Vulnerable apps to benchmark your scanners and your skills

Pentest Ground is a free playground with deliberately vulnerable web applications and network services. You can use them to test how effective vulnerability scanning tools are or for educational purposes.

Vulnerable systems

Name Url Technologies Vulnerabilities
Damn Vulnerable Web Application https://pentest-ground.com:4280 Classic Web App CSRF, XSS, SQLi
Damn Vulnerable GraphQL Application https://pentest-ground.com:5013 GraphQL CMDi, XSS, SQLi
RestFlaw https://pentest-ground.com:9000 REST API SQLi, Code Injection, XXE
ShadowLogic https://pentest-ground.com:7001 WebLogic CVE-2023-21839 (RCE)
CipherHeart pentest-ground.com:6379 Redis CVE-2022-0543 (RCE)
GuardianLeaks https://pentest-ground.com:81 Web App XSS, SSRF, Code Injection

You can scan all the applications and services on Pentest-Ground.com but keep in mind that others may do the same – at the same time. Every 30 minutes, each application is destroyed and redeployed to ensure a clean state of the exposed services.

Pentest Ground was designed for penetration testers, ethical hackers, and other offensive security professionals. You can use it without authentication to simulate a realistic vulnerable system exposed to the internet. This free service is provided by Pentest-Tools.com.

Powered by Pentest-Tools.com

Get a hacker's perspective on your web apps, network, and cloud.

Pentest-Tools.com helps security teams run the key steps of a penetration test, easily and without expert hacking skills.