Public Repository

Last pushed: 3 years ago
Short Description
A Django vulnerable Web application for testing the w3af framework
Full Description

moth: Vulnerable web application

A set of vulnerable scripts which can be used for testing web application security scanners,
teaching web application security, etc.

This software should never be used in a production environment.

This is a rewrite of the PHP-based moth web application.


$ git clone
$ cd django-moth
$ pip install -r requirements.txt
$ python runserver

Then browse to .


If you're interested in using django-moth as part of a CI system, django-moth-utils will make your life easier.


The easiest way to use django-moth is to start a docker container:

sudo docker run -p 8000:8000 andresriancho/django-moth

Please note that you can build the docker image yourself:

sudo docker build -t andresriancho/django-moth .

Or simply get it from the registry:

sudo docker pull andresriancho/django-moth

Sister repository

PHP-moth is a sister repository which holds PHP-specific tests.

Docker Pull Command