OWASP Mutillidae Project

https://github.com/webpwnized/mutillidae

https://github.com/OWASP/DVSA

 

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities a…

 

OWASP Mutillidae II

 

Project Announcements

• Twitter: https://twitter.com/webpwnized

 

Tutorials

• YouTube: https://www.youtube.com/user/webpwnized

 

Installation

Video tutorials are available for each step. If you have a LAMP stack set up aleady, you might skip directly to installing Mutillidae.

For detailed instructions, see the comprehensive guide

Usage

A large number of video tutorials are available on the webpwnized YouTube channel

Features

• Has over 40 vulnerabilities and challenges. Contains at least one vulnerability for each of the OWASP Top Ten 2007, 2010, 2013 and 2017
• Actually Vulnerable (User not asked to enter “magic” statement)
• Mutillidae can be installed on Linux or Windows *AMP stacks making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP.
• Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
• System can be restored to default with single-click of "Setup" button
• User can switch between secure and insecure modes
• Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
• Updated frequently