https://github.com/webpwnized/mutillidae
https://github.com/OWASP/DVSA
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities a…
OWASP Mutillidae II
Project Announcements
- Twitter: https://twitter.com/webpwnized
Tutorials
Installation
Video tutorials are available for each step. If you have a LAMP stack set up aleady, you might skip directly to installing Mutillidae.
For detailed instructions, see the comprehensive guide
Usage
A large number of video tutorials are available on the webpwnized YouTube channel
Features
- Has over 40 vulnerabilities and challenges. Contains at least one vulnerability for each of the OWASP Top Ten 2007, 2010, 2013 and 2017
- Actually Vulnerable (User not asked to enter “magic” statement)
- Mutillidae can be installed on Linux or Windows *AMP stacks making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP.
- Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
- System can be restored to default with single-click of "Setup" button
- User can switch between secure and insecure modes
- Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
- Updated frequently