A set of vulnerable PHP scripts used to test w3af's vulnerability detection features.
The main repository for the w3af project can be found here.
The easiest way to use w3af-moth is to start a docker container:
sudo docker run -p 80:80 -p 2222:22 andresriancho/w3af-mothAnd then add the following lines to your /etc/hosts file:
127.0.0.1 intranet
127.0.0.1 default
127.0.0.1 moth
Please note that you can build the docker image yourself:
sudo docker build -t andresriancho/w3af-moth .Or simply get it from the registry:
sudo docker pull andresriancho/w3af-mothUse SSH to connect to moth with root and MxqQt6iKUP6igE as password:
ssh root@127.0.0.1 -p 2222Moth was born as a test environment for the w3af project
can be found here. The code that lives in this repository
was usually bundled in a Virtual Machine and used from there.
After years of development I decided to move most of the features provided by this code to two different repositories:
The decision was made while writing unittests for w3af, which needed to run easily on our CI system,
and w3af-moth wasn't designed to be used in that way (too many custom Apache configs, ugly PHP
configs, etc).
Django-moth, received most of the attention and code. This is the repository which holds most of the test
cases for the w3af framework.
PHP-moth is a much smaller test suite which only contains test scripts for PHP-specific vulnerabilities.
While you can still use this repository for testing your scanner, education or any other purpose, I don't guarantee that I'll fix bugs, issues, or improve it in any way.