OWASP WebGoat teaches you to break into web services. This way, you can protect your own systems better.
There are many legal and ethical limitations to PenTesting. This article does not explain how to use pentest tools safely and legally, you’re responsible for that.
These commands were tested to work on both Xubuntu 18.04 LTS and Kali Linux 2019 xfce.
Install Docker
$ sudo apt-get update
$ sudo apt-get -y install docker.io
$ sudo adduser $(whoami) docker
$ newgrp docker
Install and run WebGoat
Yes, this runs binaries made by some unknown person.
$ docker pull webgoat/webgoat-7.1
$ docker run -p 8080:8080 -t webgoat/webgoat-7.1
Open Firefox on http://localhost:8080/WebGoat/ . Note that you must type the path, or you get an empty web page.
A web page opens “How to work with WebGoat”. We have succesfully installed WebGoat.
Happy hacking!