i Pentest Lab – All things in moderation

Pentest Lab

1.OWASP Mutillidae


2.SQL injection Lab


3.DVWA (Damn Vulnerable Web App)


4. webgoat


install maven: # apt-get install maven then step by step README.MD 🙂

Cloning the Lesson Server and the Lessons project:

# git clone https://github.com/WebGoat/WebGoat.git
# git clone https://github.com/WebGoat/WebGoat-Lessons.git

Now let’s start by compiling the WebGoat Lessons server.

# cd WebGoat
# git checkout develop
# mvn clean compile install
# cd ..

Before you can run the project, we need to compile the lessons and copy them over:

If you don’t run this step, you will not have any Lessons to work with!

# cd WebGoat-Lessons
# git checkout develop
# mvn package
# cp target/plugins/*.jar ../WebGoat/webgoat-container/src/main/webapp/plugin_lessons/
# cd ..

Run project

# cd WebGoat
# mvn -pl webgoat-container tomcat7:run-war

Browse to http://localhost:8080/WebGoat

5. NodeGoat ( OWASP Top 10 security risks )

install nodejs 4.x via package-manager

create file nodesource.list

# mkdir /etc/apt/sources.list.d
# touch /etc/apt/sources.list.d/nodesource.list
# curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
# apt-get install -y nodejs

install nodejs package management (npm)

# sudo npm install npm -g

build NodeGoat on localhost

# git clone https://github.com/OWASP/NodeGoat.git
# npm install

Start mongodb

# service mongodb start

Update the db property in file config/env/development.js to reflect your DB setup. (in format: mongodb://localhost:27017/<databasename>)

Run grunt task below to populate the DB with seed data required for the application. Pass the desired environment as argument. If not passed, “development” is the default:

#grunt db-reset:development

start server

# npm start
#nodejs server.js

Start NodeGoat application at url: http://localhost:4000

tutorial: http://localhost:4000/tutorial



Leave a Reply