Examples

AttackMap uses small example applications to validate scanner behavior and show believable output.

Current Example Apps

`webhook-billing-demo`

This example is designed to demonstrate:

a public webhook attack surface
secret-like environment usage
a direct database interaction
an outbound integration

Expected themes in output:

webhook findings
route-to-database risk
third-party integration trust boundary

`flask-admin-demo`

This example is designed to demonstrate:

an auth boundary
a privileged admin route
direct database access from routes
outbound audit or service calls

Expected themes in output:

admin route exposure
authentication boundary risk
input-to-database abuse

How To Run

attackmap examples/webhook-billing-demo
attackmap examples/flask-admin-demo

What Makes A Good Demo App

small enough to read in a minute or two
uses realistic framework patterns
clearly exposes one or two important trust boundaries
triggers meaningful findings and at least a couple of attack paths

Future Example Ideas

Express app with weak auth middleware
FastAPI app with nested routers and admin routes
upload flow with risky parser behavior
background job or webhook chain into a datastore

Migrated from https://gitlab.com/matthewd.xyzAI/AttackMap/-/wikis/Examples.

Examples

Examples

Current Example Apps

webhook-billing-demo

flask-admin-demo

How To Run

What Makes A Good Demo App

Future Example Ideas

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally

`webhook-billing-demo`

`flask-admin-demo`