OWASP-focused web vulnerability scanner with vulnerable and fixed Flask apps for lab exercises. Independent of Microsoft Presidio (a data-anonymization toolkit).
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
presidio-hardened-vuln-scanner
Web application vulnerability scanner with a deliberately vulnerable Flask app and its hardened counterpart. Used in Experiment 3 of PRES-EDU-SEC-101.
Warning:
vulnerable_app/contains intentional security flaws. Never deploy it outside a local development environment.
Setup
git clone https://github.com/presidio-v/presidio-hardened-vuln-scanner.git
cd presidio-hardened-vuln-scanner
pip install -r requirements.txt
Phase A — Static Analysis
bandit -r vulnerable_app/ -f json -o reports/bandit_report.json -ll
bandit -r vulnerable_app/ -f txt
pip-audit --requirement vulnerable_app/requirements.txt \
--output reports/pip_audit.json --format json
python report.py --phase static
Expected findings: hardcoded secret key, eval, insecure subprocess, MD5 hashing.
Phase B — Dynamic Scanning
cd vulnerable_app && python app.py &
cd ..
python scanner.py --target http://localhost:5000 \
--checks sqli xss csrf auth headers \
--output reports/dynamic_report.json
python report.py --phase dynamic
Expected findings: SQL injection, reflected XSS, missing CSRF token, missing headers.
Phase C — Manual Exploitation
python exploit.py --vuln sqli \
--payload "' OR '1'='1" \
--target http://localhost:5000
python exploit.py --vuln xss \
--payload "<script>alert('XSS')</script>" \
--target http://localhost:5000
Phase D — Fix and Verify
kill %1
cd fixed_app && python app.py --port 5001 2>/dev/null || python app.py &
cd ..
bandit -r fixed_app/ -f txt
python scanner.py --target http://localhost:5001 \
--checks sqli xss csrf auth headers \
--output reports/dynamic_report_fixed.json
python report.py --compare vulnerable fixed
What to Measure
- Findings before fix: count by severity (HIGH / MEDIUM / LOW)
- Findings after fix: should be zero HIGH
- Takeaway: static + dynamic analysis find different vulnerability classes
License
MIT
SDLC
This repository is developed under the Presidio hardened-family SDLC: https://github.com/presidio-v/presidio-hardened-docs/blob/main/sdlc/sdlc-report.md.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file presidio_hardened_vuln_scanner-0.1.0.tar.gz.
File metadata
- Download URL: presidio_hardened_vuln_scanner-0.1.0.tar.gz
- Upload date:
- Size: 17.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
04c4d926ba6cd275b21379b8fa8b5249f37643698963e7c68d7f13164fd5afce
|
|
| MD5 |
31fa4929f4102382867e8dd1cd0e516b
|
|
| BLAKE2b-256 |
730ec0faf13b3e685cfebb07a6c6a905225c97ce37cdf8d2fcdb529537dd63fa
|
Provenance
The following attestation bundles were made for presidio_hardened_vuln_scanner-0.1.0.tar.gz:
Publisher:
publish.yml on presidio-v/presidio-hardened-vuln-scanner
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
presidio_hardened_vuln_scanner-0.1.0.tar.gz -
Subject digest:
04c4d926ba6cd275b21379b8fa8b5249f37643698963e7c68d7f13164fd5afce - Sigstore transparency entry: 1791797905
- Sigstore integration time:
-
Permalink:
presidio-v/presidio-hardened-vuln-scanner@71ee0d6839469367ed419bf333731d95b17be883 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/presidio-v
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@71ee0d6839469367ed419bf333731d95b17be883 -
Trigger Event:
push
-
Statement type:
File details
Details for the file presidio_hardened_vuln_scanner-0.1.0-py3-none-any.whl.
File metadata
- Download URL: presidio_hardened_vuln_scanner-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1bb3ed496570c26c17c7cdc0c0d06c8ba7821f66fae0a8c46495269a8956c6dd
|
|
| MD5 |
d2d70b745e57d461aa38e92149b65093
|
|
| BLAKE2b-256 |
e270339d64bead6ebd8d182f28a44fca0c56020afa48a559f7b1246a37336662
|
Provenance
The following attestation bundles were made for presidio_hardened_vuln_scanner-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on presidio-v/presidio-hardened-vuln-scanner
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
presidio_hardened_vuln_scanner-0.1.0-py3-none-any.whl -
Subject digest:
1bb3ed496570c26c17c7cdc0c0d06c8ba7821f66fae0a8c46495269a8956c6dd - Sigstore transparency entry: 1791799054
- Sigstore integration time:
-
Permalink:
presidio-v/presidio-hardened-vuln-scanner@71ee0d6839469367ed419bf333731d95b17be883 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/presidio-v
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@71ee0d6839469367ed419bf333731d95b17be883 -
Trigger Event:
push
-
Statement type:
