ronin-vulns 0.1.5 → 0.2.0.rc1

data/lib/ronin/vulns/cli/commands/lfi.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -34,9 +34,20 @@ module Ronin
         #
         # ## Options
         #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
         #         --first                      Only find the first vulnerability for each URL
         #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
         #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
         #     -C, --cookie COOKIE              Sets the raw Cookie header
         #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
         #     -R, --referer URL                Sets the Referer header
@@ -47,10 +58,11 @@ module Ronin
         #         --test-cookie-param NAME     Tests the HTTP Cookie name
         #         --test-all-cookie-params     Test all Cookie param names
         #         --test-form-param NAME       Tests the form param name
+        #         --test-all-form-params       Test all form param names
         #     -i, --input FILE                 Reads URLs from the list file
         #     -O, --os unix|windows            Sets the OS to test for
         #     -D, --depth COUNT                Sets the directory depth to escape up
-        #     -B null_byte|double_escape|base64|rot13|zlib,
+        #     -B null-byte|double-escape|base64|rot13|zlib,
         #         --filter-bypass              Sets the filter bypass strategy to use
         #     -h, --help                       Print help information
         #
@@ -81,13 +93,13 @@ module Ronin
 
           option :filter_bypass, short: '-B',
                                  value: {
-                                   type: [
-                                     :null_byte,
-                                     :double_escape,
-                                     :base64,
-                                     :rot13,
-                                     :zlib
-                                   ]
+                                   type: {
+                                     'null-byte'     => :null_byte,
+                                     'double-escape' => :double_escape,
+                                     'base64'        => :base64,
+                                     'rot13'         => :rot13,
+                                     'zlib'          => :zlib
+                                   }
                                  },
                                  desc: 'Sets the filter bypass strategy to use' do |filter_bypass|
                                    scan_kwargs[:filter_bypass] = filter_bypass

data/lib/ronin/vulns/cli/commands/open_redirect.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -34,9 +34,20 @@ module Ronin
         #
         # ## Options
         #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
         #         --first                      Only find the first vulnerability for each URL
         #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
         #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
         #     -C, --cookie COOKIE              Sets the raw Cookie header
         #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
         #     -R, --referer URL                Sets the Referer header
@@ -47,6 +58,7 @@ module Ronin
         #         --test-cookie-param NAME     Tests the HTTP Cookie name
         #         --test-all-cookie-params     Test all Cookie param names
         #         --test-form-param NAME       Tests the form param name
+        #         --test-all-form-params       Test all form param names
         #     -i, --input FILE                 Reads URLs from the list file
         #     -T, --test-url URL               Optional test URL to try to redirect to
         #     -h, --help                       Print help information

data/lib/ronin/vulns/cli/commands/reflected_xss.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -34,9 +34,20 @@ module Ronin
         #
         # ## Options
         #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
         #         --first                      Only find the first vulnerability for each URL
         #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
         #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
         #     -C, --cookie COOKIE              Sets the raw Cookie header
         #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
         #     -R, --referer URL                Sets the Referer header
@@ -47,6 +58,7 @@ module Ronin
         #         --test-cookie-param NAME     Tests the HTTP Cookie name
         #         --test-all-cookie-params     Test all Cookie param names
         #         --test-form-param NAME       Tests the form param name
+        #         --test-all-form-params       Test all form param names
         #     -i, --input FILE                 Reads URLs from the list file
         #     -h, --help                       Print help information
         #

data/lib/ronin/vulns/cli/commands/rfi.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -34,9 +34,20 @@ module Ronin
         #
         # ## Options
         #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
         #         --first                      Only find the first vulnerability for each URL
         #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
         #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
         #     -C, --cookie COOKIE              Sets the raw Cookie header
         #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
         #     -R, --referer URL                Sets the Referer header
@@ -47,6 +58,7 @@ module Ronin
         #         --test-cookie-param NAME     Tests the HTTP Cookie name
         #         --test-all-cookie-params     Test all Cookie param names
         #         --test-form-param NAME       Tests the form param name
+        #         --test-all-form-params       Test all form param names
         #     -i, --input FILE                 Reads URLs from the list file
         #     -B double-encode|suffix-escape|null-byte,
         #         --filter-bypass              Optional filter-bypass strategy to use

