A set of vulnerable PHP scripts used to test w3af's vulnerability detection features.
The easiest way to use
w3af-moth is to start a docker container:
sudo docker run -p 80:80 -p 2222:22 andresriancho/w3af-moth
And then add the following lines to your
127.0.0.1 intranet 127.0.0.1 default 127.0.0.1 moth
Please note that you can build the docker image yourself:
sudo docker build -t andresriancho/w3af-moth .
Or simply get it from the registry:
sudo docker pull andresriancho/w3af-moth
Use SSH to connect to
MxqQt6iKUP6igE as password:
ssh email@example.com -p 2222
After years of development I decided to move most of the features provided by this code to two different repositories:
The decision was made while writing unittests for
w3af, which needed to run easily on our CI system,
w3af-moth wasn't designed to be used in that way (too many custom Apache configs, ugly PHP
Django-moth, received most of the attention and code. This is the repository which holds most of the test
cases for the
PHP-moth is a much smaller test suite which only contains test scripts for PHP-specific vulnerabilities.
While you can still use this repository for testing your scanner, education or any other purpose, I don't guarantee that I'll fix bugs, issues, or improve it in any way.