NOWASP (Codename Mutillidae) 2.3.1!

NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiest to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on Samurai WTF and Rapid7 Metasploitable-2. The existing version can be updated on either. Containing dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment deliberately designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.

NOWASP (Mutillidae) change log:

• Updated vulnerabilities listing
• Added an entirely new attack on a new page: view-user-privilege-level.php
• Added view-user-privilege-level.php to main menu under broken session management

NOWASP 2.3.1 (Codename: Mutillidae) was released in a quick succession to NOWASP 2.3.0. It’s change log is as follows:

• Updated project to work with newest XAMPP and LAMP stacks. Last update to stack compatibility was in 2010 for Apache 2.2.x
• Mutillidae now works on XAMPP 1.8: Apache 2.4.2, MySQL 5.5.25a, PHP 5.4.4
• Corrected error on document viewer
• Added new page repeater.php with new vulnerability buffer overflow
• Added new bubble hint for buffer overflow
• Added new bubble hint HTMLandXSSInjectionPoint
• Added new vulnerability class for parameter addition
• Added new hints about parameters addition and buffer overflows
• Split the A1 menu into SQL injection and non-SQL injection because the section was too large to fit on screen.
• Updated vulnerabilities listing

Download NOWASP (Mutillidae)

Mutillidae 2.3.1 – LATEST-mutillidae-2.3.1.zip