This is a deliberately vulnerable web application designed for testing web vulnerability scanners. Put your scanner to the test!


Gin distillery

The purple menace

Carlos Montoya. A man of many names: "the purple menace", "the evil genius of gin" - and for that matter, "the epitome of pure evil™". Carlos founded Gin & Juice Shop in 2022 because he couldn't find a decent vulnerable web app to test a scanner on - perhaps without realizing at that moment that history was in his hands.

How to test a scanner

Nowadays, Gin & Juice Shop is the boldest, baddest vulnerable web application on the net - containing a range of realistic vulnerabilities that will help you to put any web vulnerability scanner to the test. But it's more than that. To us, Gin & Juice Shop is family. It's life. It's love.

The future

From humble beginnings in the Web Security Academy, Carlos has brought you a range of gins that have rocked the world. But he's not going to stop there. Oh no. You're going to see more from Carlos - a man who doesn't rest on his laurels. Keep an eye out for new gins from his experimental kitchen - and of course new vulnerabilities from PortSwigger Research. We'll also keep developing the app itself - to ensure that it represents a realistic challenge for scanners.

Gin distillery