Vulnerable apps to benchmark your scanners and your skills

Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use them to test how effective vulnerability scanning tools are or for educational purposes.

Vulnerable systems

Name Url Technologies Vulnerabilities
Damn Vulnerable Web Application Classic Web App CSRF, XSS, SQLi
Damn Vulnerable GraphQL Application GraphQL CMDi, XSS, SQLi
RestFlaw REST API SQLi, Code Injection, XXE
ShadowLogic WebLogic CVE-2023-21839 (RCE)
CipherHeart Redis CVE-2022-0543 (RCE)
GuardianLeaks Web App XSS, SSRF, Code Injection

You can scan all the applications and services on but keep in mind that others may do the same – at the same time. Every 30 minutes, each application is destroyed and redeployed to ensure a clean state of the exposed services.

Pentest Ground was designed for penetration testers, ethical hackers, and other offensive security professionals. You can use it without authentication to simulate a realistic vulnerable system exposed to the internet. This free service is provided by

Powered by

Get a hacker's perspective on your web apps, network, and cloud. helps security teams run the key steps of a penetration test, easily and without expert hacking skills.