OWASP Juice Shop CTF
The Node package
juice-shop-ctf-cli
helps you to prepare Capture the Flag events with the
OWASP Juice Shop challenges for different popular CTF frameworks. This interactive utility allows you to populate a CTF game server in a matter of minutes.
Supported CTF Frameworks
The following open source CTF frameworks are supported by
juice-shop-ctf-cli
:
Setup
npm install -g juice-shop-ctf-cli
Usage
Interactive Mode
Open a command line and run:
juice-shop-ctf
Then follow the instructions of the interactive command line tool.
Configuration File
Instead of answering questions in the CLI you can also provide your desired configuration in a file with the following format:
ctfFramework: CTFd 2.x | CTFd 1.x | FBCTF
juiceShopUrl: https://juice-shop.herokuapp.com
ctfKey: https://raw.githubusercontent.com/bkimminich/juice-shop/master/ctf.key # can also be actual key instead URL
countryMapping: https://raw.githubusercontent.com/bkimminich/juice-shop/master/config/fbctf.yml # ignored for CTFd
insertHints: none | free | paid
insertHintUrls: none | free | paid # optional for FBCTF
You can then run the generator with:
juice-shop-ctf --config myconfig.yml
Optionally you can also choose the name of the output file:
juice-shop-ctf --config myconfig.yml --output challenges.out
Docker Container
Share your current directory with the /data
volume of your
bkimminich/juice-shop-ctf
Docker container and run the interactive
mode with:
docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf
Alternatively you can provide a configuration file via:
docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml
Choosing the name of the output file is also possible:
docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml --output challenges.out
For detailed step-by-step instructions and examples please refer to the Hosting a CTF event chapter in our (free) companion guide ebook.
Screenshots
Troubleshooting
If you need help with the application setup please check the Troubleshooting section below or post your specific problem or question in the official Gitter Chat.
- If using Docker Toolbox on Windows make sure that you also enable port
forwarding for all required ports from Host
127.0.0.1:XXXX
to0.0.0.0:XXXX
for TCP in thedefault
VM's network adapter in VirtualBox. For CTFd you need to forward port8000
.
Contributing
Found a bug? Got an idea for enhancement? Improvement for cheating prevention?
Feel free to create an issue or post your ideas in the chat! Pull requests are also highly welcome - please refer to CONTRIBUTING.md for details.
Donations
PayPal
PayPal donations via above button go to the OWASP Foundations and are earmarked for "Juice Shop". This is the preferred and most convenient way to support the project.
Credit Card (through RegOnline)
OWASP hosts a donation form on RegOnline. Refer to the Credit card donation step-by-step guide for help with filling out the donation form correctly.
Ko-fi / Liberapay / Patreon
Crypto Currency
Contributors
Collaborators
- Björn Kimminich aka
bkimminich
(Project Leader) - Jannik Hollenbach aka
J12934
- Timo Pagel aka
wurstbrot
Code Contributors
Based on GitHub commits
on master
as of Tue, 10 Apr 2018
- Josh Grossman aka
tghosth
- Simon Basset aka
simbas
Licensing
This program is free software: you can redistribute it and/or modify it under the terms of the MIT license. OWASP Juice Shop and any contributions are Copyright © by Bjoern Kimminich 2016-2019.