OWASP Mutillidae II 2.11.5 releases: OWASP Mutillidae II Web Pen-Test Practice Application

• Has over 40 vulnerabilities and challenges. Contains at least one vulnerability for each of the OWASP Top Ten 2007, 2010 and 2013
• Actually Vulnerable (User not asked to enter “magic” statement)
• Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own web server. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP.
• Installs easily by dropping project files into the “htdocs” folder of XAMPP.
• Will attempt to detect if the MySQL database is available for the user
• Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
• Contains 2 levels of hints to help users get started
• Includes bubble-hints to help point out vulnerable locations
• Bubble-hints automatically give more information as hint level incremented
• System can be restored to default with a single click of “Setup” button
• User can switch between secure and insecure modes
• Secure and insecure source code for each page stored in the same PHP file for easy comparison
• Provides data capture page and stores captured data in database and file
• Allows SSL to be enforced in order to practice SSL stripping
• Used in graduate security courses, incorporate web sec training courses, and as an “assess the assessor” target for vulnerability software
• Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
• Instructional Videos: http://www.youtube.com/user/webpwnized 
• Updates tweeted to @webpwnized
• Updated frequently
• Project Whitepaper

Changelog v2.11.5

• Patched issue 14

Download

git clone https://github.com/webpwnized/mutillidae.git

Tutorial