- Twitter: https://twitter.com/webpwnized
Video tutorials are available for each step. If you have a LAMP stack set up aleady, you might skip directly to installing Mutillidae.
For detailed instructions, see the comprehensive guide
A large number of video tutorials are available on the webpwnized YouTube channel
- Has over 40 vulnerabilities and challenges. Contains at least one vulnerability for each of the OWASP Top Ten 2007, 2010, 2013 and 2017
- Actually Vulnerable (User not asked to enter “magic” statement)
- Mutillidae can be installed on Linux or Windows *AMP stacks making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP.
- Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
- System can be restored to default with single-click of "Setup" button
- User can switch between secure and insecure modes
- Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
- Updated frequently