Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/webpwnized/mutillidae-dockerhub

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
https://github.com/webpwnized/mutillidae-dockerhub

application cyber-security cybersecurity docker docker-compose environment lab learning-labs mysql owasp owasp-top-10 security training web

Last synced: 3 days ago
JSON representation

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.

Host: GitHub
URL: https://github.com/webpwnized/mutillidae-dockerhub
Owner: webpwnized
Created: 2021-09-08T00:18:45.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-05-17T17:04:27.000Z (6 months ago)
Last Synced: 2024-05-18T17:55:07.438Z (6 months ago)
Topics: application, cyber-security, cybersecurity, docker, docker-compose, environment, lab, learning-labs, mysql, owasp, owasp-top-10, security, training, web
Language: Shell
Homepage:
Size: 23.4 KB
Stars: 10
Watchers: 4
Forks: 9
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# **OWASP Mutillidae II**

## Project Announcements

* **Twitter**: [https://twitter.com/webpwnized](https://twitter.com/webpwnized)

## Tutorials

* **YouTube**: [https://www.youtube.com/user/webpwnized](https://www.youtube.com/user/webpwnized)

## Installation on Docker

The following video tutorials explain how to bring up Mutillidae on a set of 5 containers running Apache/PHP, MySQL, OpenLDAP, PHPMyAdmin, and PHPLDAPAdmin:

* [How to Install Docker on Ubuntu](https://www.youtube.com/watch?v=Y_2JVREtDFk)
* [How to Run Mutillidae from DockerHub Images](https://www.youtube.com/watch?v=c1nOSp3nagw)

## TL;DR

docker-compose up -d

## Important Information

The website assumes the user will access the site using the domain `mutillidae.localhost`. The domain can be configured in the user's local hosts file.

## Instructions

There are five containers in this project:

- **www**: Apache, PHP, Mutillidae source code. The website is exposed on ports 80, 443, and 8080.
- **database**: The MySQL database. The database is not exposed externally, but you can modify the Dockerfile to expose the database.
- **database_admin**: The PHPMyAdmin console. The console is exposed on port 81.
- **ldap**: The OpenLDAP directory. The directory is exposed on port 389 to allow import of the `mutillidae.ldif` file. This file is found in the ***res*** resourses folder of the project.
- **ldap_admin**: The PHPLDAPAdmin console. The console is exposed on port 82.

To download the containers, if necessary, and bring them up, run the following command:

docker-compose up -d

Once the containers are running, the following services are available on `localhost`:

- **Port 80, 8080**: Mutillidae HTTP web interface
- **Port 81**: MySQL Admin HTTP web interface
- **Port 82**: LDAP Admin web interface
- **Port 443**: HTTPS web interface
- **Port 389**: LDAP interface

These services are connected using two networks, `datanet` and `ldapnet`, to separate the database and LDAP traffic. Volumes `ldap_data` and `ldap_config` are used to persist LDAP data and configuration.