Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools. If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Mutillidae is for you.
Change Log of Mutillidae 2.2.0Added balloon tips to help users using jQuery ballons
Added jQuery to Mutillidae
Added large amounts of hints to html-5 web storage page
Added notes and demos from AIDE conference talk to pen test lookup tools page
Added notes and demos from AIDE conference talk to html-5 storage page
Added notes and demos from AIDE conference talk to all pages with cross site scripting (click hints to see)
Made show hints code more efficient
Fixed the width of the command injection level-2 hints
Added more comments to index.php
Made it so the “hints” cookie shows all the time rather than only if the user changes the hint level
Made is easier for user to hack the hints cookie to make hints appears when hints should not appear
Regression tested the hints functionality since most of it changed
Syncronized bubble-hints handler with security levels. The bubble hint can change with the security level. This provides a foundation for the future.
Created the MySQLHandler class
Converted bubble hint handler to use MySQLHandler class
Improved command injection hints on the DNS lookup page
Cleaned up some code on the DNS lookup page
Converted log file to using the MySQLHandler class instead of the connection previously passed on each call to log. This will make logging more simple and faster.
Added getSecurityLevel() method to logging class and the MySQLHandler class
Made hints routine run faster
Improved the vulnerabilities listing in vulnerabilities.php
Improved code on add to your blog
Switched add to blog page to use object oriented sql handler
Added toggle-hints to the core controls menu
Added “show popup hints” options to menu
Tried to move object storage to session so objects are only generated once per session then persisted for the remainder of the session. This greatly imporves performance of objects plus allows the objects to be persistent (remember things). Didnt work. PHP cannot persist objects.
Cleaned up code on arbitrary file inclusion page
Standardized the bubble hint code to make it easy to add new hints
Added browser-info.php to the JavaScript injection menu
Fixed a bug in the hints formatting on the browser-info.php page
Corrected mistakes in the vulnerabilities listing page
Simplified main menu bar under title at top of each page
Added logging to the authorization required error page
Added logging to the capture data page to log the captured data
Converted the capture data page to use OOP SQL handler
Added source viewer page to the menu for Failure to Restrict URL access
Fixed formatting issue on text file viewer
Fixed some old formatting issues in user info php left over from Mutillidae 1.0
Fixed code clarity in user info
Converted user info to use MySQL handler class
Download Mutillidae 2.1.20:
Mutillidae 2.2.0 –
LATEST-mutillidae-2.2.0.zip –
http://sourceforge.net/projects/mutillidae/files/mutillidae-project/
Documentation
Installation Options
Windows 7 Installation Instructions PDF
Mutillidae YouTube Channel
Mutillidae Updates via Twitter
Vulnerabilities
How to Access Mutillidae Over Virtual Box Network
Visit Website -
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://sourceforge.net/projects/mutillidae/
Previous Post regarding mutillidae
http://santoshdudhade.blogspot.in/2012/05/nowasp-mutillidae-web-pen-test-practice.html
Screenshot -
0 comments:
Post a Comment