flipkart-incubator / astra Goto Github PK

Hello, can I use this software to test the facebook APIs and how can I do that. From the screenshot, I see the URL is http://localhost/checkout.php, so do I need to use the API that I want to test to connect to the localhost website through a software like POSTMAN? Because I am just a beginner with APIs, so I don't know how to use this testing software.

Terminal Logs

/usr/local/lib/python2.7/site-packages/pymongo/topology.py:149: UserWarning: MongoClient opened before fork. Create MongoClient only after forking. See PyMongo's documentation for details: http://api.mongodb.org/python/current/faq.html#is-pymongo-fork-safe
  "MongoClient opened before fork. Create MongoClient only "
[+]http://pre-prod.hbfxlabs.com/core/api/v1/hbfx-insta-authentication/user/login is vulnerable to cross domain attack  
[+]http://pre-prod.hbfxlabs.com/core/api/v1/hbfx-insta-authentication/user/login is vulnerable to broken Authentication and session management  

The method verify_login() in APILogin expects a login token to be returned (1, 2 when calling fetch_logintoken(). However, fetch_logintoken() always returns None.

I'm trying to follow the instructions to get started, but I'm not getting very far. I have pulled the Mongo image and built the CLI Docker image. I'm running the service I want to test locally, and now I'm trying to run the following command, replacing <token> with a valid token I obtain ahead of time:

docker run --rm -it --link astra-mongo:mongo astra-cli -u http://docker.for.mac.localhost:8080/v1/users/me --headers '{"Authorization": "Bearer <token>"}'

I get the following stack trace:

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
    self.run()
  File "/usr/local/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "./astra.py", line 121, in modules_scan
    sqli_check(url,method,headers,body,scanid)
  File "/app/modules/sqli.py", line 116, in sqli_check
    set_option_status = set_options_list(url,method,headers,body,taskid)
  File "/app/modules/sqli.py", line 34, in set_options_list
    if options_list.status_code == 200:
AttributeError: 'NoneType' object has no attribute 'status_code'

I've also tried the same call in the Astra GUI, but I get "Broken Authentication and session management" and the API returning a 401. It's almost as if Astra is not properly sending the Authorization header.

Is there something I'm missing from the command? Am I supposed to pass the command a valid token?

There's a typo in your README.me:

"CORS misonfiguration (including CORS bypass techniques)" should be "CORS misconfiguration (including CORS bypass techniques)"

Would be useful to be able to pass the tool a Burp request file you have made.

I installed Astra on Kali Linux 2018.4, and after the scan is finished on CLI (the message "Scan has been completed" shows up), a tab opens on Firefox and I believe it should show the report and the results. However, it shows the message "NoProduct NameurlStatus", and no report. What am I doing wrong? The images with this process follow.

This is the scan.log file:

@sagarpo Performed steps and could you please let me know if am missing any information to launch astra CLI/ GUI mode
$ git clone https://github.com/flipkart-incubator/Astra

$ cd Astra

$ pip install -r requirements.txt ( Navigated to pip folder using windows OS)

I have installed below versions of Python and MongoDB
Python: 3.6.4
MongoDB shell version v3.6.4
I have run mongodb commands mongod and mongo on different command line terminals
Cloned and navigated to astra folder and executed below returns me errors
`G:\astra\Astra\API>cd ..

G:\astra\Astra>python astra.py
File "astra.py", line 36
print "[-]Failed to Parse collection"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(print "
-]Failed to Parse collection")?

G:\astra\Astra>`

G:\astra\Astra\API>python api.py File "api.py", line 58 print "Failed to update DB" ^ SyntaxError: Missing parentheses in call to 'print'. Did you mean print(print "F ailed to update DB")?

I was wondering what everyone would think about adding a "Custom HTTP Method" option for API requests.

I'm needing to run a test against a PATCH request, but there are only GET/POST/PUT/DEL options in the web UI.

