| Domain | URL | Environment / Project | Technologies | Vulnerabilities / Scenarios |
|---|---|---|---|---|
| public-firing-range.appspot.com | https://public-firing-range.appspot.com/ | Google Firing Range | Google App Engine | Address XSS, Angular XSS, bad JavaScript imports, clickjacking, CORS issues, DOM XSS, escaped XSS, Flash injection, leaked HttpOnly cookie, mixed content, redirect XSS, reflected XSS, remote inclusion XSS, reverse clickjacking, HSTS tests, tag-based XSS, URL-based DOM XSS, vulnerable libraries, insecure third-party scripts |
| pentest-ground.com:81 | https://pentest-ground.com:81/ | GuardianLeaks | Web App | XSS, SSRF, Code Injection |
| pentest-ground.com:4280 | https://pentest-ground.com:4280/ | Damn Vulnerable Web Application | Classic Web App | CSRF, XSS, SQLi |
| pentest-ground.com:5013 | https://pentest-ground.com:5013/ | Damn Vulnerable GraphQL Application | GraphQL | Command Injection, XSS, SQLi |
| pentest-ground.com:7001 | https://pentest-ground.c |
Balzabu
/ Updated_Vulnerable_Websites.md
Created
June 10, 2026 10:15
Updated list of vulnerable test websites