From Felipe Martins

Note that this post intends to show only vulnerable applications used to be exploited, not the tools used to exploit them.

Interesting that the goal is to setup an environment that is vulnerable in order to test out the web penetration tools. I guess I have become so used to things being the other way around (setting up attack tools to test vulnerabilities of an environment) that this seems like a novel idea to me.