From 21f4de2ec11486a7160e1817173bf1593a1b74bc Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Wed, 31 May 2017 23:16:07 +0200 Subject: [PATCH] make logfile configurable --- .dockerignore | 1 + README.md | 9 ++++++++- lib/common/common_helper.rb | 2 +- lib/common/hacks.rb | 2 +- lib/wpscan/wpscan_helper.rb | 2 +- lib/wpscan/wpscan_options.rb | 2 +- wpscan.rb | 39 +++++++++++++++++++++++++++++++++--- 7 files changed, 49 insertions(+), 8 deletions(-) diff --git a/.dockerignore b/.dockerignore index 8feabc25..abf6bb87 100644 --- a/.dockerignore +++ b/.dockerignore @@ -17,4 +17,5 @@ data.zip DISCLAIMER.txt example.conf.json bin/ +log.txt diff --git a/README.md b/README.md index 41198dc7..fa373534 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,13 @@ Mount a local wordlist to the docker container and start a bruteforce attack for docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin ``` +Use logfile option +``` +# the file must exist prior to starting the container, otherwise docker will create a directory with the filename +touch ~/FILENAME +docker run -it --rm -v ~/FILENAME:/wpscan/output.txt wpscanteam/wpscan --url https://yourblog.com --log /wpscan/output.txt +``` + (This mounts the host directory `~/wordlists` to the container in the path `/wordlists`) Published on https://hub.docker.com/r/wpscanteam/wpscan/ @@ -251,7 +258,7 @@ https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not --batch Never ask for user input, use the default behaviour. --no-color Do not use colors in the output. - --log Creates a log.txt file with WPScan's output. + --log [filename] Creates a log.txt file with WPScan's output if no filename is supplied. Otherwise the filename is used for logging. --no-banner Prevents the WPScan banner from being displayed. --disable-accept-header Prevents WPScan sending the Accept HTTP header. --disable-referer Prevents setting the Referer header. diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb index 28d80930..ce018bc6 100644 --- a/lib/common/common_helper.rb +++ b/lib/common/common_helper.rb @@ -11,7 +11,7 @@ COMMON_LIB_DIR = File.join(LIB_DIR, 'common') MODELS_LIB_DIR = File.join(COMMON_LIB_DIR, 'models') COLLECTIONS_LIB_DIR = File.join(COMMON_LIB_DIR, 'collections') -LOG_FILE = File.join(ROOT_DIR, 'log.txt') +DEFAULT_LOG_FILE = File.join(ROOT_DIR, 'log.txt') # Plugins directories COMMON_PLUGINS_DIR = File.join(COMMON_LIB_DIR, 'plugins') diff --git a/lib/common/hacks.rb b/lib/common/hacks.rb index 8b159acb..a11503dd 100644 --- a/lib/common/hacks.rb +++ b/lib/common/hacks.rb @@ -21,7 +21,7 @@ end def puts(o = '') if $log && o.respond_to?(:gsub) temp = o.gsub(/\e\[\d+m/, '') # remove color for logging - File.open(LOG_FILE, 'a+') { |f| f.puts(temp) } + File.open($log, 'a+') { |f| f.puts(temp) } end super(o) diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 74bb1309..234365a2 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -89,7 +89,7 @@ def help puts '--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not' puts '--batch Never ask for user input, use the default behaviour.' puts '--no-color Do not use colors in the output.' - puts '--log Creates a log.txt file with WPScan\'s output.' + puts '--log [filename] Creates a log.txt file with WPScan\'s output if no filename is supplied. Otherwise the filename is used for logging.' puts '--no-banner Prevents the WPScan banner from being displayed.' puts '--disable-accept-header Prevents WPScan sending the Accept HTTP header.' puts '--disable-referer Prevents setting the Referer header.' diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index 9a53fc6d..4f3e434b 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -281,7 +281,7 @@ class WpscanOptions ['--batch', GetoptLong::NO_ARGUMENT], ['--no-color', GetoptLong::NO_ARGUMENT], ['--cookie', GetoptLong::REQUIRED_ARGUMENT], - ['--log', GetoptLong::NO_ARGUMENT], + ['--log', GetoptLong::OPTIONAL_ARGUMENT], ['--no-banner', GetoptLong::NO_ARGUMENT], ['--throttle', GetoptLong::REQUIRED_ARGUMENT], ['--disable-accept-header', GetoptLong::NO_ARGUMENT], diff --git a/wpscan.rb b/wpscan.rb index f9c0130e..969ad72a 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -8,14 +8,47 @@ $exit_code = 0 require File.join(__dir__, 'lib', 'wpscan', 'wpscan_helper') def main - # delete old logfile, check if it is a symlink first. - File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE) - begin wpscan_options = WpscanOptions.load_from_arguments $log = wpscan_options.log + # some sanity checks + if $log + if $log.empty? + $log = DEFAULT_LOG_FILE + end + + # translate to full path if no starting / detected + if $log !~ /^#{File::SEPARATOR}/ + $log = File.join(ROOT_DIR, $log) + end + + # check if file exists and has a size greater zero + if File.exist?($log) && File.size?($log) + puts notice("The supplied log file #{$log} already exists. If you continue the new output will be appended.") + print '[?] Do you want to continue? [Y]es [N]o, default: [N]' + if Readline.readline !~ /^y/i + # unset logging so puts will try to log to the file + $log = nil + puts notice('Scan aborted') + exit(1) + end + end + + # check if we can write the file + begin + File.open($log, 'a') + rescue SystemCallError => e + # unset logging so puts will try to log to the file + temp = $log + $log = nil + puts critical("Error with logfile #{temp}:") + puts critical(e) + exit(1) + end + end + banner() unless wpscan_options.no_banner # called after $log set unless wpscan_options.has_options?