Featured image of post Deploying OWASP Juice Shop: A Practical Installation Guide
Cybersecurity

Deploying OWASP Juice Shop: A Practical Installation Guide

Learn how to deploy the intentionally vulnerable OWASP Juice Shop on your machine using Docker. This tutorial walks through prerequisites, installation steps, and how to access the app for hacking practice.

This post is part of the OWASP series.

Introduction

In today’s cybersecurity landscape, hands-on practice with real-world vulnerabilities is essential for developers and security professionals alike. More than 10 years after its creation, the OWASP Juice Shop is widely recognized as one of the most comprehensive and intentionally vulnerable web applications designed to help users learn about web security flaws in a safe, controlled environment.

This article provides a practical guide to to deploy a running instance of OWASP Juice Shop for your personal hacking endeavours. By the end of this guide, you will have a fully functional Juice Shop instance ready for security testing and educational purposes.

Preriquisites

Before installing OWASP Juice Shop using Docker, make sure your system meets the following minimal requirements:

System Requirements

  • RAM: At least 256 MB (384 MB recommended)

  • CPU: ~200 millicpu (400 millicpu recommended)

  • Disk Space: Minimum 300 MB (800 MB recommended)

⚠️ These values refer to the Juice Shop container itself. Docker and the OS will require additional resources.

Software Requirements

  • Since we’re going to run the Juice Shop as a container inside it, you’re going to need Docker installed and running (Docker Engine 20.10 or newer is recommended)

  • Internet access to pull the Juice Shop image from Docker Hub

Installing OWASP Juice Shop with Docker

The easiest and most reliable way to run OWASP Juice Shop locally is using Docker. This method requires minimal setup and works across operating systems.

Step 1: Install Docker/Turn on Docker Desktop WSL 2 (if already installed go to Step 2)

If you’re using WSL2 (e.g., Ubuntu running on Windows), the recommended and easiest way to install Docker is via Docker Desktop for Windows.

  1. 👉 Download and install the latest version of Docker Desktop for Windows:

  2. Run the installer and follow the installation instructions (register or create an account)

  3. Depending on which version of Windows you are using, Docker Desktop may prompt you to turn on WSL 2 during installation. Read the information displayed on the screen and turn on the WSL 2 feature to continue.

  4. Start Docker Desktop from the Windows Start menu.

  5. Navigate to Settings.

  6. From the General tab, select Use WSL 2 based engine. (Note that if you have installed Docker Desktop on a system that supports WSL 2, this option is turned on by default.)

  7. Select Apply

Now docker commands work from Windows using the new WSL 2 engine.

💡 To verify the installation on any OS:

1

docker --version

You should get something like:

1
2

jamy@DELL:~/repo/jamyvetter.net (categories-color)⚡ $ docker --version
Docker version 28.3.0, build 38b7060

If you

Step 2: Pull the Juice Shop Docker Image

Use the following command to download the latest stable image from Docker Hub:

1

sudo docker pull bkimminich/juice-shop

This will fetch the latest stable version of the Juice Shop container, built from the official GitHub repository.

Wait until you get the Status: Downloaded newer image for bkimminich/juice-shop:latest docker.io/bkimminich/juice-shop:latest

Then, and only when you finalised the download of the latest image described above, you can go to Step 3.

Step 3: Run the Juice Shop Container

Start the application using:

1

sudo docker run --rm -d --name juice-shop -p 127.0.0.1:3000:3000 bkimminich/juice-shop
  • --rm: auto-remove containers when you exit them
  • -d: runs the container in the background (detached mode)
  • -p 127.0.0.1:3000:3000: maps port 3000 from the container to your local machine

Note (Windows users with VirtualBox):
If you’re using Docker inside a VirtualBox VM, you may need to configure port forwarding from 127.0.0.1:3000 to 0.0.0.0:3000 manually.


🌐 Step 4: Access Juice Shop in Your Browser

Once the container is running, open your browser and go to:

1

http://localhost:3000

You should see the OWASP Juice Shop homepage.

Troubleshooting: Port 3000 is already in use?

If you run:

1

sudo docker run --rm -d --name juice-shop -p 127.0.0.1:3000:3000 bkimminich/juice-shop

…and get this error:

1

Error response from daemon: ports are not available: exposing port TCP 127.0.0.1:3000 ...

It means something (often a leftover Docker process) is already using port 3000.

It can happen for various reason :

  • Docker Desktop was closed without stopping containers first, port proxies stay alive.

  • WSL2 and Docker sometimes leave “ghost” listeners behind, especially after hibernation or shutdown.

In this case, you can check what’s using the port using sudo lsof -i :3000

You’ll see something like:

1
2
3

COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 1068 root    7u  IPv4  22133      0t0  TCP *:3000 (LISTEN)
docker-pr 1074 root    7u  IPv6  22134      0t0  TCP *:3000 (LISTEN)

To fix this issue you have to free the port by killing the Docker processes:

1

sudo fuser -k 3000/tcp

You can then double-check and it should return nothing. Now just re-run the container and start Juice Shop again.


If the issue persists, restart Docker inside WSL2:

1

sudo service docker restart

Then reopen your terminal.

Conclusion

I really encourage you to give this Docker setup a try. It’s straightforward and gets you started with Juice Shop in no time.

Once running, you’ll have a great platform to explore web security challenges on your own machine, perfect for learning about web security in a safe way.

Thanks for following along! I hope this makes your journey into application security a little easier and more enjoyable!

Docker

In this series:

  1. Deploying OWASP Juice Shop: A Practical Installation Guide
  2. The OWASP Foundation
© 2025 Jamyson Vetter