If nothing happens, tải về the gocnhintangphat.com extension for Visual Studio & try again.
IntroductionWebGoat is a deliberately insecure web application maintained by OWASP designed khổng lồ teach webapplication security lessons.
This program is a demonstration of common server-side application flaws. Theexercises are intended lớn be used by people khổng lồ learn about application security andpenetration testing techniques.
WARNING 1: While running this program your machine will be extremelyvulnerable to attaông xã. You should disconnect from the Internet while usingthis program. WebGoat"s default configuration binds to lớn localhost to lớn minimizethe exposure.
WARNING 2: This program is for educational purposes only. If you attemptthese techniques without authorization, you are very likely to lớn get caught. Ifyou are caught engaging in unauthorized hacking, most companies will fire you.Claiming that you were doing security research will not work as that is thefirst thing that all hackers clayên ổn.
1. Run using DockerEvery release is also published on DockerHub.
Using docker runThe easiest way to start WebGoat as a Docker container is to use the all-in-one docker container. This is a docker image that has WebGoat & WebWolf running inside.
docker run -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf
WebGoat will be located at: http://127.0.0.1:8080/WebGoatWebWolf will be located at: http://127.0.0.1:9090/WebWolf
Important: Choose the correct timezone, so that the docker container và your host are in the same timezone. As it is important for the validity of JWT tokens used in certain exercises.
2. StandaloneDownload the lathử nghiệm WebGoat & WebWolf release from https://gocnhintangphat.com/WebGoat/WebGoat/releases
java -jar webgoat-server-8.1.0.jar <--VPS.port=8080> <--hệ thống.address=localhost>java -jar webwolf-8.1.0.jar <--VPS.port=9090> <--server.address=localhost>
The lathử nghiệm version of WebGoat needs Java 15 or above. By default, WebGoat & Webwolf start on port 8080, 9000 and 9090 with the environment variable WEBGOAT_PORT, WEBGOAT_HSQLPORT & WEBWOLF_PORT you can mix different values.
export WEBGOAT_PORT=18080export WEBGOAT_HSQLPORT=19001export WEBWOLF_PORT=19090java -jar webgoat-server-8.1.0.jarjava -jar webwolf-8.1.0.jar
Use set instead of export if you"re using Windows cmd.
3. Run from the sources
Prerequisites:Java 15Maven > 3.2.1Your favorite IDEGit, or Git tư vấn in your IDEmở cửa a commvà shell/window:
git clone git
Now let"s start by compiling the project.
cd WebGoatgit checkout branch_name>>mvn clean install
Now we are ready to lớn run the project. WebGoat 8.x is using Spring-Boot.
mvn -pl webgoat-server spring-boot:run
... you should be running webgoat on localhost:8080/WebGoat momentarily
To change the IPhường. address add the following variable to the WebGoat/webgoat-container/src/main/resources/application.properties file:
4. Run with custom menuFor speciadanh sách only. There is a way to lớn phối up WebGoat with a personalized menu. You can leave sầu out some menu categories or individual lessons by setting certain environment variables.
For instance running as a jar on a Linux/macOS it will look like this:
export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE"export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations"java -jar webgoat-server/target/webgoat-server-v8.2.0-SNAPSHOT.jar
Or in a docker run it would (once this version is pushed inkhổng lồ docker hub) look like this: