Running OWASP Juice Shop on Docker

11 Dec 2019

Explanation

OWASP Juice Shop is a vulnerable web application which contains bunch of vulnerabilities in the OWASP TOP 10.
This is the explanation of environment creation for OWASP Juice Shop with Docker.

Environment

OS: Kali linux 2019.4
Docker: 19.03.4

Solution

1. Installing prerequisits

root@kali:~# apt-get install docker.io docker-compose

---

root@kali:~# docker pull bkimminich/juice-shop

---

2. Launch OWASP Juice Shop

With the following command, we can launch OWASP Juice Shop on Docker.

root@kali:~# docker run --rm -p 3000:3000 bkimminich/juice-shop

> juice-shop@9.3.0 start /juice-shop
> node app

info: All dependencies in ./package.json are satisfied (OK)
info: Detected Node.js version v12.13.1 (OK)
info: Detected OS linux (OK)
info: Detected CPU x64 (OK)
info: Required file index.html is present (OK)
info: Required file styles.css is present (OK)
info: Required file main-es2015.js is present (OK)
info: Required file polyfills-es2015.js is present (OK)
info: Required file runtime-es2015.js is present (OK)
info: Required file vendor-es2015.js is present (OK)
info: Required file main-es5.js is present (OK)
info: Required file polyfills-es5.js is present (OK)
info: Required file runtime-es5.js is present (OK)
info: Required file vendor-es5.js is present (OK)
info: Configuration default validated (OK)
info: Port 3000 is available (OK)
info: Server listening on port 3000

placeholder

3. Version confirmation

root@kali:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	2019.4
Codename:	kali-rolling
root@kali:~# 

root@kali:~# docker --version
Docker version 19.03.4, build 9013bf5
root@kali:~#

4. Remove Docker container

When terminate the OWASP Juice Shop container, at first, check the container ID.

root@kali:~# docker container ls
CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS              PORTS                    NAMES
a9214ce6b90b        bkimminich/juice-shop   "docker-entrypoint.s…"   2 days ago          Up 2 days           0.0.0.0:3000->3000/tcp   sleepy_kalam

root@kali:~#

After that, run the following command.

root@kali:~# docker container kill a9214ce6b90b
a9214ce6b90b

root@kali:~#

1n4r1.github.io

Running OWASP Juice Shop on Docker

Explanation

Environment

Solution

1. Installing prerequisits

2. Launch OWASP Juice Shop

3. Version confirmation

4. Remove Docker container

Related Posts

AWS Pentest with CloudGoat (iam_privesc_by_rollback) 25 Oct 2024

AWS IAM enumeration using AWS CLI (with CloudGoat) 24 Oct 2024

Setting up CloudGoat 17 Oct 2024