The API/api.py is importing * from astra which recursively imports API/api.py, and the logic to skip the import on iterative imports:

if os.getcwd().split('/')[-1] != 'API':
    from API.api import main

isn't working. Here's the trace-back:

Traceback (most recent call last):
  File "astra.py", line 38, in <module>
    from API.api import main
  File "C:\Pentest\Astra\API\api.py", line 38, in <module>
    from astra import *
  File "C:\Pentest\Astra\astra.py", line 38, in <module>
    from API.api import main
ImportError: cannot import name main

Hi, wonderfull job inside this project!
Im wondering is there any possibilities to add HAWK authorization method into Astra authorization types that works?
I've got an internal API to ptest and wroting some sample "gateway" to authorize my requests and send them to burp. This functionality in Astra would be awesome!

I have to login to a website with Username: Admin and Password:Admin.
but the help just shows login headers login data but not the syntax.

https://www.astra-security.info/roadmap/ does not work.

I tried clicking on roadmap and the link is broken.

https://github.com/flipkart-incubator/Astra

In example 3 Declare that Astra also provides a feature to scan all the apis using Postman collection.
so I create my proper collection with postman, where I make my test scenario ( 5 URL) and now I want to test it with ASTRA, so how to proceed and think am right to build a new ASTRA docker Image ?? to run test ??

Getting exception error while running astra.py file and

Getting exception error while running API/api.py file.

Final scan result is blank

Hi - The published installation link is not working. Please check https://www.astra-security.info/installation/

I tried to get by with README but, could not get past "Failed to connect to MongoDB."

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
4926e97dab32        mongo               "docker-entrypoint.s…"   36 minutes ago      Up 36 minutes       27017/tcp           astra-mongo

Please guide

3 Issues found in the scan, but Status still showing as In Progress. How do I know that Scanning is completed or not?

1. CORS Misconfiguration
2. Broken Authentication and session management
3. Cross Site Scripting

Hi
A simple webscan keeps crashing. Here is the trace. Is there a specific version of python i should be using?

Process: Python [35505]
Path: /usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
Identifier: Python
Version: 2.7.15 (2.7.15)
Code Type: X86-64 (Native)
Parent Process: Python [34775]
Responsible: Python [35505]
User ID: 522130245

Date/Time: 2018-11-20 20:23:57.333 -0800
OS Version: Mac OS X 10.13.6 (17G65)
Report Version: 12
Anonymous UUID: 0DB45F5A-C18B-C0F5-5D43-DFB6BEDCBC7B

Time Awake Since Boot: 1200 seconds

System Integrity Protection: enabled

Crashed Thread: 0

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: Namespace OBJC, Code 0x1

Application Specific Information:
crashed on child side of fork pre-exec
objc[35505]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.

When I run a scan, I get the following error.

Process module-scan: Traceback (most recent call last): File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap self.run() File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/multiprocessing/process.py", line 114, in run self._target(*self._args, **self._kwargs) File "../astra.py", line 106, in modules_scan cors_main(url,method,headers,body,scanid) File "../modules/cors.py", line 72, in cors_main result = cors_check(origin,option_response.headers) AttributeError: 'NoneType' object has no attribute 'headers'

scanid=NONE

When I run a scan, my results are always "In Progress"
TY

Hi,

No report is generated when trying to evaluate an operation, but, a message regarding "InsecureRequestWarning" (CSRF) is shown in command line at the time the scanning is being performed. Why there is no report? Should I take the message in the command line as a valid issue? How can I solve the problem to get a complete report including the information showed in command line but in GUI (I already upgrade Flask)?

Thanks for your help

Great Work!!!

I would like to request for the authentication option in web portal, so we can test auth based API end points.

Hello. What i do wrong?
http://prntscr.com/j4s5f6

Hi Team,

What is the version of Mongodb required for an error free operation of this tool?

Hi,

Have installed all the necessary modules but when i try to run Astra i get a mongodb fail.
Anyone know what could be causing this?

Running in Docker with a MongoDB container.
Command ran:
docker run --rm -it --link astra-mongo:mongo astra-cli --method GET -u http://<hostname>:19999/api/
Results:

     	                _             
		    /\       | |            
		   /  \   ___| |_ _ __ __ _ 
		  / /\ \ / __| __| '__/ _` |
		 / ____ \__ \ |_| | | (_| |
		/_/    \_\___/\__|_|  \__,_|
		                            

