The Juice Shop is a fake webshop with a lot of realistic functions but it also has a lot of security issues. The idea is to use the shop to learn about security issues and how they are exploited. The application is open source, and the project is part of OWASP.
How to run the Juice Shop
You have several options for running the Juice Shop. You can run it locally, in a dockers container, in Azure or in several other ways (that are not described in this post).
How to use the Juice Shop
Have you never used the Juice Shop before; be sure to use the “Help getting started” button and do the first challenge of finding the Score Board. On the Score Board, you can see your progress and find new challenges as well as guidance.
Run it Locally
You can run the Juice Shop locally on your computer by downloading the code and running it. You will need Node.js installed. Then you can download and run the Juice Shop by using the following commands (first navigate to the catalog where you wish to download the code):
git clone https://github.com/juice-shop/juice-shop.git --depth 1 cd juice-shop npm install npm start
The Juice Shop will then be available at http://localhost:3000.
Use it on Docker locally
You can run the Juice Shop in a docker container locally on your computer (then you don’t need to download the code). You will need to have Docker installed and running. Then you can download and run the Juice Shop by using the following commands:
docker pull bkimminich/juice-shop docker run -d -p 3000:3000 bkimminich/juice-shop
(bkimminch is the creator of the Juice Shop)
The Juice Shop will then be available at http://localhost:3000
Deploy it on Docker in Azure
You can run the Juice Shop in a docker container in Azure. You need to have an Azure subscription and Azure CLI installed. You can download and run the Juice Shop by using the following command after you modify the variables in the script to your liking.
#first make sure to log in and select the correct subscription for this setup az login #if you only have one subscription you can skip the next step #use 'az account list' if you need a list of your subscriptions and their id az account set --subscription <subscription id> $resourceGroupName = "JuiceShop" $location = "swedencentral" $cointainerName = "juiceshopcontainer" $dnsNameLabel = "<a global unique name>" #let's create the resources in Azure: az group create --name $resourceGroupName --location $location az container create --resource-group $resourceGroupName --name $cointainerName --location $location --image bkimminich/juice-shop --dns-name-label $dnsNameLabel --ports 3000 "http://$dnsNameLabel.$location.azurecontainer.io:3000"
the last command will give you the URL to the Juice Shop. You can also find the URL in the Azure portal (make sure to use port 3000).
Do note that leaving the Juice Shop running in Azure will cost you money. You can stop the container in the Azure portal or by using the following command:
az container stop --resource-group $resourceGroupName --name $cointainerName
or completely remove everything by using the following command:
az group delete --name $resourceGroupName