Update Nowasp mutillidae v-2.2.0

Change Log for NOWASP 2.2.0 (Codename: Mutillidae):

  • Added balloon tips to help users using jQuery ballons
  • Added jQuery to Mutillidae
  • Added large amounts of hints to html-5 web storage page
  • Added notes and demos from AIDE conference talk to pen test lookup tools page
  • Added notes and demos from AIDE conference talk to html-5 storage page
  • Added notes and demos from AIDE conference talk to all pages with cross site scripting (click hints to see)
  • Made show hints code more efficient
  • Fixed the width of the command injection level-2 hints
  • Added more comments to index.php
  • Made it so the “hints” cookie shows all the time rather than only if the user changes the hint level
  • Made is easier for user to hack the hints cookie to make hints appears when hints should not appear
  • Regression tested the hints functionality since most of it changed
  • Syncronized bubble-hints handler with security levels. The bubble hint can change with the security level. This provides a foundation for the future.
  • Created the MySQLHandler class
  • Converted bubble hint handler to use MySQLHandler class
  • Improved command injection hints on the DNS lookup page
  • Cleaned up some code on the DNS lookup page
  • Converted log file to using the MySQLHandler class instead of the connection previously passed on each call to log. This will make logging more simple and faster.
  • Added getSecurityLevel() method to logging class and the MySQLHandler class
  • Made hints routine run faster
  • Improved the vulnerabilities listing in vulnerabilities.php
  • Improved code on add to your blog
  • Switched add to blog page to use object oriented sql handler
  • Added toggle-hints to the core controls menu
  • Added “show popup hints” options to menu
  • Tried to move object storage to session so objects are only generated once per session then persisted for the remainder of the session. This greatly imporves performance of objects plus allows the objects to be persistent (remember things). Didnt work. PHP cannot persist objects.
  • Cleaned up code on arbitrary file inclusion page
  • Standardized the bubble hint code to make it easy to add new hints
  • Added browser-info.php to the JavaScript injection menu
  • Fixed a bug in the hints formatting on the browser-info.php page
  • Corrected mistakes in the vulnerabilities listing page
  • Simplified main menu bar under title at top of each page
  • Added logging to the authorization required error page
  • Added logging to the capture data page to log the captured data
  • Converted the capture data page to use OOP SQL handler
  • Added source viewer page to the menu for Failure to Restrict URL access
  • Fixed formatting issue on text file viewer
  • Fixed some old formatting issues in user info php left over from Mutillidae 1.0
  • Fixed code clarity in user info
  • Converted user info to use MySQL handler class

NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiest to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on Samurai WTF and Rapid7 Metasploitable-2. The existing version can be updated on either. NOWASP (Mutillidae) contains dozens of vulns and hints to help the user; providing an easy-to-use web hacking environment deliberately designed to be used as a lab for security enthusiast, classrooms, labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.

NOWASP (Mutillidae) has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and oth


Features :

  1. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
  2. Installs easily by dropping project files into the “htdocs” folder of XAMPP.
  3. Preinstalled on Rapid7 Metasploitable 2
  4. Preinstalled on Samurai Web Testing Framework (WTF)
  5. Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  6. System can be restored to default with single-click of “Setup” button
  7. Switches between secure and insecure mode
  8. Secure and insecure source code for each page stored in the same PHP file for easy comparison
  9. Used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software
  10. Contains 2 levels of hints to help users get started
  11. Instructional Videos: http://www.youtube.com/user/webpwnized
  12. Updates tweeted to @webpwnized
  13. Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
[youtube=http://www.youtube.com/watch?v=1hF0Q6ihvjc]

Download : mutillidae-2.2.0.zip (7.2 MB)
Find Other Version |
Read more Right here : http://www.irongeek.com
Our post before :
http://www.seclist.us/update-mutillidae-v-2120-with-full.html
http://www.seclist.us/mutillidae-v-2119-released-with-video.html