              
[+]http://<hostname>:19999/api/ is vulnerable to cross domain attack  
/usr/local/lib/python2.7/site-packages/pymongo/topology.py:150: UserWarning: MongoClient opened before fork. Create MongoClient only after forking. See PyMongo's documentation for details: http://api.mongodb.org/python/current/faq.html#is-pymongo-fork-safe
  "MongoClient opened before fork. Create MongoClient only "
Failed to test Broken authentication and session management
Process module-scan:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
    self.run()
  File "/usr/local/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "./astra.py", line 121, in modules_scan
    sqli_check(url,method,headers,body,scanid)
  File "/app/modules/sqli.py", line 116, in sqli_check
    set_option_status = set_options_list(url,method,headers,body,taskid)
  File "/app/modules/sqli.py", line 34, in set_options_list
    if options_list.status_code == 200:
AttributeError: 'NoneType' object has no attribute 'status_code'

Running on Kali Linux 2019.2 and Docker 18.09.8

Cheers

I got the following error when trying to submit an URL to my local REST server:

  File "../astra.py", line 110, in modules_scan
    cors_main(url,method,headers,body,scanid)
  File "../modules/cors.py", line 69, in cors_main
    origin_headers = generate_origin(url)
  File "../modules/cors.py", line 60, in generate_origin
    postfixurl = domain_name+'.attackersite.com'
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'

As I see, in modules.cors.generate_origin, from line 59, this caused the error:

domain_name = urlparse(url).hostname
postfixurl = domain_name+'.attackersite.com'

From the urlparse's docs, the hostname return a None object if no hostname is found.
I think we need to add a validator here to check domain_name is not None.

@sagarpo I fixed the code to work with Python3, do you want it? I use Python3 and maybe a lot of people now do. It was basically some import statements and obviously the print paranthesis that I changed.

Hi!
I use postman EnvironmentVariable for storing url on collection. When I try to use this collection with Astra I've got output:
[-]Failed to detect login url. Do you want to contiune without authentication?(y/n).

Does Astra support Postman collection with EnvironmentVariable?

Thanks!
Alex.

Details from logs:

INFO:root:sqlmap is started
ERROR:root:Exception from sendrequest HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: http://127.0.0.1:8775/option/601d901a0bd4d0ed/set (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f5c547c1390>: Failed to establish a new connection: [Errno 111] Connection refused',)))

Exception raised:

Traceback (most recent call last):
  File "/usr/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
    self.run()
  File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "../astra.py", line 122, in modules_scan
    sqli_check(url,method,headers,body,scanid)
  File "../modules/sqli.py", line 119, in sqli_check
    set_option_status = set_options_list(url,method,headers,body,taskid)
  File "../modules/sqli.py", line 36, in set_options_list
    if options_list.status_code == 200:
AttributeError: 'NoneType' object has no attribute 'status_code'

Trying with a test url on localhost, but getting a bunch of errors in logs

url http://localhost:3000/api/account.json
total_scan 1
scanid cfe2f0d1050bc56427e8644a593f7b7e
name dadasd
Traceback (most recent call last):
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 2000, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 1991, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 1567, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 1988, in wsgi_app
    response = self.full_dispatch_request()
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 1641, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 1544, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 1639, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/app.py", line 1625, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/Users/sumitm/src/Astra/API/api.py", line 154, in view_dashboard
    return render_template('{}'.format(page))
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/templating.py", line 133, in render_template
    return _render(ctx.app.jinja_env.get_or_select_template(template_name_or_list),
  File "/Library/Python/2.7/site-packages/Jinja2-2.8.1-py2.7.egg/jinja2/environment.py", line 851, in get_or_select_template
    return self.get_template(template_name_or_list, parent, globals)
  File "/Library/Python/2.7/site-packages/Jinja2-2.8.1-py2.7.egg/jinja2/environment.py", line 812, in get_template
    return self._load_template(name, self.make_globals(globals))
  File "/Library/Python/2.7/site-packages/Jinja2-2.8.1-py2.7.egg/jinja2/environment.py", line 774, in _load_template
    cache_key = self.loader.get_source(self, name)[1]
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/templating.py", line 57, in get_source
    return self._get_source_fast(environment, template)
  File "/Library/Python/2.7/site-packages/Flask-0.11.1-py2.7.egg/flask/templating.py", line 85, in _get_source_fast
    raise TemplateNotFound(template)
TemplateNotFound: favicon.ico

