NOWASP Mutillidae 2.3.4! released - NOWASP (Mutillidae) Web Pen-Test Practice Application

NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiast to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on SamuraiWTF and Rapid7 Metasploitable-2. The existing version can be updated on either. Containing dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment deliberately designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target forvulnerability assessment software.


Instructional videos using NOWASP (Mutillidae) are available on the "webpwnized" YouTube account athttps://www.youtube.com/user/webpwnized. Updates on the project and video posts are tweeted to @webpwnized
NOWASP (Mutillidae) Web Site

Features
  • Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the "default" deployment.
  • Installs easily by dropping project files into the "htdocs" folder of XAMPP.
  • Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
  • Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  • System can be restored to default with single-click of "Setup" button
  • Switches between secure and insecure mode
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
  • Contains 2 levels of hints to help users get started
  • Instructional Videos: http://www.youtube.com/user/webpwnized
  • Updates tweeted to @webpwnized
  • Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
  • Mutillidae will attempt to detect if the MySQL database is available for the user
  • Includes bubble-hints to help point out vulnerable locations


NOWASP (Mutillidae) v2.3.4 change log -
  • Added documentation around database configuration area in MySQLHandler.php
  • Cleaned up some code in header.php
  • Added Enforce SSL functionality for use with SSLStrip. This gives the user a way to force Mutillidae to redirect any HTTP requests to HTTPS
  • Squeezed menu to better fit on low resolution screens
  • Added a new button on the side menu for Enforce/Drop SSL
  • Added a new button on the top menu bar for Enforce/Drop SSL
Download NOWASP (Mutillidae)
NOWASP Mutillidae 2.3.4 – LATEST-mutillidae-2.3.4.zip
Download other versions -
Visit website -
Screenshot -















Previous post regarding Multidue -