{"id":19950997,"url":"https://github.com/webpwnized/mutillidae-docker","last_synced_at":"2025-04-05T15:06:37.671Z","repository":{"id":45084643,"uuid":"370087543","full_name":"webpwnized/mutillidae-docker","owner":"webpwnized","description":"OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.","archived":false,"fork":false,"pushed_at":"2024-11-25T02:50:31.000Z","size":179,"stargazers_count":87,"open_issues_count":0,"forks_count":42,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-29T14:08:31.100Z","etag":null,"topics":["application","cybersecurity","docker","docker-compose","environment","mutillidae","owasp","security","training","web"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/webpwnized.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-23T15:23:00.000Z","updated_at":"2025-03-28T08:01:05.000Z","dependencies_parsed_at":"2023-10-17T05:24:23.989Z","dependency_job_id":"0773cdd6-1e16-4759-9585-f059bdd8ec45","html_url":"https://github.com/webpwnized/mutillidae-docker","commit_stats":null,"previous_names":[],"tags_count":71,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpwnized%2Fmutillidae-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpwnized%2Fmutillidae-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpwnized%2Fmutillidae-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webpwnized%2Fmutillidae-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webpwnized","download_url":"https://codeload.github.com/webpwnized/mutillidae-docker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247353745,"owners_count":20925329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application","cybersecurity","docker","docker-compose","environment","mutillidae","owasp","security","training","web"],"created_at":"2024-11-13T01:06:27.719Z","updated_at":"2025-04-05T15:06:37.641Z","avatar_url":"https://github.com/webpwnized.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OWASP Mutillidae II\n\n## Project Announcements\n\n* **Twitter**: [https://twitter.com/webpwnized](https://twitter.com/webpwnized)\n\n## Tutorials\n\n* **YouTube**: [https://www.youtube.com/user/webpwnized](https://www.youtube.com/user/webpwnized)\n\n## Installation on Docker\n\nThe following video tutorials explain how to bring up Mutillidae on a set of 5 containers running Apache/PHP, MySQL, OpenLDAP, PHPMyAdmin, and PHPLDAPAdmin:\n* **YouTube**: [How to Install Docker on Ubuntu](https://www.youtube.com/watch?v=Y_2JVREtDFk)\n* **YouTube**: [How to Run Mutillidae on Docker](https://www.youtube.com/watch?v=9RH4l8ff-yg)\n\n## TLDR\n\n```bash\ngit clone https://github.com/webpwnized/mutillidae-docker.git\ncd mutillidae-docker\ndocker compose -f .build/docker-compose.yml up --build --detach\n```\n\nGenerate the database with the first link in the warning webpage.\n\n## Important Information\n\nThe web site assumes the user will access the site using domain mutillidae.localhost. The domain can be configured in the users local hosts file.\n\n## Instructions\n\nThere are five containers in this project. \n\n- **www** - Apache, PHP, Mutillidae source code. The web site is exposed on ports 80,443, and 8080.\n- **database** - The MySQL database. The database is not exposed externally, but feel free to modify the docker file to expose the database.\n- **database_admin** - The PHPMyAdmin console. The console is exposed on port 81.\n- **ldap** - The OpenLDAP directory. The directory is exposed on port 389 to allow import of the mutillidae.ldif file.\n- **ldap_admin** - The PHPLDAPAdmin console. The console is exposed on port 82.\n\nThe Dockerfile files in each directory contain the instructions to build each container. The docker-compose.yml file contains the instructions to set up networking for the container, create volumes, and kick off the builds specified in the Dockerfile files.\n\n### Building the Containers\n\nTo build the containers, if necessary, and bring the containers up, run the following command.\n\n```bash\ngit clone https://github.com/webpwnized/mutillidae-docker.git\ncd mutillidae-docker\ndocker compose -f .build/docker-compose.yml up --build --detach\n```\n### Website URL\n\nThe web application should be running at localhost\n\n[http://127.0.0.1/](http://127.0.0.1/)\n\nNote: The first time the webpage is accessed, a warning webpage will be displayed referencing the database cannot be found. This is the expected behaviour. Just use the link to \"rebuild\" the database and it will start working normally.\n\n## TMI\n\n### Running Services\n\nOnce the containers are running, the following services are available on localhost.\n\n- Port 80, 8080: Mutillidae HTTP web interface\n- Port 81: MySQL Admin HTTP web interface\n- Port 82: LDAP Admin web interface\n- Port 443: HTTPS web interface\n- Port 389: LDAP interface\n\n### Using a script to build the database\n\nAlternatively, you can trigger the database build.\n\n```bash\n# Requesting Mutillidae database be built.\ncurl http://127.0.0.1/set-up-database.php;\n```\n\n### Populating the LDAP database\n\nThe LDAP database is empty upon build. Add users to the LDAP database using the following command.\n\n```bash\n# Install LDAP Utilities including ldapadd\nsudo apt-get update\nsudo apt-get install -y ldap-utils\n\n# Add users to the LDAP database\nldapadd -c -x -D \"cn=admin,dc=mutillidae,dc=localhost\" -w mutillidae -H ldap://localhost:389 -f .build/ldap/configuration/ldif/mutillidae.ldif\n```\n\n### Using a script to test the web interface\n\nYou can test if the web site is responsive\n\n```bash\n# This should return the index.php home page content\ncurl http://127.0.0.1:8888/;\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebpwnized%2Fmutillidae-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwebpwnized%2Fmutillidae-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebpwnized%2Fmutillidae-docker/lists"}