Exception in thread Thread-1:
Traceback (most recent call last):
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/Library/Python/2.7/site-packages/werkzeug/serving.py", line 762, in inner
    srv.serve_forever()
  File "/Library/Python/2.7/site-packages/werkzeug/serving.py", line 597, in serve_forever
    HTTPServer.serve_forever(self)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 238, in serve_forever
    self._handle_request_noblock()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 297, in _handle_request_noblock
    self.handle_error(request, client_address)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 295, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 321, in process_request
    self.finish_request(request, client_address)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 334, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 655, in __init__
    self.handle()
  File "/Library/Python/2.7/site-packages/werkzeug/serving.py", line 290, in handle
    rv = BaseHTTPRequestHandler.handle(self)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/BaseHTTPServer.py", line 340, in handle
    self.handle_one_request()
  File "/Library/Python/2.7/site-packages/werkzeug/serving.py", line 325, in handle_one_request
    return self.run_wsgi()
  File "/Library/Python/2.7/site-packages/werkzeug/serving.py", line 267, in run_wsgi
    execute(self.server.app)
  File "/Library/Python/2.7/site-packages/werkzeug/serving.py", line 258, in execute
    write(data)
  File "/Library/Python/2.7/site-packages/werkzeug/serving.py", line 233, in write
    self.send_header('Server', self.version_string())
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/BaseHTTPServer.py", line 401, in send_header
    self.wfile.write("%s: %s\r\n" % (keyword, value))
IOError: [Errno 32] Broken pipe

I am able to scan, Iget a status message, and I see the scan in progress, however, when the scan is completed, and I click on it, I am simply getting a completely blank page with absolutely no info.

If the scan has no results, it should say so.

If it does have output, well then there is a bug and I am not sure what to do.

All it says is "Scanning report" on the top, and nothing else.

Some formatting and other Py issues that throws a lot of shade:

1. Tabs used instead of spaces to indent (eg: https://github.com/flipkart-incubator/Astra/blob/master/core/parsers.py)
2. Unwanted nesting: if ... if ... if ... if ... - is an antipattern, and should follow return early using if not (eg: same file above)
3. PEP8 violations. Just run pep8 -i or something like that on the whole library and it would look perfect for a python project. Or even better - run yapf on the whole project - and this would look perfect.
4. Inconsistent casing in naming - Like you have modules with in Capital case - which is not a standard.
5. Hard coded db connections, etc - https://github.com/flipkart-incubator/Astra/blob/master/API/api.py#L21 (please use a settings file)

hello I just start learning " Automated Security Testing For REST API's" so I choose ASTRA to use it and after following Installing Step's , I try to run this command in order to start a scan for GET api,
$ python astra.py -u https://jsonplaceholder.typicode.com/ But their is no test running !! and I have this console message :
"MongoClient opened before fork. Create MongoClient only "
Failed to test Broken authentication and session management
----------------------------------------------------------------------------------------- Any help please ??
Steps which I followed :
Docker Installation
Run Mongo Container:
$ docker pull mongo
$ docker run --name astra-mongo -d mongo
Installing CLI Docker :
$ git clone -b docker-cli https://github.com/flipkart-incubator/Astra.git
$ cd Astra
$ docker build -t astra-cli .
$ docker run --rm -it --link astra-mongo:mongo astra-cli
and I use Docker version 18.06.1-ce, build e68fc7a
But the problem

Hi!
First of all, thanks for this project!

So, I've got a Postman collection named "teste.json", when I start astra cli, I've got this error below.

In the first test, I've got this error UnicodeEncodeError: 'ascii' codec can't encode character u'\xe1' in position 537: ordinal not in range(128), but I "fix" inserting a code in Astra/core/parsers.py.

Code:

import sys
reload(sys)
sys.setdefaultencoding('utf8')

Error after fix

$ python astra.py -c Postman -n teste.json 

     	                _             
		    /\       | |            
		   /  \   ___| |_ _ __ __ _ 
		  / /\ \ / __| __| '__/ _` |
		 / ____ \__ \ |_| | | (_| |
		/_/    \_\___/\__|_|  \__,_|
		                            

              
[-]Failed to detect login url. Do you want to contiune without authentication?(y/n):y
Traceback (most recent call last):
  File "astra.py", line 298, in <module>
    main()
  File "astra.py", line 288, in main
    scan_core(collection_type,collection_name,url,headers,method,body,loginurl,loginheaders,logindata,login_require) 
  File "astra.py", line 196, in scan_core
    modules_scan(url,method,headers,body,scanid)        
NameError: global name 'scanid' is not defined

root@kali:/Astra/API# python api.py
Failed to connect to MongoDB.
root@kali:/Astra/API#

I just copied the URL, headers (without any body information) from POSTMAN, and it is in JSON format, but I get {"status":"Failed"}. Why does this happen?

