OWASP Juice Shop

According to its Github description:

OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!


It can be a very helpful tool to learn and practice your hacking skills.

There are several ways of installing this tool, maybe one of the easiest is using Docker.

$ docker pull bkimminich/juice-shop

Using default tag: latest  
latest: Pulling from bkimminich/juice-shop  
a7ca0d9ba68f: Pull complete    
fe5ca62666f0: Pull complete    
b02a7525f878: Pull complete    
fcb6f6d2c998: Pull complete    
e8c73c638ae9: Pull complete    
1e3d9b7d1452: Pull complete    
4aa0ea1413d3: Pull complete    
7c881f9ab25e: Pull complete    
5627a970d25e: Pull complete    
96266735468f: Pull complete    
2758d0c31c8c: Pull complete    
08553ba93cfe: Pull complete    
dfc02eb7708f: Pull complete    
52907d314ddc: Pull complete    
4eec690774a4: Pull complete    
13a8da8d0e6c: Pull complete    
41892c8112f5: Pull complete    
f9cf6297e842: Pull complete    
f128d1479b8c: Pull complete    
Digest: sha256:4ee8c2548dacc4168b40f6725d721dbeec95cb59e9b8f020b8407ebaaa9c1e9f  
Status: Downloaded newer image for bkimminich/juice-shop:latest  

$ docker run --rm -p 3000:3000 bkimminich/juice-shop

info: All dependencies in ./package.json are satisfied (OK)  
info: Detected Node.js version v18.18.0 (OK)  
info: Detected OS linux (OK)  
info: Detected CPU x64 (OK)  
info: Configuration default validated (OK)  
info: Entity models 19 of 19 are initialized (OK)  
info: Required file server.js is present (OK)  
info: Required file index.html is present (OK)  
info: Required file main.js is present (OK)  
info: Required file runtime.js is present (OK)  
info: Required file styles.css is present (OK)  
info: Required file vendor.js is present (OK)  
info: Required file polyfills.js is present (OK)  
info: Port 3000 is available (OK)  
info: Chatbot training data botDefaultTrainingData.json validated (OK)  
info: Server listening on port 3000

Browse to http://localhost:3000

Happy hacking!