Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
OWASP Juice Shop CTF Extension
The Node packagejuice-shop-ctf-cli
helps you to prepare
Capture the Flag
events with the OWASP Juice Shop challenges
for different popular CTF frameworks. This interactive utility allows
you to populate a CTF game server in a matter of minutes.
The following open source CTF frameworks are supported byjuice-shop-ctf-cli:
npm install -g juice-shop-ctf-cli
Open a command line and run:
juice-shop-ctf
Then follow the instructions of the interactive command line tool.
Instead of answering questions in the CLI you can also provide your
desired configuration in a file with the following format:
ctfFramework: CTFd | FBCTF | RootTheBoxjuiceShopUrl: https://juice-shop.herokuapp.comctfKey: https://raw.githubusercontent.com/bkimminich/juice-shop/master/ctf.key # can also be actual key or comma-separated list of keys (CTFd only) instead of URLcountryMapping: https://raw.githubusercontent.com/bkimminich/juice-shop/master/config/fbctf.yml # ignored for CTFd and RootTheBoxinsertHints: none | free | paid # "paid" handled as "free" for CTFdinsertHintUrls: none | free | paid # optional for FBCTF; "paid" handled as "free" for CTFdinsertHintSnippets: none | free | paid # optional for FBCTF; "paid" handled as "free" for CTFd
You can then run the generator with:
juice-shop-ctf --config myconfig.yml
Optionally you can also choose the name of the output file:
juice-shop-ctf --config myconfig.yml --output challenges.out
You can ignore certificate warnings like this:
juice-shop-ctf --ignoreSslWarnings
Share your current directory with the /data volume of yourbkimminich/juice-shop-ctf Docker container and run the interactive
mode with:
docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf
Alternatively you can provide a configuration file via:
docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml
Choosing the name of the output file is also possible:
docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml --output challenges.out
On Windows cmd.exe you have to use %cd% instead of $(pwd) to mount your current working directory.
For detailed step-by-step instructions and examples please refer to
the Hosting a CTF event chapter
in our (free) companion guide ebook.
If you need help with the application setup please check the
Troubleshooting section below or post your specific problem or
question in the
official Gitter Chat.
127.0.0.1:XXXX to0.0.0.0:XXXX for TCP in the default VM’s network adapter in8000.
Found a bug? Got an idea for enhancement? Improvement for cheating
prevention?
Feel free to
create an issue
or
post your ideas in the chat!
Pull requests are also highly welcome - please refer to
CONTRIBUTING.md for details.
The OWASP Foundation gratefully accepts donations via Stripe. Projects
such as Juice Shop can then request reimbursement for expenses from the
Foundation. If you’d like to express your support of the Juice Shop
project, please make sure to tick the “Publicly list me as a supporter
of OWASP Juice Shop” checkbox on the donation form. You can find our
more about donations and how they are used here:
https://pwning.owasp-juice.shop/companion-guide/latest/part3/donations.html
The OWASP Juice Shop Project Leaders are:
bkimminich 
J12934For a list of all contributors to the OWASP Juice Shop CTF Extension
please visit our HALL_OF_FAME.md.
This program is free software: you can redistribute it and/or modify it
under the terms of the MIT license. OWASP Juice Shop CTF
Extension and any contributions are Copyright © by Bjoern Kimminich &
the OWASP Juice Shop contributors 2016-2025.