data/lib/ronin/vulns/cli/commands/scan.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -34,9 +34,20 @@ module Ronin
         #
         # ## Options
         #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
         #         --first                      Only find the first vulnerability for each URL
         #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
         #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
         #     -C, --cookie COOKIE              Sets the raw Cookie header
         #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
         #     -R, --referer URL                Sets the Referer header
@@ -45,10 +56,11 @@ module Ronin
         #         --test-header-names NAME     Tests the HTTP Header name
         #         --test-cookie-params NAME    Tests the HTTP Cookie name
         #         --test-form-params NAME      Tests the form param name
+        #         --test-all-form-params       Test all form param names
         #     -i, --input FILE                 Reads URLs from the list file
         #         --lfi-os unix|windows        Sets the OS to test for
         #         --lfi-depth COUNT            Sets the directory depth to escape up
-        #         --lfi-filter-bypass null_byte|double_escape|base64|rot13|zlib
+        #         --lfi-filter-bypass null-byte|double-escape|base64|rot13|zlib
         #                                      Sets the filter bypass strategy to use
         #         --rfi-filter-bypass double-encode|suffix-escape|null-byte
         #                                      Optional filter-bypass strategy to use
@@ -87,13 +99,13 @@ module Ronin
                              end
 
           option :lfi_filter_bypass, value: {
-                                       type: [
-                                         :null_byte,
-                                         :double_escape,
-                                         :base64,
-                                         :rot13,
-                                         :zlib
-                                       ]
+                                       type: {
+                                         'null-byte'     => :null_byte,
+                                         'double-escape' => :double_escape,
+                                         'base64'        => :base64,
+                                         'rot13'         => :rot13,
+                                         'zlib'          => :zlib
+                                       }
                                      },
                                      desc: 'Sets the filter bypass strategy to use' do |filter_bypass|
                                        lfi_kwargs[:filter_bypass] = filter_bypass

data/lib/ronin/vulns/cli/commands/sqli.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -34,9 +34,20 @@ module Ronin
         #
         # ## Options
         #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
         #         --first                      Only find the first vulnerability for each URL
         #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
         #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
         #     -C, --cookie COOKIE              Sets the raw Cookie header
         #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
         #     -R, --referer URL                Sets the Referer header
@@ -47,6 +58,7 @@ module Ronin
         #         --test-cookie-param NAME     Tests the HTTP Cookie name
         #         --test-all-cookie-params     Test all Cookie param names
         #         --test-form-param NAME       Tests the form param name
+        #         --test-all-form-params       Test all form param names
         #     -i, --input FILE                 Reads URLs from the list file
         #     -Q, --escape-quote               Escapes quotation marks
         #     -P, --escape-parens              Escapes parenthesis

data/lib/ronin/vulns/cli/commands/ssti.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -35,9 +35,20 @@ module Ronin
         #
         # ## Options
         #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
         #         --first                      Only find the first vulnerability for each URL
         #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
         #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
         #     -C, --cookie COOKIE              Sets the raw Cookie header
         #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
         #     -R, --referer URL                Sets the Referer header
@@ -48,6 +59,7 @@ module Ronin
         #         --test-cookie-param NAME     Tests the HTTP Cookie name
         #         --test-all-cookie-params     Test all Cookie param names
         #         --test-form-param NAME       Tests the form param name
+        #         --test-all-form-params       Test all form param names
         #     -i, --input FILE                 Reads URLs from the list file
         #     -T {X*Y | X/Z | X+Y | X-Y},      Optional numeric test to use
         #         --test-expr

