Skip to content
/ Juice-Shop-CTF Public
forked from juice-shop/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

owasp-juice.shop

License

MIT license
2 stars 11.5k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

YuuK10/Juice-Shop-CTF

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18,356 Commits
.dependabot
.dependabot
 
 
.github
.github
 
 
.gitlab
.gitlab
 
 
.zap
.zap
 
 
config
config
 
 
data
data
 
 
encryptionkeys
encryptionkeys
 
 
frontend
frontend
 
 
ftp
ftp
 
 
i18n
i18n
 
 
lib
lib
 
 
models
models
 
 
monitoring
monitoring
 
 
routes
routes
 
 
rsn
rsn
 
 
screenshots
screenshots
 
 
test
test
 
 
uploads/complaints
uploads/complaints
 
 
vagrant
vagrant
 
 
views
views
 
 
.codeclimate.yml
.codeclimate.yml
 
 
.devcontainer.json
.devcontainer.json
 
 
.dockerignore
.dockerignore
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.gitpod.yml
.gitpod.yml
 
 
.imgbotconfig
.imgbotconfig
 
 
.mailmap
.mailmap
 
 
.npmrc
.npmrc
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.arm
Dockerfile.arm
 
 
Gruntfile.js
Gruntfile.js
 
 
HALL_OF_FAME.md
HALL_OF_FAME.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
REFERENCES.md
REFERENCES.md
 
 
SECURITY.md
SECURITY.md
 
 
SOLUTIONS.md
SOLUTIONS.md
 
 
app.json
app.json
 
 
app.ts
app.ts
 
 
config.schema.yml
config.schema.yml
 
 
crowdin.yaml
crowdin.yaml
 
 
ctf.key
ctf.key
 
 
cypress.json
cypress.json
 
 
docker-compose.test.yml
docker-compose.test.yml
 
 
package.json
package.json
 
 
server.ts
server.ts
 
 
swagger.yml
swagger.yml
 
 
threat-model.json
threat-model.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Juice Shop Logo OWASP Juice Shop

OWASP Flagship GitHub release Twitter Follow Subreddit subscribers

CI/CD Pipeline Test Coverage Maintainability Code Climate technical debt Cypress tests CII Best Practices GitHub stars Contributor Covenant

The most trustworthy online shop out there. (@dschadow) — The best juice shop on the whole internet! (@shehackspurple) — Actually the most bug-free vulnerable application in existence! (@vanderaj) — First you 😂😂then you 😢 (@kramse) — But this doesn't have anything to do with juice. (@coderPatros' wife)

OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

Setup

Gitpod

  1. Login to gitpod.io and use https://gitpod.io/#https://github.com/juice-shop/juice-shop/ to start a new workspace. If you want to spin up a forked repository, your URL needs to be adjusted accordingly.

  2. After the Gitpod workspace is loaded, Gitpod tasks is still running to install npm install and launch the website. Despite Gitpod showing your workspace state already as Running, you need to wait until the installation process is done, before the website becomes accessable. The Open Preview Window (Internal Browser), will open automatically and refresh itself automatically when the server has started.

  3. Your Juice Shop instance is now also available at https://3000-<GITPOD_WORKSPACE_ID>.<GITPOD_HOSTING_ZONE>.gitpod.io.

About

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

owasp-juice.shop

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 56.7%
  • JavaScript 33.6%
  • HTML 7.1%
  • SCSS 1.6%
  • Pug 0.5%
  • Handlebars 0.1%
  • Other 0.4%