NameError: global name 'vulnerable' is not defined in xxe.py

[devcrew]

From a current pull of the repo, and running astra.py with the -u parameter it fails after starting the XXE server.

Console output: [+]https://example.com is vulnerable to cross domain attack
[+]https://example.com is vulnerable to broken Authentication and session management
Traceback (most recent call last): File "astra.py", line 328, in main() File "astra.py", line 319, in main scan_single_api(url, method, headers, body, "F", scanid) File "astra.py", line 199, in scan_single_api modules_scan(url,method,headers,body,scanid) File "astra.py", line 152, in modules_scan xxe.xxe_test(url,method,headers,body,scanid) File "~/dev/Astra/modules/xxe.py", line 109, in xxe_test self.send_request(url,method,temp_headers,xxe_payloads,scanid)
File "~/dev/Astra/modules/xxe.py", line 92, in send_request if vulnerable is True: NameError: global name 'vulnerable' is not defined

Content of logs/scan.log: Origin headers: ['https://attackersite.com', 'example.com.attackersite.com'] List of origin headers: ['https://attackersite.com', 'example.com.attackersite.com'] Scan completed for cross domain attack: https://example.com sqlmap is started SQLi - Scan started. API is not vulnerable to sql injection SQLi - Task deleted: bdedfa8ea206d546 XSS: No GET param found! XXE: Server started.

Looking at xxe.py it appears that the start_listening function is either not called, or fails and therefore the variable vulnerable declared with global scope is not instantiated.

[sagarpo]

@devcrew: I will fix this soon.