Download
It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a scoreboard. Finding this scoreboard is actually one of the (easy) challenges! Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a “guinea pig”-application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs.
Features
- Licensed under the MIT license with no hidden costs or caveats
- Choose between node.js, Docker and Vagrant to run on Windows/Mac/Linux as well as all major cloud providers
- Additional dependencies are pre-packaged or will be resolved and downloaded automatically
- Hacking Instructor scripts with optional tutorial mode guide newcomers through several challenges while explaining the underlying vulnerabilities
- The application notifies you on solved challenges and keeps track of successfully exploited vulnerabilities on a Score Board
- Wiped clean and repopulated from scratch on every server startup while automatically persisting progress in your browser or via manual local backup
Project Samples
