search

flipkart-incubator / Astra

Automated Security Testing For REST API's
Apache License 2.0
2.49k stars 396 forks source link

Report isn't generated #88

Closed AmandaBSobrinho closed 5 years ago

AmandaBSobrinho commented 5 years ago

I installed Astra on Kali Linux 2018.4, and after the scan is finished on CLI (the message "Scan has been completed" shows up), a tab opens on Firefox and I believe it should show the report and the results. However, it shows the message "NoProduct NameurlStatus", and no report. What am I doing wrong? The images with this process follow.

astra-1

astra-2

This is the scan.log file:

astra-3

sagarpo commented 5 years ago

@AmandaBSobrinho Can you try the same from the web interface?

AmandaBSobrinho commented 5 years ago

With the web interface, I also have no response after the scan has supposedly started. When I click "Submit" after informing the Product Name, the URL and the Method (the Headers and the Body are left blank), I get a status.

captura de tela de 2019-02-05 08-58-33

After clicking "OK", nothing happens. There is no information about the scan, if it has started, ended or anything.

captura de tela de 2019-02-05 09-06-10

Clicking on "Reports" gives me the same answer I got before with the CLI.

captura de tela de 2019-02-05 09-04-43

Am I using the Web Interface incorrectly?

sagarpo commented 5 years ago

Are you using Docker version? Also, can you check if your mongo server is running properly ?

AmandaBSobrinho commented 5 years ago

No, I'm not using docker version, I installed it with pip (sudo pip install -r requirements.txt), because I wasn't able to make it work with Docker. I first run nohup mongod &, and then netstat -ntlvp, which gives me the answer:

captura de tela de 2019-02-05 10-53-54

Then, I run the command to start Astra (python api.py, inside the API folder).

AmandaBSobrinho commented 5 years ago

Oh, and this error is showing up on terminal after I start the scan on the web interface. Maybe it can help.

captura de tela de 2019-02-05 11-18-27

sagarpo commented 5 years ago

@AmandaBSobrinho Can you share your flask,python and mongo version?

AmandaBSobrinho commented 5 years ago

Sure! Here it is:

Flask version: 0.10.1 Python version: 2.7.15+ Mongo version: v3.4.18

sagarpo commented 5 years ago

@AmandaBSobrinho This might be a problem with flask version. Can you update the flask version and try?

lucky73 commented 5 years ago

I think your mongo is not running. Please check the status for the same. you can see before and after mongod server start and stop. 4 1 2 3

AmandaBSobrinho commented 5 years ago

Hi! So, I tried starting MongoDB with "service mongdb start", but it's still not working. In the image below, we can see that MongoDB has been started and is running on port 27017.

captura de tela de 2019-03-06 16-56-23

Then, I run "python api.py" to start the Web Interface, and I click on "Submit" to start the scan.

captura de tela de 2019-03-06 16-59-35

Again, nothing shows up and when I click on "Reports", I still can't see anything.

captura de tela de 2019-03-06 17-00-06

The terminal where I ran "python api.py" shows the same error I mentioned before:

captura de tela de 2019-03-06 17-01-48

AmandaBSobrinho commented 5 years ago

@sagarpo Thank you so much for your suggestion, that was the problem exactly! I ran "pip install --upgrade Flask" and everything worked out just fine! @lucky73 thanks for your help as well!

SIDD08 commented 5 years ago

I tested 25 web services and I am getting the same error on 8 of them. I am using the docker version. Any help would be appreciated