Home / mutillidae-project
Name Modified Size Downloads / Week Status
Parent folder
Totals: 5 Items   47.4 MB 215
mutillidae-classic (mutillidae versions 1.x) 2012-02-15 22 weekly downloads
LATEST-mutillidae-2.6.14.zip 2014-09-28 23.6 MB 199199 weekly downloads
LATEST-mutillidae-2.6.14.zip.md5 2014-09-28 63 Bytes 33 weekly downloads
mutillidae-2.6.13.zip 2014-09-15 23.8 MB 88 weekly downloads
LATEST-mutillidae-2.6.13.zip.md5 2014-09-15 63 Bytes 55 weekly downloads
Please see the documentation folder for installation instructions including information on suppressing PHP errors related to the project using OWASP ESAPI. *********************************** * Project Updates/Releases * *********************************** Project Updates/Releases : Twitter @webpwnized (http://twitter.com/webpwnized) *********************************** * Project Whitepaper * *********************************** Project Whitepaper: http://www.giac.org/paper/gwapt/3387/introduction-owasp-mutillidae-ii-web-pen-test-training-environment/126917 *********************************** * Download (GIT) * *********************************** Sourceforge GIT: https://sourceforge.net/p/mutillidae/git/ci/master/tree/ git clone git://git.code.sf.net/p/mutillidae/git mutillidae-git *********************************** * Download (ZIP) * *********************************** Sourceforge: https://sourceforge.net/projects/mutillidae/files/ NOTE: GIT updated (much) more frequently. ZIP will not be latest release. *********************************** * Documentation * *********************************** Project Whitepaper: http://www.giac.org/paper/gwapt/3387/introduction-owasp-mutillidae-ii-web-pen-test-training-environment/126917 Documentation: https://sourceforge.net/projects/mutillidae/files/documentation/ - Please note help file "tips-on-php-strict-errors.txt" concerning PHP strict errors *********************************** * Instructional Videos * *********************************** Web Pen Testing Instructional Videos: http://www.youtube.com/user/webpwnized/ ********************************************************************** * Installation/Introduction Videos * ********************************************************************** Mutillidae: Quickstart guide to installing NOWASP Mutillidae on Windows with XAMPP: https://www.youtube.com/watch?v=1hF0Q6ihvjc NOWASP Mutillidae: How to install and configure Burp-Suite with Firefox: https://www.youtube.com/watch?v=Fj0n17Jtnzw NOWASP Mutillidae: How to remove PHP errors after installing Mutillidae on Windows XAMPP: https://www.youtube.com/watch?v=kDo52RySRME NOWASP Mutillidae: Installing latest Mutillidae on Samurai WTF version 2: https://www.youtube.com/watch?v=y-Cz3YRNc9U KY ISSA Conference: Introduction to NOWASP Mutillidae Web Pen Testing Environment: https://www.youtube.com/watch?v=CYsiNYeAS6U *********************************** * Installation on XAMPP * *********************************** Quickstart Installation Video (YouTube): http://youtu.be/1hF0Q6ihvjc ********************************************************************************* * Separate Installation on Samurai WTF 2.0 (Without disturbing default version) * ********************************************************************************* Quickstart Installation Video (YouTube): http://youtu.be/y-Cz3YRNc9U Installation requires downloading the latest verion of NOWASP Mutillidae, unzipping the Zip file which contains a single folder named "mutillidae", and placing the "mutillidae" folder into /var/www directory. 1. Download latest version of Mutillidae 2. Unzip the latest version (the only folder in the ZIP file is the "mutillidae" folder) cd ~/Downloads unzip <name of download> 3. Become root user sudo -s 4. Copy the latest version to /var/www cp -R mutillidae /var/www/ Configuration is done by opening the /var/www/mutillidae/classes/MySQLHandler.php file and changing the default MySQL password from blank empty string to "samurai". 5. In file /var/www/mutillidae/classes/MySQLHandler.php, change the default MySQL password from blank empty string to "samurai". Starting the project is done by browsing to http://localhost/mutillidae and clicking the Reset-DB button on the menu bar. 6. Browse to http://localhost/mutillidae 7. Click the "ResetDB" button on the menu bar. *************************************************************** * Activate default version on Samurai WTF 2.0 * *************************************************************** By default on SamuraiWTF 2.0, the hosts file does not point to the web pen testing targets. However, the hosts.samurai file contains all the neccesary links. By copying the hosts.samurai file over the default hosts file, the menu links will operate and all the targets (including Mutillidae) will be available. As root user: sudo -s Backup the existing hosts file mv /etc/hosts /etc/hosts.original.backup Copy the SamuraiWTF hosts file to the hosts file cp /etc/hosts.samurai /etc/hosts Confirm overwrite if needed Menu shortcut is Applications -> Samurai -> Targets -> Mutillidae *************************************************************** * Installation on Samurai WTF 2.0 (Replacing default version) * *************************************************************** Activate default version if not already completed (see above) As root user: sudo -s Backup existing copy of mutillidae in the /usr/share directory 1. Backup the entire /usr/share/mutillidae directory mv /usr/share/mutillidae /usr/share/mutillidae.original.backup Installation requires downloading the latest verion of NOWASP Mutillidae, unzipping the Zip file which contains a single folder named "mutillidae", and placing the "mutillidae" folder into /var/www directory. 2. Download latest version of Mutillidae 3. Unzip the latest version (the only folder in the ZIP file is the "mutillidae" folder) cd ~/Downloads unzip <name of download> 4. Copy the latest version to /usr/share/ cp -R mutillidae /usr/share/mutillidae Configuration is done by opening the /usr/share/mutillidae/classes/MySQLHandler.php file and changing the default MySQL password from blank empty string to "samurai". 5. In file /usr/share/mutillidae/classes/MySQLHandler.php, change the default MySQL password from blank empty string to "samurai". Starting the project is done by browsing to http://localhost/mutillidae and clicking the Reset-DB button on the menu bar. 6. Browse to http://mutillidae 7. Click the "ResetDB" button on the menu bar. *************************************************************** * Installation on Ubuntu * *************************************************************** #Update aptitude repository sudo apt-get update #Install Apache2/dependencies sudo apt-get install apache2 apache2-utils #Modify file /etc/apache2/mods-enabled/dir.conf sudo nano /etc/apache2/mods-enabled/dir.conf #Change the following line: <IfModule mod_dir.c> DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm </IfModule> #Change to: <IfModule mod_dir.c> #DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm </IfModule> #Restart apache2 and verify apache2 is working by visiting http://ip_address or http://localhost sudo service apache2 restart firefox http://localhost #Install MySQL Server. Be careful to note what password is used for MySQL because Mutillidae must know what is this password. sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql sudo mysql_install_db #Install PHP5 sudo apt-get install php5 php5-mysql php-pear php5-gd php5-mcrypt php5-curl #Testing PHP5 sudo touch /var/www/html/phpinfo.php sudo nano /var/www/html/phpinfo.php #Add the following line into /var/www/html/phpinfo.php <?php phpinfo(); ?> #Verify PHP5 firefox http://localhost/phpinfo.php #Install Mutillidae cd /var/www/html/ sudo git clone git://git.code.sf.net/p/mutillidae/git mutillidae #Browse to Mutillidae firefox http://localhost/mutillidae #Click "Reset Database" to set up database
Source: readme.txt, updated 2014-09-05