A set of vulnerable PHP scripts used to test w3af's vulnerability detection features.
The easiest way to use
w3af-moth is to start a docker container:
sudo docker run -p 80:80 -p 2222:22 andresriancho/w3af-moth
And then add the following lines to your
127.0.0.1 intranet 127.0.0.1 default 127.0.0.1 moth
Please note that you can build the docker image yourself:
sudo docker build -t andresriancho/w3af-moth .
Or simply get it from the registry:
sudo docker pull andresriancho/w3af-moth
Use SSH to connect to
MxqQt6iKUP6igE as password:
ssh email@example.com -p 2222
After years of development I decided to move most of the features provided by this code to two different
The decision was made while writing unittests for
w3af, which needed to run easily on our CI system,
w3af-moth wasn't designed to be used in that way (too many custom Apache configs, ugly PHP
Django-moth, received most of the attention and code. This is the repository which holds most of the test
cases for the
PHP-moth is a much smaller test suite which only contains test scripts for PHP-specific vulnerabilities.
While you can still use this repository for testing your scanner, education or any other purpose, I
don't guarantee that I'll fix bugs, issues, or improve it in any way.