data/lib/ronin/vulns/cli/importable.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+#
+# ronin-vulns - A Ruby library for blind vulnerability testing.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-vulns is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-vulns is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/vulns/importer'
+require 'ronin/vulns/cli/printing'
+require 'ronin/db/cli/database_options'
+require 'ronin/db/cli/printing'
+
+module Ronin
+  module Vulns
+    class CLI
+      #
+      # Mixin module which adds the ability to import web vulns into the
+      # [ronin-db] database.
+      #
+      # [ronin-db]: https://github.com/ronin-rb/ronin-db#readme
+      #
+      # @since 0.2.0
+      #
+      module Importable
+        include DB::CLI::Printing
+        include Printing
+
+        #
+        # Includes `Ronin::DB::CLI::DatabaseOptions` into the including command
+        # class.
+        #
+        # @param [Class<Command>] command
+        #   The command class including {Importable}.
+        #
+        def self.included(command)
+          command.include DB::CLI::DatabaseOptions
+        end
+
+        #
+        # Imports a web vulnerability into the [ronin-db] database.
+        #
+        # [ronin-db]: https://github.com/ronin-rb/ronin-db#readme
+        #
+        # @param [WebVuln] vuln
+        #   The web vulnerability to import.
+        #
+        def import_vuln(vuln)
+          Importer.import(vuln)
+
+          vuln_type  = vuln_type(vuln)
+          param_type = vuln_param_type(vuln)
+          param_name = vuln_param_name(vuln)
+
+          if (param_type && param_name)
+            log_info "Imported #{vuln_type} vulnerability on URL #{vuln.url} and #{param_type} '#{param_name}'"
+          else
+            log_info "Imported #{vuln_type} vulnerability on URL #{vuln.url}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ronin/vulns/cli/printing.rb

