PentestForge Lab

Name	URL	Technology	Vulnerabilities
OWASP Juice ShopModern web app with 90+ security challenges	juice-shop.lab.pentest-forge.com	Modern WebAPI	OWASP Top 10XSSSQLiJWT
Damn Vulnerable Web AppPHP/MySQL with vulnerabilities at 4 difficulty levels	dvwa.lab.pentest-forge.com	Classic Web	CSRFXSSSQLiLFI/RFIRCE
MutillidaeExtended classic web app with 100+ vulnerabilities	mutillidae.lab.pentest-forge.com	Classic Extended	OWASP Top 10+UploadSessionCommand Injection
crAPIVulnerable REST API for API security testing	crapi.lab.pentest-forge.com	REST API	BOLAMass AssignmentSQLiAuth BypassJWTRate Limit
VAmPILightweight vulnerable API for quick testing	vampi.lab.pentest-forge.com	Lightweight API	BOLAAuth BypassInjectionMass AssignmentJWT NonePrivilege
Damn Vulnerable GraphQLGraphQL-specific attacks and abuse patterns	dvga.lab.pentest-forge.com	GraphQL	InjectionIntrospectionSSRFDoSSQLiBatch Abuse
ShadowLogic — WebLogicOracle WebLogic Server with real CVE-2023-21839 RCE	weblogic.lab.pentest-forge.com	Real CVE	CVE-2023-21839RCET3/IIOP
CipherHeart — RedisRedis with CVE-2022-0543 Lua sandbox escape	redis.lab.pentest-forge.com:6379	Real CVE	CVE-2022-0543RCEUnauth AccessCONFIG WRITE
GuardianLeaks — TomcatApache Tomcat with CVE-2017-12615 PUT RCE	tomcat.lab.pentest-forge.com	Real CVE	CVE-2017-12615RCEJSP Upload
Metasploitable3 Network LabMulti-port Ubuntu: FTP, SSH, SMB, databases, VNC, IRC	lab.pentest-forge.com	Network	SMBDatabasesVNCBackdoors

Name

URL

Technology

Vulnerabilities

OWASP Juice ShopModern web app with 90+ security challenges

juice-shop.lab.pentest-forge.com

Modern WebAPI

OWASP Top 10XSSSQLiJWT

Damn Vulnerable Web AppPHP/MySQL with vulnerabilities at 4 difficulty levels

dvwa.lab.pentest-forge.com

Classic Web

CSRFXSSSQLiLFI/RFIRCE

MutillidaeExtended classic web app with 100+ vulnerabilities

mutillidae.lab.pentest-forge.com

Classic Extended

OWASP Top 10+UploadSessionCommand Injection

crAPIVulnerable REST API for API security testing

crapi.lab.pentest-forge.com

REST API

BOLAMass AssignmentSQLiAuth BypassJWTRate Limit

VAmPILightweight vulnerable API for quick testing

vampi.lab.pentest-forge.com

Lightweight API

BOLAAuth BypassInjectionMass AssignmentJWT NonePrivilege

Damn Vulnerable GraphQLGraphQL-specific attacks and abuse patterns

dvga.lab.pentest-forge.com

GraphQL

InjectionIntrospectionSSRFDoSSQLiBatch Abuse

ShadowLogic — WebLogicOracle WebLogic Server with real CVE-2023-21839 RCE

weblogic.lab.pentest-forge.com

Real CVE

CVE-2023-21839RCET3/IIOP

CipherHeart — RedisRedis with CVE-2022-0543 Lua sandbox escape

redis.lab.pentest-forge.com:6379

Real CVE

CVE-2022-0543RCEUnauth AccessCONFIG WRITE

GuardianLeaks — TomcatApache Tomcat with CVE-2017-12615 PUT RCE

tomcat.lab.pentest-forge.com

Real CVE

CVE-2017-12615RCEJSP Upload

Metasploitable3 Network LabMulti-port Ubuntu: FTP, SSH, SMB, databases, VNC, IRC

lab.pentest-forge.com

Network

SMBDatabasesVNCBackdoors

Metasploitable3 — Open Ports

Use these host ports for network-service checks, credential audits, and scanner regression tests.

10021 FTP 10022 SSH 10023 Telnet 10025 SMTP 10445 SMB 11524 Bindshell 13306 MySQL 15432 PostgreSQL 15900 VNC 16667 IRC 18182 Jetty 18888 Apache

Redis — Direct Connection

Redis is intentionally exposed as a raw TCP target for service discovery, unauthenticated access, and exploit safety validation.

redis-cli -h redis.lab.pentest-forge.com -p 6379

Reminder: targets are shared. Treat results as lab evidence, not a private assessment.

Break things safely. Prove coverage before attackers do.

Vulnerable systems

Metasploitable3 — Open Ports

Redis — Direct Connection