Skip to content

juice-shop/juicy-malware

Repository files navigation

Juicy Malware

This repo contains some fake "malware" to use against OWASP Juice Shop in its SSTI and SSRF Challenges.


This "malware" is actually completely harmless. It does not do anything malicious! But don't just take our word 😉 for it:

🔬 Put on your lab coat and reverse engineer the "malware" to find out what it actually does!

ℹ️ To clarify, you will need to perform this task to be able to solve the SSTI and SSRF challenges.

😷 Only use the files downloaded from this repository when a trustworthy (sic!) Juice Shop instance pointed you here!

🔎 For your own safety please take the time to verify the SHA-256 hashsum (and linked VirusTotal report) of the file you are planning to use:


⚠️ Please make sure the source code for this "malware" remains secret so the challenges are not spoilered for future hacker generations! Thank you!