Home
Softono
presidio-hardened-vuln-scanner

presidio-hardened-vuln-scanner

Open source MIT Python
GitHub
46
Stars
1
Forks
13
Issues
0
Watchers
1 week
Last Commit
Vulnerability Scanning

About presidio-hardened-vuln-scanner

presidio-hardened-vuln-scanner is an educational web application security testing toolkit that pairs an intentionally vulnerable Flask app with a hardened version. It supports four phases of analysis: static scanning with Bandit and pip-audit to detect issues like hardcoded secrets, eval usage, insecure subprocess calls, and weak hashing; dynamic scanning via a custom scanner.py that checks for SQL injection, cross-site scripting, missing CSRF tokens, authentication flaws, and insecure HTTP headers; manual exploitation using exploit.py with configurable payloads for SQLi and XSS; and a fix-and-verify phase that rescans the hardened app and compares results. A report.py utility aggregates findings and generates before-and-after comparison reports. The toolkit is designed for Experiment 3 of the PRES-EDU-SEC-101 curriculum, demonstrating how static and dynamic analysis catch different vulnerability classes. Expected baseline findings include hardcoded secret keys, MD5 hashing, SQL injection, reflected XSS, and

Platforms

Web Self-hosted

Languages

Python

Links

Source Code
p
Published by
presidio-v
Visit View Profile

README.md

View on GitHub

presidio-hardened-vuln-scanner

Web application vulnerability scanner with a deliberately vulnerable Flask app and its hardened counterpart. Used in Experiment 3 of PRES-EDU-SEC-101.

Warning: vulnerable_app/ contains intentional security flaws. Never deploy it outside a local development environment.

Setup

git clone https://github.com/presidio-v/presidio-hardened-vuln-scanner.git
cd presidio-hardened-vuln-scanner
pip install -r requirements.txt

Phase A — Static Analysis

bandit -r vulnerable_app/ -f json -o reports/bandit_report.json -ll
bandit -r vulnerable_app/ -f txt
pip-audit --requirement vulnerable_app/requirements.txt \
          --output reports/pip_audit.json --format json
python report.py --phase static

Expected findings: hardcoded secret key, eval, insecure subprocess, MD5 hashing.

Phase B — Dynamic Scanning

cd vulnerable_app && python app.py &
cd ..
python scanner.py --target http://localhost:5000 \
                  --checks sqli xss csrf auth headers \
                  --output reports/dynamic_report.json
python report.py --phase dynamic

Expected findings: SQL injection, reflected XSS, missing CSRF token, missing headers.

Phase C — Manual Exploitation

python exploit.py --vuln sqli \
                  --payload "' OR '1'='1" \
                  --target http://localhost:5000

python exploit.py --vuln xss \
                  --payload "<script>alert('XSS')</script>" \
                  --target http://localhost:5000

Phase D — Fix and Verify

kill %1
cd fixed_app && python app.py --port 5001 2>/dev/null || python app.py &
cd ..
bandit -r fixed_app/ -f txt
python scanner.py --target http://localhost:5001 \
                  --checks sqli xss csrf auth headers \
                  --output reports/dynamic_report_fixed.json
python report.py --compare vulnerable fixed

What to Measure

  • Findings before fix: count by severity (HIGH / MEDIUM / LOW)
  • Findings after fix: should be zero HIGH
  • Takeaway: static + dynamic analysis find different vulnerability classes

License

MIT

SDLC

This repository is developed under the Presidio hardened-family SDLC: https://github.com/presidio-v/presidio-hardened-docs/blob/main/sdlc/sdlc-report.md.