qauni / juice-shop Public

forked from juice-shop/juice-shop

Notifications You must be signed in to change notification settings
Fork 28
Star 3

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

owasp-juice.shop

MIT license

3 stars 11.5k forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
app		app
data		data
test		test
.bowerrc		.bowerrc
.gitignore		.gitignore
.jshintrc		.jshintrc
README.md		README.md
app.js		app.js
bower.json		bower.json
karma.conf.js		karma.conf.js
package.json		package.json
server-tests.js		server-tests.js
server.js		server.js

Repository files navigation

The Juice Shop

An intentionally insecure web application suitable for pen testing and security awareness trainings.

Translating "dump" or "useless outfit" into German yields "Saftladen" which can reverse-translated word by word into "juice shop". Hence the name of this project.

Features

Easy to install: Just requires node.js
Self contained: Additional dependencies will be resolved and downloaded automatically
No external DB: A simple file based SQLite database is used which is wiped and regenerated on server startup
Open source: No hidden costs or caveats

Getting started

Install node.js
Run npm install (only has to be done before first start or when you change the source code)
Run npm start
Browse to http://localhost:3000

You may find it easier to find vulnerabilities using a pen test tool. I strongly recommend Zed Attack Proxy which is open source and very powerful, yet beginner friendly.