@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+#
+# ronin-vulns - A Ruby library for blind vulnerability testing.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-vulns is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-vulns is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/core/cli/logging'
+
+require 'command_kit/printing/indent'
+
+module Ronin
+  module Vulns
+    class CLI
+      #
+      # Mixin that adds methods for logging and printing discovered web
+      # vulnerabilities.
+      #
+      # @since 0.2.0
+      #
+      module Printing
+        include Core::CLI::Logging
+        include CommandKit::Printing::Indent
+
+        # Known vulnerability types and their printable names.
+        VULN_TYPES = {
+          command_injection: 'Command Injection',
+          open_redirect:     'Open Redirect',
+          reflected_xss:     'reflected XSS',
+
+          lfi:  'LFI',
+          rfi:  'RFI',
+          sqli: 'SQLi',
+          ssti: 'SSTI'
+        }
+
+        #
+        # Returns the printable vulnerability type for the vulnerability object.
+        #
+        # @param [Vuln] vuln
+        #
+        # @return [String]
+        #
+        def vuln_type(vuln)
+          VULN_TYPES.fetch(vuln.class.vuln_type)
+        end
+
+        #
+        # Determines the param type that the web vulnerability occurs in.
+        #
+        # @param [WebVuln] vuln
+        #
+        # @return [String, nil]
+        #
+        def vuln_param_type(vuln)
+          if    vuln.query_param  then 'query param'
+          elsif vuln.header_name  then 'Header'
+          elsif vuln.cookie_param then 'Cookie param'
+          elsif vuln.form_param   then 'form param'
+          end
+        end
+
+        #
+        # Determines the param name that the web vulnerability occurs in.
+        #
+        # @param [WebVuln] vuln
+        #
+        # @return [String, nil]
+        #
+        def vuln_param_name(vuln)
+          if    vuln.query_param  then vuln.query_param
+          elsif vuln.header_name  then vuln.header_name
+          elsif vuln.cookie_param then vuln.cookie_param
+          elsif vuln.form_param   then vuln.form_param
+          end
+        end
+
+        #
+        # Prints a log message about a newly discovered web vulnerability.
+        #
+        # @param [WebVuln] vuln
+        #   The web vulnerability to log.
+        #
+        def log_vuln(vuln)
+          vuln_type  = vuln_type(vuln)
+          param_type = vuln_param_type(vuln)
+          param_name = vuln_param_name(vuln)
+
+          if (param_type && param_name)
+            log_warn "Found #{vuln_type} on #{vuln.url} via #{param_type} '#{param_name}'!"
+          else
+            log_warn "Found #{vuln_type} on #{vuln.url}!"
+          end
+        end
+
+        #
+        # Prints detailed information about a discovered web vulnerability.
+        #
+        # @param [WebVuln] vuln
+        #   The web vulnerability to log.
+        #
+        # @param [Boolean] print_curl
+        #   Prints an example `curl` command to trigger the web vulnerability.
+        #
+        # @param [Boolean] print_http
+        #   Prints an example HTTP request to trigger the web vulnerability.
+        #
+        # @since 0.2.0
+        #
+        def print_vuln(vuln, print_curl: false, print_http: false)
+          vuln_type  = vuln_type(vuln)
+          param_type = vuln_param_type(vuln)
+          param_name = vuln_param_name(vuln)
+
+          if (param_type && param_name)
+            puts "#{colors.bold(colors.bright_red(vuln_type))} on #{colors.bold(colors.bright_white(vuln.url))} via #{colors.bold(colors.bright_white(param_type))} '#{colors.bold(colors.bright_red(param_name))}'"
+          else
+            puts "#{colors.bold(colors.red(vuln_type))} on #{colors.bold(colors.bright_white(vuln.url))}"
+          end
+
+          if print_curl || print_http
+            puts
+
+            if print_curl
+              puts "  #{vuln.to_curl}"
+              puts
+            end
+
+            if print_http
+              vuln.to_http.each_line(chomp: true) do |line|
+                puts "  #{line}"
+              end
+              puts
+            end
+          end
+        end
+
+        #
+        # Print a summary of all web vulnerabilities found.
+        #
+        # @param [Array<WebVuln>] vulns
+        #   The discovered web vulnerabilities.
+        #
+        # @param [Boolean] print_curl
+        #   Prints an example `curl` command to trigger the web vulnerability.
+        #
+        # @param [Boolean] print_http
+        #   Prints an example HTTP request to trigger the web vulnerability.
+        #
+        # @since 0.2.0
+        #
+        def print_vulns(vulns, print_curl: false, print_http: false)
+          if vulns.empty?
+            puts colors.green("No vulnerabilities found")
+          else
+            puts colors.bold(colors.bright_red('Vulnerabilities found!'))
+            puts
+
+            indent do
+              vulns.each do |vuln|
+                print_vuln(vuln, print_curl: print_curl,
+                                 print_http: print_http)
+              end
+            end
+            puts unless (print_curl || print_http)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ronin/vulns/cli/ruby_shell.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+#
+# ronin-vulns - A Ruby library for blind vulnerability testing.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-vulns is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-vulns is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/core/cli/ruby_shell'
+
+module Ronin
+  module Vulns
+    class CLI
+      #
+      # The interactive Ruby shell for {Ronin::Vulns}.
+      #
+      # @since 0.2.0
+      #
+      class RubyShell < Core::CLI::RubyShell
+
+        #
+        # Initializes the `ronin-vulns` Ruby shell.
+        #
+        # @param [String] name
+        #   The name of the IRB shell.
+        #
+        # @param [Object] context
+        #   Custom context to launch IRB from within.
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for
+        #   `Ronin::Core::CLI::RubyShell#initialize`.
+        #
+        def initialize(name: 'ronin-vulns', context: Vulns, **kwargs)
+          super(name: name, context: context, **kwargs)
+        end
+
+      end
+    end
+  end
+end