Set up the OWASP Juice Shop on Kali with Docker [Quickest Method]

Christophe July 20, 2020
10 Comments
Install OWASP Juice Shop on Kali Banner

Installing the OWASP Juice Shop on Kali with Docker is super fast because you don’t have to install anything but Docker. It also makes cleaning up the environment and/or starting over very easy, and all it takes is a couple of commands and mere seconds.

That’s assuming you already have a Kali Virtual Machine running, of course. If you don’t, here’s the quickest way to install Kali on VirtualBox.

Let’s get to it!

Installing Docker in Kali

If you prefer tutorials in a video format, here you go! Otherwise, written steps are below.

sudo apt update
sudo apt install -y docker.ioCode language: CSS (css)

At this point, docker service is started but not enabled. If you want to enable docker to start automatically after a reboot, which won’t be the case by default, you can type:

sudo systemctl enable docker --now

The last step is to add our non-root user to the docker group so that we can use Docker:

sudo usermod -aG docker $USERCode language: PHP (php)

We now need to reload settings so that this permissions change applies.

newgrp docker

The best way to reload permissions, though, is to log out and back in. If that doesn’t work, try to reboot the system. Otherwise, you may found that other terminal windows haven’t reloaded settings and you may get “permission denied” errors. But, if you’d rather not log out or reboot at this time, you can use the above command.

Running the OWASP Juice Shop on Kali with Docker

With docker installed, we can now pull in different environments as we need them, without having to install any other software for those environments.

For this course, we use the OWASP Juice Shop a lot. The Juice Shop is one of the most modern and sophisticated insecure web applications designed to be used in security training, and it includes vulnerabilities for all of the OWASP top 10, making it a great choice to learn about today’s top web security threats.

It uses modern languages and frameworks like Angular, JavaScript, Node.js and SQLite for the database.

Instead of having to spend a bunch of time setting up the application, we can run it with this simple command now that we have Docker installed:

docker run --rm -p 3000:3000 bkimminich/juice-shop

If that command doesn’t work, try this first:

docker pull bkimminich/juice-shop

…and then re-run the docker run command above.

Once it pulls in the image and requirements, it launches the app which we can then access at http://localhost:3000/.

Launching the OWASP Juice Shop with Docker

Since the Juice Shop is running on port 3000, we could run other environments on different ports (like 80) and easily switch back and forth.

What now?

At this point, you can explore the OWASP Juice Shop and have all the fun you want!

If you’d like to learn about SQL injections and other types of web-based injections, and perform them against the OWASP Juice Shop and other environments, check out our course: Injection Attacks: The Complete 2020 Guide.

Categories: Application Security, Beginner, Ethical Hacking
Tags: , , , ,
Christophe

Related Articles

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  2. Mah Noor February 1, 2021

    5fd2bdfdbf4b: Downloading 24.5MB/24.59MB
    All are downloaded but this one is stuck here for an hour now i dont know what to do, Kindly help

    1. Christophe February 2, 2021

      Is that happening when you’re running this command? docker run –rm -p 3000:3000 bkimminich/juice-shop
      I would try a docker restart and see if that fixes it: sudo service docker restart

    1. Christophe March 4, 2021

      Hello, what do you see when you check your /etc/apt/sources.list with this command?
      sudo vim /etc/apt/sources.list

      Do you see something like this?
      deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic test stabe edge stabile stable

      If so, remove everything after the URL except for stable. Save and exit by pressing esc then :x followed by enter

      Then sudo apt-get update

      sudo apt-get install docker-ce

      If you get a message saying that the installation was already attempted but could be defective, try this:

      sudo apt --fix-broken install

      Otherwise, if it works you can skip that last command. Test that it works with:

      docker run hello-world

  4. Thomas Derenthal June 29, 2021

    Thank you for this. This is indeed the ‘fast way’. I’m up and running with Juice Shop on Ubuntu 20 VM and can access it from my Windows and Kali machines. BTW… I have the Ubuntu running in a VM on our Hyper-V VMHost server which runs all our VMs for metasploitable, Win10 and other training machines.

  5. Ron January 16, 2022

    I am not too familiar with Docker images but I am curious about how it retains the progress when the docker goes down. I restart the image and it seems to keep track of my progress. I was expecting it to reset but how does it retain that info? Can you help me understand it? TIA!

      1. Christophe January 16, 2022

        Nice! I was about to say, the environment should be getting wiped out as you take down containers and rebuild them. If you wanted to retain changes, you could use external volumes that you mount/unmount to containers.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts

Please allow a few minutes for this process to complete.

Report

You have already reported this .