Juice Shop
Juice Shop is a modern and sophisticated insecure web application for security trainings, awareness demos, CTFs, and testing security tools. It includes vulnerabilities from the OWASP Top Ten and other real-world security flaws.
Description
Juice Shop is a deliberately insecure web application designed for educational and testing purposes. It serves as a guinea pig for security tools and encompasses vulnerabilities from the entire OWASP Top Ten along with many other flaws commonly found in real-world applications. This makes it ideal for security trainings, awareness demonstrations, and Capture The Flag (CTF) challenges.
The tool is packaged for Kali Linux with an installed size of 1.01 GB. Users should avoid uploading it to public hosting providers or Internet-facing servers, as they will be compromised due to its intentional vulnerabilities.
It relies on dependencies like adduser, libc6, libgcc-s1, libnode127, libstdc++6, lsof, npm, and xdg-utils to function properly.
How It Works
Juice Shop starts a web service on http://127.0.0.1:42000 using Node.js (npm). It performs startup checks for required files like tutorial.js, runtime.js, vendor.js, validates chatbot training data, and confirms port availability and external domain reachability (e.g., https://www.alchemy.com/). The service runs as a systemd unit (juice-shop.service) which can be managed for starting and stopping.
Installation
sudo apt install juice-shopExamples
juice-shop -hjuice-shop-stop -hjuice-shopjuice-shop-stopsystemctl status juice-shop.servicesystemctl start juice-shop.service