OWASP Juice Shop

Main Selling Points

  • Free and Open source: Licensed under the MIT license with no hidden costs or caveats
  • Easy-to-install: Choose between node.js, Docker and Vagrant to run on Windows/Mac/Linux
  • Self-contained: Additional dependencies are pre-packaged or will be resolved and downloaded automatically
  • Self-healing: The simple SQLite and MarsDB databases are wiped and repopulated from scratch on every server startup
  • Gamification: The application notifies you on solved challenges and keeps track of successfully exploited vulnerabilities on a Score Board
  • Re-branding: Fully customizable in business context and look & feel to your own corporate or customer requirements
  • CTF-support: Challenge notifications optionally contain a flag code for your own Capture-The-Flag events

Application Architecture

Architecture diagram


The most trustworthy online shop out there. (@dschadow) — The best juice shop on the whole internet! (@shehackspurple) — Actually the most bug-free vulnerable application in existence! (@vanderaj) — First you 😂😂then you 😢 (@kramse)

Screenshot 1

Screenshot 2

Screenshot 3

Screenshot 4

Screenshot 5

CTF Extension

Juice Shop CTF Logo

GitHub release GitHub stars

The Node package juice-shop-ctf-cli helps you to prepare Capture the Flag events with the OWASP Juice Shop challenges for different popular CTF frameworks. This interactive utility allows you to populate a CTF game server in a matter of minutes.


Latest Releases

GitHub release GitHub release SourceForge SourceForge Docker Pulls

CTF Extension

GitHub release npm npm Docker Pulls

  • 15.10.19: juice-shop-ctf v6.1.2
  • 17.06.19: juice-shop-ctf v6.1.1


GitHub issues by-label GitHub issues by-label

Project Sponsors PayPal

Top Sponsors

XING eSailors iteratec Denim Group

Other Corporate Sponsors

Other Individual Sponsors

LeanPub Royalties

Pwning OWASP Juice Shop

$1,251.68 of royalties from Björn Kimminich’s eBook have been donated to the project between 09/2017 and 07/2019.

Corporate-sponsored code contributions

In order to be recognized as a corporate code sponsor an offical written confirmation of waiving all IP to the contributed code is required.

Official Companion Guide

Write Goodreads Review

Pwning OWASP Juice Shop is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge.

Pwning OWASP Juice Shop cover Pwning OWASP Juice Shop back cover

The ebook is published under CC BY-NC-ND 4.0 and is online-readable for free at https://pwning.owasp-juice.shop. The latest officially released edition is also available for free at https://leanpub.com/juice-shop in PDF, Kindle and ePub format.

Endorsed Open Source Projects

Project Description