warn the user to update his DB files

2015-05-01 11:29:03 +02:00
parent 0d806e6d74
commit 202180909c
4 changed files with 37 additions and 1 deletions
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -31,6 +31,7 @@ LOCAL_FILES_FILE    = File.join(DATA_DIR, 'local_vulnerable_files.xml')
 WP_VERSIONS_XSD     = File.join(DATA_DIR, 'wp_versions.xsd')
 LOCAL_FILES_XSD     = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
 USER_AGENTS_FILE    = File.join(DATA_DIR, 'user-agents.txt')
+LAST_UPDATE_FILE    = File.join(DATA_DIR, '.last_update')

 WPSCAN_VERSION       = '2.7'

@@ -78,6 +79,13 @@ def missing_db_file?
  false
 end

+def update_required?
+  return true unless File.exist?(LAST_UPDATE_FILE)
+  content = File.read(LAST_UPDATE_FILE)
+  date = Time.parse(content) rescue Time.parse("2000-01-01")
+  return date < 5.days.ago
+end
+
 # Define colors
 def colorize(text, color_code)
  if $COLORSWITCH
--- a/lib/common/db_updater.rb
+++ b/lib/common/db_updater.rb
@@ -112,5 +112,8 @@ class DbUpdater
        end
      end
    end
+
+    # write last_update date to file
+    File.write(LAST_UPDATE_FILE, Time.now)
  end
 end
--- a/lib/common/hacks.rb
+++ b/lib/common/hacks.rb
@@ -53,7 +53,7 @@ def puts(o = '')
    temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
  end
-  
+
  super(o)
 end

@@ -106,3 +106,16 @@ class Numeric
    s.sub(/\.?0*$/, ' ' + units[e])
  end
 end
+
+# time calculations
+class Fixnum
+  SECONDS_IN_DAY = 24 * 60 * 60
+
+  def days
+    self * SECONDS_IN_DAY
+  end
+
+  def ago
+    Time.now - self
+  end
+end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -45,6 +45,18 @@ def main
      wpscan_options.to_h.merge(max_threads: wpscan_options.threads)
    )

+    # check if db file needs upgrade and we are not running in batch mode
+    if update_required? && !wpscan_options.batch
+      puts "#{notice('[i]')} It seems like you have not updated the database for some time."
+      print '[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]'
+      if (input = Readline.readline) =~ /^y/i
+        wpscan_options.update = true
+      elsif input =~ /^a/i
+        puts 'Scan aborted'
+        exit(0)
+      end
+    end
+
    if wpscan_options.update || missing_db_file?
      puts "#{notice('[i]')} Updating the Database ..."
      DbUpdater.new(DATA_DIR).update(wpscan_options.verbose)