diff --git a/README.md b/README.md index 0a5b819b..e4280700 100644 --- a/README.md +++ b/README.md @@ -3,46 +3,48 @@ OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application designed for web-security enthusiasts. It serves as a target for learning and practicing web security skills. Mutillidae can be easily installed on Linux and Windows systems using LAMP, WAMP, and XAMMP stacks. Additionally, it comes pre-installed on SamuraiWTF and OWASP BWA, and the existing version can be updated on these platforms. With dozens of vulnerabilities and hints to guide the user, Mutillidae provides an accessible web hacking environment suitable for labs, security enthusiasts, classrooms, CTFs, and vulnerability assessment tool targets. It has been widely used in graduate security courses, corporate web security training, and as an assessment target for vulnerability assessment software. OWASP Mutillidae II provides a comprehensive platform for learning and practicing web security techniques in a controlled environment. -## Project Announcements +## $\color{red}{Project\ Announcements\}$ > [!TIP] > Stay updated with project announcements on Twitter: [webpwnized](https://twitter.com/webpwnized) -## Tutorials +## $\color{Melon}{Tutorials\}$ > [!TIP] > Explore our tutorials on YouTube: [webpwnized YouTube channel](https://www.youtube.com/user/webpwnized) -## Installation Guides +## $\color{Aquamarine}{Installation\ Guides\}$ -### Location of source code +Please check the installation steps in [README-INSTALLATION.md](README-INSTALLATION.md) + +## $\color{CarnationPink}{Location\ of\ source\ code\}$ > [!IMPORTANT] > Note carefully that the source code ishas moved to the ***src*** project directory. **Be careful to adjust accordingly.** -### LAMP Stack +## $\color{Goldenrod}{LAMP\ Stack\}$ > [!IMPORTANT] > Note carefully that the source code ishas moved to the ***src*** project directory. **Be careful to adjust accordingly.** If you have a LAMP stack set up already, you can skip directly to installing Mutillidae. Check out our [comprehensive installation guide](README-INSTALLATION.md) for detailed instructions. Watch the video tutorial: [How to Install Mutillidae on LAMP Stack](https://www.youtube.com/watch?v=TcgeRab7ayM) -### Docker +## $\color{ProcessBlue}{Docker\}$ > [!NOTE] > Note carefully that the source code ishas moved to the ***src*** project directory. **Be careful to adjust accordingly.** -Learn how to set up Mutillidae using Docker with our video tutorials: +**Learn how to set up Mutillidae using Docker with our video tutorials:** - [How to Install Docker on Ubuntu](https://www.youtube.com/watch?v=Y_2JVREtDFk) - [How to Run Mutillidae on Docker](https://www.youtube.com/watch?v=9RH4l8ff-yg) - [How to Run Mutillidae from DockerHub Images](https://www.youtube.com/watch?v=c1nOSp3nagw) - [How to Run Mutillidae on Google Kubernetes Engine (GKE)](https://www.youtube.com/watch?v=uU1eEjrp93c) -## Usage +## $\color{Magenta}{Usage\}$ > [!TIP] > Explore a large number of video tutorials available on the [webpwnized YouTube channel](https://www.youtube.com/playlist?list=PLZOToVAK85MrsyNmNp0yyUTBXqKRTh623) for guidance on using Mutillidae. -## Key Features +## $\color{SeaGreen}{Key\ Features\}$ - Contains over 40 vulnerabilities and challenges, covering each of the OWASP Top Ten from 2007 to 2017 - Mutillidae is actually vulnerable, eliminating the need for users to enter a "magic" statement @@ -53,9 +55,79 @@ Learn how to set up Mutillidae using Docker with our video tutorials: - Widely used in graduate security courses, corporate web security training, and as an assessment target for vulnerability assessment software - Regularly updated to maintain relevance and effectiveness -### Directory Descriptions - -configurations. +## $\color{purple}{Directory\ Descriptions\}$ + +``` +. +└── src + ├── ajax + ├── classes + ├── data + ├── documentation + ├── images + │ └── gritter + ├── includes + │ └── hints + ├── javascript + │ ├── ddsmoothmenu + │ ├── gritter + │ ├── hints + │ ├── inline-initializers + │ ├── jQuery + │ │ └── colorbox + │ │ └── images + │ │ └── ie6 + │ └── on-page-scripts + ├── labs + │ └── lab-files + │ ├── click-jacking-lab-files + │ ├── client-side-control-challenge + │ ├── command-injection-lab-files + │ ├── content-security-policy + │ ├── cookie-lab-files + │ ├── cross-site-request-forgery-lab-files + │ ├── cross-site-scripting-lab-files + │ ├── dependency-check-lab-files + │ ├── file-identification-lab-files + │ ├── hydra-lab-files + │ ├── insecure-direct-object-references-lab-files + │ ├── ldap-lab-files + │ ├── local-file-inclusion-lab-files + │ ├── mutillidae-project-options + │ ├── netcat-lab-files + │ ├── nikto-lab-files + │ ├── open-redirects-lab-files + │ ├── open-ssl-lab-files + │ ├── password-cracking-lab-files + │ ├── remote-file-inclusion-lab-files + │ ├── scanning-scripts + │ ├── sql-injection-lab-files + │ ├── sqlmap-lab-files + │ ├── sslscan-lab-files + │ ├── tcpdump-lab-files + │ ├── web-application-fuzzing-values + │ │ ├── ascii + │ │ ├── databases + │ │ │ ├── mysql + │ │ │ ├── oracle + │ │ │ └── sql-server + │ │ ├── ldap + │ │ ├── operating-systems + │ │ │ ├── linux + │ │ │ └── windows + │ │ └── overflow + │ └── wireshark-lab-files + ├── passwords + ├── styles + │ ├── ddsmoothmenu + │ └── gritter + └── webservices + ├── rest + └── soap + └── lib + +67 directories +``` - `src`: Main source directory. - `ajax`: Contains files related to AJAX functionality. - `classes`: Contains PHP class files.