This material is work-in-progress ... Do not follow instructions here until this notice is removed. (Last edited by Sertonix on 17 Nov 2023.)

NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application. It's similar to DVWA.

Install lighttpd, PHP, and MySql

Basic Installation

For installing the additional packages first activate community packages and update the package index

Install the required packages:

# apk add lighttpd php82 fcgi php82-cgi

Configure Lighttpd

Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:

Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.

Start lighttpd service and add it to default runlevel

# rc-service lighttpd start # rc-update add lighttpd default

Install extra packages:

apk add php-mysql mysql mysql-client

Installing and configuring Mutillidae

Create the a folder named webapps

mkdir -p /usr/share/webapps/

Download the source archive and unpack it

cd /usr/share/webapps/ wget https://sourceforge.net/projects/mutillidae/files/mutillidae-project/LATEST-mutillidae-2.3.14.zip^{[Dead Link]}

Unpack the archive and remove it

unzip LATEST-mutillidae-2.3.14.zip rm LATEST-mutillidae-2.3.14.zip

Change the folder permissions

chmod -R 777 /usr/share/webapps/

Create a symlinks to the folder mutillidae

ln -s /usr/share/webapps/mutillidae/ /var/www/localhost/htdocs/mutillidae