com:7001 | WebLogic | CVE-2023-21839 (RCE) |
| CipherHeart | pentest-ground.com:6379 | Redis | CVE-2022-0543 (RCE) |
| GuardianLeaks | https://pentest-ground.com:81 | Web App | XSS, SSRF, Code Injection |
You can scan all the applications and services on Pentest-Ground.com but keep in
mind that others may do the same – at the same time. Every 30 minutes, each
application is destroyed and redeployed to ensure a clean state of the exposed services.
Pentest Ground was designed for penetration testers, ethical hackers, and other
offensive security professionals. You can use it without authentication to simulate a realistic
vulnerable system exposed to the internet.
This free service is provided by
Pentest-Tools.com.
Powered by Pentest-Tools.com
From scan to proof, Pentest-Tools.com gives 2,000+ security teams in 119 countries the speed, accuracy, and coverage to deliver results that matter.