This is a repository intended to be a self-contained playground for testing the vulnerable web application OWASP Juice Shop with a combination of large language models (LLMs) and automated testing tools.
Install Docker and docker-compose.
Run:
docker-compose up -dto bring up
- a Python
analysisenvironment with a running jupyter notebook server on localhost:8888, along with the ChatGPT API python interface. To get the link with validation token, rundocker-compose logs analysis. - a running instance of OWASP Juice Shop running on localhost:9993.
- a running instance of OWASP ZAP running on localhost:9090/zap/
Ports are configured in the compose file and can be changed as you see fit.
The ZAP docker image comes with automated endpoint scans which generate reports. Once the environment is up, to do a baseline scan run:
docker-compose exec zap zap-baseline.py -t http://juice-shop:3000 -g ./reports/gen.conf -r ./reports/report.html -J ./reports/report.jsonFollow the instructions (option 2) here.
Pay attention to the "Few things to keep in mind", specifically activate burp pro when building the docker iamge and then use the built pro version as a base image to avoid re-activating!