Merge pull request #56 from tristanlatr/Show-wpscan-version

tristanlatr · web-flow · commit 1b07adaa5231 · 2023-01-03T15:02:16.000-05:00
Show wpscan version
diff --git a/tests/notification_test.py b/tests/notification_test.py
@@ -51,7 +51,7 @@ def test_send_report(self):
                 "wpscan_output":"This is real%s"%(s)
             }
 
-            wpwatcher.scanner.mail._send_report(report, email_to='test', wpscan_command= 'just testing')
+            wpwatcher.scanner.mail._send_report(report, email_to='test', wpscan_command= 'just testing', wpscan_version='1.2.3')
 
             # self.assertEqual(report['fixed'], [], "Fixed item wasn't remove after email sent")
             # self.assertNotEqual(report['last_email'], None)
diff --git a/wpwatcher/email.py b/wpwatcher/email.py
@@ -57,11 +57,11 @@ def notify(
         wp_site: Dict[str, Any],
         wp_report: Dict[str, Any],
         last_wp_report: Optional[Dict[str, Any]],
-        wpscan_command: str,
+        wpscan_command: str, wpscan_version:str,
     ) -> bool:
         """Email recipients if match `should_notify` conditions"""
         if self.should_notify(wp_report, last_wp_report):
-            self.send_report(wp_site, wp_report, wpscan_command)
+            self.send_report(wp_site, wp_report, wpscan_command, wpscan_version)
             return True
         else:
             return False
@@ -83,7 +83,7 @@ def _send_mail(self, message: MIMEMultipart, email_to: List[str]) -> None:
 
     # Send email report with status and timestamp
     def _send_report(
-        self, wp_report: Dict[str, Any], email_to: List[str], wpscan_command: str
+        self, wp_report: Dict[str, Any], email_to: List[str], wpscan_command: str, wpscan_version:str
     ) -> None:
         """Build MIME message based on report and call send_mail"""
 
@@ -96,7 +96,7 @@ def _send_report(
         message["To"] = ",".join(email_to)
 
         # Email body
-        body = self.build_message(wp_report, wpscan_command)
+        body = self.build_message(wp_report, wpscan_command, wpscan_version)
         if self.use_monospace_font:
             body = (
                 f'<font face="Courier New, Courier, monospace" size="-1">{body}</font>'
@@ -187,7 +187,7 @@ def should_notify(
         return should
 
     def send_report(
-        self, wp_site: Dict[str, Any], wp_report: Dict[str, Any], wpscan_command: str
+        self, wp_site: Dict[str, Any], wp_report: Dict[str, Any], wpscan_command: str, wpscan_version:str
     ) -> bool:
         """Sending the report"""
         # Send the report to
@@ -206,11 +206,11 @@ def send_report(
             time.sleep(0.01)
 
         with self._mail_lock:
-            self._send_report(wp_report, to, wpscan_command)
+            self._send_report(wp_report, to, wpscan_command, wpscan_version)
             return True
 
     @staticmethod
-    def build_message(wp_report: Dict[str, Any], wpscan_command: str) -> str:
+    def build_message(wp_report: Dict[str, Any], wpscan_command: str, wpscan_version:str) -> str:
         """Build mail message text base on report and warnngs and info switch"""
 
         message = (
@@ -228,6 +228,7 @@ def build_message(wp_report: Dict[str, Any], wpscan_command: str) -> str:
             content=message,
             wpwatcher_version=__version__,
             wpscan_command=wpscan_command,
+            wpscan_version=wpscan_version
         )
 
