-
Notifications
You must be signed in to change notification settings - Fork 389
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Empty scan reports #79
Comments
@Kamerabuilt If there has no vulnerability identified by the tool, it won't show anything on UI. We will add some message on UI if there has no bug. |
^^ Thanks, but then, how do I know if its really empty or that there is some bug? Can I access the reports through another method (via CLI for example)? |
I scanned a site that I know has many vulns, thats why I have doubts |
@Kamerabuilt Reports can be accessible from Reports tab. Also which site did you try to scan? Did Astra identify bug? |
But all scans are empty. Is there a way to access them through the command line to make sure if they are really empty? I tried on a tool called Pixi: https://github.com/thedeadrobots/pixi It has an API built-in. Also, I cannot know if bugs were found if the report is empty. |
@Kamerabuilt Can you share the logs here? Logs file can be found at /logs/scan.log |
am gonna reinstall it from scratch and try again, if it still not working, I will upload the logs. Do you have an app (maybe DVWA) that you know 100% will report bugs with Astra? |
Scan status is completed. /logs/scan.log is empty Scanning report is empty as well. |
@Kamerabuilt Astra is a rest API security testing framework. It only scans REST API, not the web app. |
Did more testing, am still trying to figure out whats happening (on APIs and not just GET URLs), but one thing for sure is if a scan is empty, it should mention something in the reports page. But why the scan log is empty? should it not have some debugging info, or inform us whether the DB is working, etc? |
@Kamerabuilt We are logging everything on the logs (logs/scan.log). If there have no logs generated, that means something is not working properly. Can you share your OS, python & flask version? |
Sure: |
@Kamerabuilt Are you using astra through docker? |
^^ yes. Any ideas what could it be? |
If you are using docker, the logs can be found at /app/logs/scan.log. Please share that with us. |
Hi, found the logs, can I send them to you by email? |
@Kamerabuilt You can share it here! |
172.17.0.1 - - [10/Dec/2018 16:38:52] "GET / HTTP/1.1" 200 - |
hmm the API / Application I am using does not have rate limiting, not sure whats that exception based on. Any ideas? |
I think this is an issue. We checked our web api project before, Astra was displaying 5 to 6 security issues. However then we deployed a new build on our staging server, we'd nothing fixed for those security issues, but the report now comes up clean. Not sure want is the issue. |
@divyang-desai I will look into this. Can you share the logs? |
@Kamerabuilt I will check that |
@sagarpo Find logs from scan.log as below
|
@divyang-desai Can you share the test URL that you tried? |
Any feedback on this yet? Still same issue (you can test it with pixi, it has a built-in API service, https://github.com/thedeadrobots/pixi) : Sqlmap is running |
@Kamerabuilt Give me some time. I am checking this. |
@Kamerabuilt how did you get the docker logs? can you please share the command and navigation path? |
I am able to scan, Iget a status message, and I see the scan in progress, however, when the scan is completed, and I click on it, I am simply getting a completely blank page with absolutely no info.
If the scan has no results, it should say so.
If it does have output, well then there is a bug and I am not sure what to do.
All it says is "Scanning report" on the top, and nothing else.
The text was updated successfully, but these errors were encountered: