THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
There are other web oriented, tools like OWASP Zed Attack, Beef or IBM Security AppScan. But most of the time they are too general, and totally parsing OFBiz can take a lot of time or be quite a challenge if done manually. You can find more penetration tools here
In December 2015, I ran (Jacques Le Roux) a complete (100%) OWASP Zed Attack automated penetration session against a locale instance of OFBiz backend (trunk head) running on localhost. It started with the same link used for backend demos. No flaws were discovered.