Installing the OWASP Juice Shop on Kali with Docker is super fast because you don’t have to install anything but Docker. It also makes cleaning up the environment and/or starting over very easy, and all it takes is a couple of commands and mere seconds.
That’s assuming you already have a Kali Virtual Machine running, of course. If you don’t, here’s the quickest way to install Kali on VirtualBox.
Let’s get to it!
Installing Docker in Kali
If you prefer tutorials in a video format, here you go! Otherwise, written steps are below.
Step 1: Add a Docker PGP key
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
We do this for privacy and also for file integrity to help make sure no one is tampering with our download.
Step 2: Add & configure the Docker APT repository
echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list
We can now update our package manager:
sudo apt-get update
Step 3: Install Docker
sudo apt-get install docker-ce
Test the install with:
sudo docker run hello-world
At this point, docker service is started but not enabled. Run:
sudo systemctl start docker
If you want to enable docker to start automatically after a reboot, which won’t be the case by default, you can type:
sudo systemctl enable docker
I usually skip this step since I don’t always use Docker with this VM, but it’s up to you. If you don’t enable it, the next time you launch the VM, you will have to type this command again to start the docker service.
systemctl start docker
The last step is to add our non-root user to the docker group so that we can use Docker:
sudo groupadd dockersudo usermod -aG docker $USER
We now need to reload settings so that this permissions change applies. The best way to reload permissions is to log out and back in. If that doesn’t work, try to reboot the system. Otherwise, you may found that other terminal windows haven’t reloaded settings and you may get “permission denied” errors.
But, if you’d rather not log out or reboot at this time, you can use this command:
Running the OWASP Juice Shop on Kali with Docker
With docker installed, we can now pull in different environments as we need them, without having to install any other software for those environments.
For this course, we use the OWASP Juice Shop a lot. The Juice Shop is one of the most modern and sophisticated insecure web applications designed to be used in security training, and it includes vulnerabilities for all of the OWASP top 10, making it a great choice to learn about today’s top web security threats.
Instead of having to spend a bunch of time setting up the application, we can run it with this simple command now that we have Docker installed:
docker run --rm -p 3000:3000 bkimminich/juice-shop
If that command doesn’t work, try this first:
docker pull bkimminich/juice-shop
…and then re-run the
docker run command above.
Once it pulls in the image and requirements, it launches the app which we can then access at http://localhost:3000/.
Since the Juice Shop is running on port 3000, we could run other environments on different ports (like 80) and easily switch back and forth.
At this point, you can explore the OWASP Juice Shop and have all the fun you want!
If you’d like to learn about SQL injections and other types of web-based injections, and perform them against the OWASP Juice Shop and other environments, check out our course: Injection Attacks: The Complete 2020 Guide.