While running setup.py on my mac it asks me to run it with sudo for the pip install but later while running the brew install command it fails since brew doesn't like sudo.

I would suggest moving the installation of external dependencies to the user and you should concentrate on installing the python dependencies only.

Also, setting up the tool is little painful right now. Installing the tool should be as simple as running a pip install astra or apt-get install astra command. Running the tool should be as simple as running a command astra.

From a current pull of the repo, and running astra.py with the -u parameter it fails after starting the XXE server.

Console output:
[+]https://example.com is vulnerable to cross domain attack
[+]https://example.com is vulnerable to broken Authentication and session management
Traceback (most recent call last):
File "astra.py", line 328, in
main()
File "astra.py", line 319, in main
scan_single_api(url, method, headers, body, "F", scanid)
File "astra.py", line 199, in scan_single_api
modules_scan(url,method,headers,body,scanid)
File "astra.py", line 152, in modules_scan
xxe.xxe_test(url,method,headers,body,scanid)
File "/dev/Astra/modules/xxe.py", line 109, in xxe_test
self.send_request(url,method,temp_headers,xxe_payloads,scanid)
File "/dev/Astra/modules/xxe.py", line 92, in send_request
if vulnerable is True:
NameError: global name 'vulnerable' is not defined

Content of logs/scan.log:
Origin headers: ['https://attackersite.com', 'example.com.attackersite.com']
List of origin headers: ['https://attackersite.com', 'example.com.attackersite.com']
Scan completed for cross domain attack: https://example.com
sqlmap is started
SQLi - Scan started.
API is not vulnerable to sql injection
SQLi - Task deleted: bdedfa8ea206d546
XSS: No GET param found!
XXE: Server started.

Looking at xxe.py it appears that the start_listening function is either not called, or fails and therefore the variable vulnerable declared with global scope is not instantiated.

It'd be cool to support all those listed in the RFC draft
https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-02#section-2

It seems that the Jquery didn't load before the bootstrap.min.js , Im not sure if it has effect on other Astra's module. It must declared somehow on the top of the header in order to run the bootstrap.min.js

https://i.imgur.com/Z2w2xxq.png

Step 6/10 : RUN pip install -r requirements.txt
---> Running in 52fe9a9b747f

Collecting requests (from -r requirements.txt (line 1))
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5a45703350>: Failed to establish a new connection: [Errno 101] Network unreachable',)': /simple/requests/
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5a45703650>: Failed to establish a new connection: [Errno 101] Network unreachable',)': /simple/requests/
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5a45703810>: Failed to establish a new connection: [Errno 101] Network unreachable',)': /simple/requests/
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5a45703950>: Failed to establish a new connection: [Errno 101] Network unreachable',)': /simple/requests/
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5a45703a90>: Failed to establish a new connection: [Errno 101] Network unreachable',)': /simple/requests/
Could not find a version that satisfies the requirement requests (from -r requirements.txt (line 1)) (from versions: )
No matching distribution found for requests (from -r requirements.txt (line 1))
The command '/bin/sh -c pip install -r requirements.txt' returned a non-zero code: 1

I would like to see documentation for using Astra with most popular authentication/token methods. So much work but just one page of documentation. Please update this so it gets more widely used and more feedback on the product this way. Thanks

Is it to make requests that use cookies (session / login)?

While scanning any API getting below message ;

/usr/local/lib/python2.7/dist-packages/pymongo/topology.py:149: UserWarning: MongoClient opened before fork. Create MongoClient only a fter forking. See PyMongo's documentation for details: http://api.mongodb.org/python/current/faq.html#is-pymongo-fork-safe
"MongoClient opened before fork. Create MongoClient only "
Failed to test Broken authentication and session management