An intentionally insecure RIA suitable for pentesting and security awareness trainings written in Node, Express and Angular. Inspired by the "classic" BodgeIt Store by @psiinon.
Translating "dump" or "useless outfit" into German yields "Saftladen" which can be reverse-translated word by word into "juice shop". Hence the name of this project.
You may find it easier to find vulnerabilities using a pen test tool. I strongly recommend Zed Attack Proxy which is open source and very powerful, yet beginner friendly.
- Easy to install: Just requires node.js
- Self contained: Additional dependencies will be resolved and downloaded automatically
- No external DB: A simple file based SQLite database is used which is wiped and regenerated on server startup
- Open source: No hidden costs or caveats
- Install node.js (version 0.10.x)
- Run
git clone https://github.com/bkimminich/juice-shop.git(or clone your own fork of the repository) - Run
npm install(only has to be done before first start or when you change the source code) - Run
npm start - Browse to http://localhost:3000
- Install Docker
- Run
docker pull bkimminich/juice-shop - Run
docker run -d -p 3000:3000 bkimminich/juice-shop - Browse to http://localhost:3000
- Install node.js (version 0.10.x)
- Download
juice-shop-<version>.zipattached to latest release - Unpack and run
npm startin unzipped folder - Browse to http://localhost:3000
- If you are experiencing Error 128 from some GitHub repos during
bower_install.jsexecution, rungit config --global url."https://".insteadOf git://and trynpm installagain - If using Boot2Docker (Docker inside VirtualBox on Windows) make sure that you also enable port forwarding from Host
127.0.0.1:3000to0.0.0.0:3000for TCP
