presidio-hardened-vuln-scanner
presidio-hardened-vuln-scanner is an educational web application security testing toolkit that pairs an intentionally vulnerable Flask app with a hardened version. It supports four phases of analysis: static scanning with Bandit and pip-audit to detect issues like hardcoded secrets, eval usage, insecure subprocess calls, and weak hashing; dynamic scanning via a custom scanner.py that checks for SQL injection, cross-site scripting, missing CSRF tokens, authentication flaws, and insecure HTTP headers; manual exploitation using exploit.py with configurable payloads for SQLi and XSS; and a fix-and-verify phase that rescans the hardened app and compares results. A report.py utility aggregates findings and generates before-and-after comparison reports. The toolkit is designed for Experiment 3 of the PRES-EDU-SEC-101 curriculum, demonstrating how static and dynamic analysis catch different vulnerability classes. Expected baseline findings include hardcoded secret keys, MD5 hashing, SQL injection, reflected XSS, and