make logfile configurable

.dockerignore

@@ -17,4 +17,5 @@ data.zip
 DISCLAIMER.txt
 example.conf.json
 bin/
+log.txt
 

README.md

@@ -120,6 +120,13 @@ Mount a local wordlist to the docker container and start a bruteforce attack for
 docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin
 ```
 
+Use logfile option
+```
+# the file must exist prior to starting the container, otherwise docker will create a directory with the filename
+touch ~/FILENAME
+docker run -it --rm -v ~/FILENAME:/wpscan/output.txt wpscanteam/wpscan --url https://yourblog.com --log /wpscan/output.txt
+```
+
 (This mounts the host directory `~/wordlists` to the container in the path `/wordlists`)
 
 Published on https://hub.docker.com/r/wpscanteam/wpscan/
@@ -251,7 +258,7 @@ https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
     --follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not
     --batch                             Never ask for user input, use the default behaviour.
     --no-color                          Do not use colors in the output.
-    --log                               Creates a log.txt file with WPScan's output.
+    --log [filename]                    Creates a log.txt file with WPScan's output if no filename is supplied. Otherwise the filename is used for logging.
     --no-banner                         Prevents the WPScan banner from being displayed.
     --disable-accept-header             Prevents WPScan sending the Accept HTTP header.
     --disable-referer                   Prevents setting the Referer header.

lib/common/common_helper.rb

@@ -11,7 +11,7 @@ COMMON_LIB_DIR       = File.join(LIB_DIR, 'common')
 MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models')
 COLLECTIONS_LIB_DIR  = File.join(COMMON_LIB_DIR, 'collections')
 
-LOG_FILE             = File.join(ROOT_DIR, 'log.txt')
+DEFAULT_LOG_FILE     = File.join(ROOT_DIR, 'log.txt')
 
 # Plugins directories
 COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')

lib/common/hacks.rb

@@ -21,7 +21,7 @@ end
 def puts(o = '')
   if $log && o.respond_to?(:gsub)
     temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
-    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
+    File.open($log, 'a+') { |f| f.puts(temp) }
   end
 
   super(o)

lib/wpscan/wpscan_helper.rb

@@ -89,7 +89,7 @@ def help
   puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
   puts '--batch                             Never ask for user input, use the default behaviour.'
   puts '--no-color                          Do not use colors in the output.'
-  puts '--log                               Creates a log.txt file with WPScan\'s output.'
+  puts '--log [filename]                    Creates a log.txt file with WPScan\'s output if no filename is supplied. Otherwise the filename is used for logging.'
   puts '--no-banner                         Prevents the WPScan banner from being displayed.'
   puts '--disable-accept-header             Prevents WPScan sending the Accept HTTP header.'
   puts '--disable-referer                   Prevents setting the Referer header.'

lib/wpscan/wpscan_options.rb

@@ -281,7 +281,7 @@ class WpscanOptions
       ['--batch', GetoptLong::NO_ARGUMENT],
       ['--no-color', GetoptLong::NO_ARGUMENT],
       ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
-      ['--log', GetoptLong::NO_ARGUMENT],
+      ['--log', GetoptLong::OPTIONAL_ARGUMENT],
       ['--no-banner', GetoptLong::NO_ARGUMENT],
       ['--throttle', GetoptLong::REQUIRED_ARGUMENT],
       ['--disable-accept-header', GetoptLong::NO_ARGUMENT],

wpscan.rb

@@ -8,14 +8,47 @@ $exit_code = 0
 require File.join(__dir__, 'lib', 'wpscan', 'wpscan_helper')
 
 def main
-  # delete old logfile, check if it is a symlink first.
-  File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE)
-
   begin
     wpscan_options = WpscanOptions.load_from_arguments
 
     $log = wpscan_options.log
 
+    # some sanity checks
+    if $log
+      if $log.empty?
+        $log = DEFAULT_LOG_FILE
+      end
+
+      # translate to full path if no starting / detected
+      if $log !~ /^#{File::SEPARATOR}/
+        $log = File.join(ROOT_DIR, $log)
+      end
+
+      # check if file exists and has a size greater zero
+      if File.exist?($log) && File.size?($log)
+        puts notice("The supplied log file #{$log} already exists. If you continue the new output will be appended.")
+        print '[?] Do you want to continue? [Y]es [N]o, default: [N]'
+        if Readline.readline !~ /^y/i
+          # unset logging so puts will try to log to the file
+          $log = nil
+          puts notice('Scan aborted')
+          exit(1)
+        end
+      end
+
+      # check if we can write the file
+      begin
+        File.open($log, 'a')
+      rescue SystemCallError => e
+        # unset logging so puts will try to log to the file
+        temp = $log
+        $log = nil
+        puts critical("Error with logfile #{temp}:")
+        puts critical(e)
+        exit(1)
+      end
+    end
+
     banner() unless wpscan_options.no_banner # called after $log set
 
     unless wpscan_options.has_options?