 
@@ -363,7 +364,7 @@ def build_message(wp_report: Dict[str, Any], wpscan_command: str) -> str:
                 <tr>
                   <td class="content-block powered-by" style="font-family: sans-serif; vertical-align: top; padding-bottom: 10px; padding-top: 10px; font-size: 12px; color: #999999; text-align: center;">
                     Automating WPscan to scan and report vulnerable Wordpress sites <br/> 
-                    <a href="https://github.com/tristanlatr/WPWatcher" style="color: #999999; text-align: center; text-decoration: none;">WPWatcher version $wpwatcher_version </a> <br />
+                    <a href="https://github.com/tristanlatr/WPWatcher" style="color: #999999; text-align: center; text-decoration: none;">WPWatcher version $wpwatcher_version </a> - WPScan version $wpscan_version <br />
                   </td>
                 </tr>
               </table>
diff --git a/wpwatcher/scan.py b/wpwatcher/scan.py
@@ -257,7 +257,9 @@ def scan_site(
             # Notify recepients if match triggers
             if self.mail.notify(
                 wp_site, wp_report, 
-                last_wp_report, wpscan_command=wpscan_command
+                last_wp_report, 
+                wpscan_command=wpscan_command,
+                wpscan_version=self.wpscan._wpscan_version or '??',
             ):
                 # Store report time
                 wp_report["last_email"] = wp_report["datetime"]
diff --git a/wpwatcher/wpscan.py b/wpwatcher/wpscan.py
@@ -32,6 +32,8 @@ class WPScanWrapper:
 
 
     _NO_VAL = datetime(year=2000, month=1, day=1)
+    _NO_VERSION = '0.0.0'
+
     def __init__(self, wpscan_path: str, scan_timeout: Optional[timedelta] = None,
         api_limit_wait: bool = False, follow_redirect: bool = False) -> None:
         """
@@ -47,6 +49,7 @@ def __init__(self, wpscan_path: str, scan_timeout: Optional[timedelta] = None,
 
         self._update_lock: threading.Lock = threading.Lock()
         self._lazy_last_db_update: Optional[datetime] = self._NO_VAL
+        self._lazy_wpscan_version: Optional[str] = None
 
         self._api_limit_wait = api_limit_wait
         self._follow_redirect = follow_redirect
@@ -103,11 +106,17 @@ def _wait_all_wpscan_process(self) -> None:
     @property
     def _last_db_update(self) -> Optional[datetime]: 
         if self._lazy_last_db_update == self._NO_VAL:
-            self._lazy_last_db_update = self._get_last_db_update()
+            self._init_lazy_attributes()
         return self._lazy_last_db_update
+    
+    @property
+    def _wpscan_version(self) -> Optional[str]:
+        if self._lazy_wpscan_version == self._NO_VERSION:
+            self._init_lazy_attributes()
+        return self._lazy_wpscan_version
 
 
-    def _get_last_db_update(self) -> Optional[datetime]:
+    def _init_lazy_attributes(self) -> None:
 
         wp_version_args = ["--version", "--format", "json", "--no-banner"]
         try:
@@ -126,12 +135,17 @@ def _get_last_db_update(self) -> Optional[datetime]:
 
         version_info = json.loads(process.stdout)
 
-        if not version_info.get("last_db_update", None):
-            return None
-        else:
-            return datetime.strptime(
+        if isinstance(version_info.get("last_db_update"), str):
+            self._lazy_last_db_update = datetime.strptime(
                 version_info["last_db_update"].split(".")[0], "%Y-%m-%dT%H:%M:%S"
             )
+        else:
+            self._lazy_last_db_update = None
+        
+        try:
+            self._lazy_wpscan_version = version_info['version']
+        except KeyError:
+            self._lazy_wpscan_version = None
 
     def _update_wpscan(self) -> None:
         # Update wpscan database

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ def test_send_report(self):`
`51`	`51`	`"wpscan_output":"This is real%s"%(s)`
`52`	`52`	`}`
`53`	`53`
`54`		`- wpwatcher.scanner.mail._send_report(report, email_to='test', wpscan_command= 'just testing')`
	`54`	`+ wpwatcher.scanner.mail._send_report(report, email_to='test', wpscan_command= 'just testing', wpscan_version='1.2.3')`
`55`	`55`
`56`	`56`	`# self.assertEqual(report['fixed'], [], "Fixed item wasn't remove after email sent")`
`57`	`57`	`# self.assertNotEqual(report['last_email'], None)`