juice-shop-ctf-cli

OWASP Juice Shop CTF

The NPM package juice-shop-ctf-cli lets you create a ZIP-archive compatible with CTFd's data backup format to conveniently populate the platform for a Capture the Flag event against OWASP Juice Shop.

:information_source: The data format generated by v4.x of this utility has been tested for schema-compatibility with CTFd ≥v1.1.0.

Setup

npm install -g juice-shop-ctf-cli

Usage

Interactive Mode

Open a command line and run:

juice-shop-ctf

Then follow the instructions of the interactive command line tool.

Configuration File

Instead of answering questions in the CLI you can also provide your desired configuration in a file with the following format:

juiceShopUrl: https://juice-shop.herokuapp.com
ctfKey: https://raw.githubusercontent.com/bkimminich/juice-shop/master/ctf.key # can also be actual key instead URL
insertHints: none | free | paid
insertHintUrls: none | free | paid

You can then run the generator with:

juice-shop-ctf --config myconfig.yml

Optionally you can also choose the name of the output file:

juice-shop-ctf --config myconfig.yml --output challenges.zip

Docker Container

Share your current directory with the /data volume of your bkimminich/juice-shop-ctf Docker container and run the interactive mode with:

docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf

Alternatively you can provide a configuration file via:

docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml

Choosing the name of the output file is also possible:

docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml --output challenges.zip

---

For detailed step-by-step instructions and examples please refer to the Setting up CTFd for Juice Shop in the Hosting a CTF event chapter of our (free) companion guide ebook.

Screenshots

Troubleshooting

If you need help with the application setup please check the Troubleshooting section below or post your specific problem or question in the official Gitter Chat.

• If using Docker Toolbox on Windows make sure that you also enable port forwarding for all required ports from Host 127.0.0.1:XXXX to 0.0.0.0:XXXX for TCP in the default VM's network adapter in VirtualBox. For CTFd you need to forward port 8000.

Contributing

Found a bug? Got an idea for enhancement? Improvement for cheating prevention?

Feel free to create an issue or post your ideas in the chat! Pull requests are also highly welcome - please refer to CONTRIBUTING.md for details.

Donations

PayPal

PayPal donations via above button go to the OWASP Foundations and are earmarked for "Juice Shop". This is the preferred and most convenient way to support the project.

Credit Card (through RegOnline)

OWASP hosts a donation form on RegOnline. Refer to the Credit card donation step-by-step guide for help with filling out the donation form correctly.

Crypto Currency

Contributors

Collaborators

• Björn Kimminich aka bkimminich (Project Leader)
• Jannik Hollenbach aka J12934
• Timo Pagel aka wurstbrot

Code Contributors

Based on GitHub commits. Ordered by added lines of code as of Mon, 11 Dec 2017 on master.

• Josh Grossman aka tghosth

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the MIT license. OWASP Juice Shop and any contributions are Copyright © by Bjoern Kimminich 2016-2018.