when downloading files especially from the Internet, its crucial that you verify your download, this will help you release if the actual you file you have just downloaded has been tampered with in any way by another party.
In this example we have just downloaded WebGoat from the interweb the filename and checksum is displayed in the pic below
filename: WebGoat-5.4-OWASP_Standard_Win32.zip
SHA1 Checksum: eb61e9eadb00ae62796110bedf16366a8a15c02f
to verify this in linux (kali) this is simple, simply enter teh command as shown below
echo eb61e9eadb00ae62796110bedf16366a8a15c02f WebGoat-5.4-OWASP_Standard_Win32.zip | sha1sum -c -
 | |||||||||
| sha1sum checksum |
to verify that the sha1sum matches the filename, the output returned is
however if there was a mismatch you will see;
