From a current pull of the repo, and running astra.py with the -u parameter it fails after starting the XXE server.
Console output:
[+]https://example.com is vulnerable to cross domain attack
[+]https://example.com is vulnerable to broken Authentication and session management
Traceback (most recent call last):
File "astra.py", line 328, in
main()
File "astra.py", line 319, in main
scan_single_api(url, method, headers, body, "F", scanid)
File "astra.py", line 199, in scan_single_api
modules_scan(url,method,headers,body,scanid)
File "astra.py", line 152, in modules_scan
xxe.xxe_test(url,method,headers,body,scanid)
File "~/dev/Astra/modules/xxe.py", line 109, in xxe_test
self.send_request(url,method,temp_headers,xxe_payloads,scanid)
File "~/dev/Astra/modules/xxe.py", line 92, in send_request
if vulnerable is True:
NameError: global name 'vulnerable' is not defined
Content of logs/scan.log:
Origin headers: ['https://attackersite.com', 'example.com.attackersite.com']
List of origin headers: ['https://attackersite.com', 'example.com.attackersite.com']
Scan completed for cross domain attack: https://example.com
sqlmap is started
SQLi - Scan started.
API is not vulnerable to sql injection
SQLi - Task deleted: bdedfa8ea206d546
XSS: No GET param found!
XXE: Server started.
Looking at xxe.py it appears that the start_listening function is either not called, or fails and therefore the variable vulnerable declared with global scope is not instantiated.
From a current pull of the repo, and running astra.py with the -u parameter it fails after starting the XXE server.
Console output: [+]https://example.com is vulnerable to cross domain attack
main()
File "astra.py", line 319, in main
scan_single_api(url, method, headers, body, "F", scanid)
File "astra.py", line 199, in scan_single_api
modules_scan(url,method,headers,body,scanid)
File "astra.py", line 152, in modules_scan
xxe.xxe_test(url,method,headers,body,scanid)
File "~/dev/Astra/modules/xxe.py", line 109, in xxe_test
self.send_request(url,method,temp_headers,xxe_payloads,scanid)
[+]https://example.com is vulnerable to broken Authentication and session management
Traceback (most recent call last): File "astra.py", line 328, in
File "~/dev/Astra/modules/xxe.py", line 92, in send_request if vulnerable is True: NameError: global name 'vulnerable' is not defined
Content of logs/scan.log: Origin headers: ['https://attackersite.com', 'example.com.attackersite.com'] List of origin headers: ['https://attackersite.com', 'example.com.attackersite.com'] Scan completed for cross domain attack: https://example.com sqlmap is started SQLi - Scan started. API is not vulnerable to sql injection SQLi - Task deleted: bdedfa8ea206d546 XSS: No GET param found! XXE: Server started.
Looking at xxe.py it appears that the start_listening function is either not called, or fails and therefore the variable vulnerable declared with global scope is not instantiated.