Skip to content
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
JavaScript Dockerfile Shell
Branch: master
Clone or download

Latest commit


Type Name Latest commit message Commit time
Failed to load latest commit information.
.dependabot Add Dependabot configuration file Dec 29, 2019
.github Use contact link for support requests instead of "do-not-use" issue t… Apr 26, 2020
bin Apply lebab conversions Feb 6, 2018
data Additional configuration info Nov 20, 2019
images Replace Asciinema video with simple screenshot Nov 23, 2019
lib Encode backticks in XSS payloads Mar 23, 2020
test Fix linting issues Nov 22, 2019
.dockerignore Ignore /build folder from Docker Mar 29, 2018
.editorconfig feature(non-interactive): adds a non-interactive interface via a yaml… Mar 26, 2018
.gitignore Fix linter and code convention issues Nov 20, 2019
.gitlab-ci.yml Add SAST scanning May 13, 2019
.mailmap Deduplicate git commit messages Apr 2, 2020
.travis.yml Fix build config validation warnings Apr 25, 2020 Remove GreenKeeper badge Mar 9, 2020
Dockerfile Allow Node.js 14.x and use as default in Travis-CI and Docker image Apr 25, 2020 Extract contributors to hall of fame Apr 2, 2020
LICENSE Bump copyright year to 2020 Dec 20, 2019 Extract contributors to hall of fame Apr 2, 2020 Drop support for Node.js 8.x Mar 9, 2020
index.js Remove unused variable assignment Apr 2, 2020
package-lock.json Update all dependencies May 3, 2020
package.json Update all dependencies May 3, 2020

Juice Shop CTF Logo OWASP Juice Shop CTF OWASP Flagship GitHub release Twitter Follow Subreddit subscribers

Build Status Docker Cloud Build Status Coverage Status Code Climate Code Climate technical debt
GitHub stars

The Node package juice-shop-ctf-cli helps you to prepare Capture the Flag events with the OWASP Juice Shop challenges for different popular CTF frameworks. This interactive utility allows you to populate a CTF game server in a matter of minutes.

Screenshot of juice-shop-ctf-cli in Powershell

Supported CTF Frameworks

The following open source CTF frameworks are supported by juice-shop-ctf-cli:

Setup node npm npm npm bundle size

npm install -g juice-shop-ctf-cli


Interactive Mode

Open a command line and run:


Then follow the instructions of the interactive command line tool.

Configuration File

Instead of answering questions in the CLI you can also provide your desired configuration in a file with the following format:

ctfFramework: CTFd | FBCTF | RootTheBox
ctfKey: # can also be actual key instead URL
countryMapping: # ignored for CTFd and RootTheBox
insertHints: none | free | paid
insertHintUrls: none | free | paid # optional for FBCTF

You can then run the generator with:

juice-shop-ctf --config myconfig.yml

Optionally you can also choose the name of the output file:

juice-shop-ctf --config myconfig.yml --output challenges.out

Docker Container Docker Automated build Docker Pulls Docker Stars

Share your current directory with the /data volume of your bkimminich/juice-shop-ctf Docker container and run the interactive mode with:

docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf

Alternatively you can provide a configuration file via:

docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml

Choosing the name of the output file is also possible:

docker run -ti --rm -v $(pwd):/data bkimminich/juice-shop-ctf --config myconfig.yml --output challenges.out

For detailed step-by-step instructions and examples please refer to the Hosting a CTF event chapter in our (free) companion guide ebook.


CTFd challenge overview

FBCTF world map

RTB challenge boxes

Troubleshooting Gitter

If you need help with the application setup please check the Troubleshooting section below or post your specific problem or question in the official Gitter Chat.

  • If using Docker Toolbox on Windows make sure that you also enable port forwarding for all required ports from Host to for TCP in the default VM's network adapter in VirtualBox. For CTFd you need to forward port 8000.

Contributing GitHub contributors

Found a bug? Got an idea for enhancement? Improvement for cheating prevention?

Feel free to create an issue or post your ideas in the chat! Pull requests are also highly welcome - please refer to for details.


The OWASP Foundation gratefully accepts donations via Stripe. Projects such as Juice Shop can then request reimbursement for expenses from the Foundation. If you'd like to express your support of the Juice Shop project, please make sure to tick the "Publicly list me as a supporter of OWASP Juice Shop" checkbox on the donation form. You can find our more about donations and how they are used here:


The OWASP Juice Shop core project team are:

For a list of all contributors to the OWASP Juice Shop CTF Extension please visit our

Licensing license

This program is free software: you can redistribute it and/or modify it under the terms of the MIT license. OWASP Juice Shop and any contributions are Copyright © by Bjoern Kimminich 2016-2020.

Juice Shop CTF Logo

You can’t perform that action at this time.