docker-compose 部署OWASP Juice Shop + CTFd
项目介绍
1. OWASP Juice Shop
- 原文
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
- 译文
OWASP Juice Shop可能是最现代、最复杂的不安全web应用程序!它可以用于安全培训、意识演示、CTF,也可以作为安全工具的试验品!Juice Shop包含了整个OWASP十大漏洞,以及现实应用程序中发现的许多其他安全缺陷!
简单来说就是一个靶机
2. CTFd
-
CTF
什么是CTF: What is Capture The Flag?
-
原文
Capture The Flags, or CTFs, are a kind of computer security competition.Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill.There are two kinds of CTF competitions. Jeopardy CTFs and Attack & Defense CTFs.
-
译文
Capture The Flags,简称CTF,是一种计算机安全竞赛。在计算机安全技能测试中,参赛者团队(或仅是个人)相互对抗。CTF比赛有两种。危险CTF和攻击与防御CTF。
部署
采用docker-compose的方式部署
- docker-compose-ctf.yml
version: '3'
services:
juice-shop:
image: bkimminich/juice-shop
ports:
- "9003:3000"
depends_on:
- juice-db
environment:
- NODE_ENV=ctf
- DATABASE_URL=mongodb://juice-db:27017/juice-shop
networks:
- ctf-net
juice-db:
image: mongo
volumes:
- juice_db_data:/data/db # 使用名为 juice_db_data 的卷来持久化数据
networks:
- ctf-net
ctfd:
image: ctfd/ctfd
ports:
- "9008:8000"
depends_on:
- ctfd-db
networks:
- ctf-net
ctfd-db:
image: postgres:9.6-alpine
volumes:
- ctfd_db_data:/var/lib/postgresql/data # 使用名为 ctfd_db_data 的卷来持久化数据
environment:
- POSTGRES_DB=ctfd
- POSTGRES_USER=ctfd
- POSTGRES_PASSWORD=password
networks:
- ctf-net
volumes: # 定义卷
juice_db_data: # Juice Shop 数据库卷
ctfd_db_data: # CTFd 数据库卷
networks:
ctf-net:
- 拉去镜像
docker-compose -f docker-compose-ctf.yml pull
- 启动
docker-compose -f docker-compose-ctf.yml up -d
- 验证
- 访问juice shop: http://192.168.22.68:9003
- 访问ctfd: http://192.168.22.68:9008
访问的地址如果是本地也可以是:http://127.0.0.1,根据实际情况调整。
正常访问则说明服务已经成功部署
题库导入
juice-shop-ctf
根据官方juice-shop-ctf的说明将juice shop的题库导出,然后再导入到CTFd中。
导入的路径在CTFd的:管理面板 -> Config -> Backup -> ImportCSV
这时候就可以在juice shop中发现问题,然后到CTFd上面提交了。