ronin-vulns 0.1.5 → 0.2.0.rc1

data/man/ronin-vulns-ssti.1

@@ -1,99 +1,103 @@
-.\" Generated by kramdown-man 0.1.9
+.\" Generated by kramdown-man 1.0.1
 .\" https://github.com/postmodern/kramdown-man#readme
 .TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
-.LP
+.SH NAME
+.PP
+ronin\-vulns\-ssti \- Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities
 .SH SYNOPSIS
-.LP
 .PP
-\fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
-.LP
+\fBronin\-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC]
 .SH DESCRIPTION
-.LP
 .PP
 Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities\. The URLs
 to scan can be given as additional arguments or read from a file using the
-\fB--input\fR option\.
-.LP
+\fB\-\-input\fR option\.
 .SH ARGUMENTS
-.LP
 .TP
 \fIURL\fP
 A URL to scan\.
-.LP
 .SH OPTIONS
-.LP
 .TP
-\fB--first\fR
+\fB\-\-db\fR \fINAME\fP
+The database name to connect to\. Defaults to \fBdefault\fR if not given\.
+.TP
+\fB\-\-db\-uri\fR \fIURI\fP
+The database URI to connect to
+(ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\.
+.TP
+\fB\-\-db\-file\fR \fIPATH\fP
+The sqlite3 database file to use\.
+.TP
+\fB\-\-import\fR
+Imports discovered vulnerabilities into the database\.
+.TP
+\fB\-\-first\fR
 Only find the first vulnerability for each URL\.
-.LP
 .TP
-\fB-A\fR, \fB--all\fR
+\fB\-A\fR, \fB\-\-all\fR
 Find all vulnerabilities for each URL\.
-.LP
 .TP
-\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+\fB\-\-print\-curl\fR
+Also prints an example \fBcurl\fR command for each vulnerability\.
+.TP
+\fB\-\-print\-http\fR
+Also prints an example HTTP request for each vulnerability\.
+.TP
+\fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR
+Sets the HTTP request method to use\.
+.TP
+\fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
 Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
-.LP
 .TP
-\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+\fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP
+Sets the \fBUser\-Agent\fR header string\.
+.TP
+\fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR
+Sets the \fBUser\-Agent\fR header\.
+.TP
+\fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP
 Sets the raw \fBCookie\fR header\.
-.LP
 .TP
-\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+\fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
 Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
-.LP
 .TP
-\fB-R\fR, \fB--referer\fR \fIURL\fP
+\fB\-R\fR, \fB\-\-referer\fR \fIURL\fP
 Sets the \fBReferer\fR header\.
-.LP
 .TP
-\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+\fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
 Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
-.LP
 .TP
-\fB--test-query-param\fR \fINAME\fP
+\fB\-\-test\-query\-param\fR \fINAME\fP
 Tests the URL query param name\.
-.LP
 .TP
-\fB--test-all-query-params\fR
+\fB\-\-test\-all\-query\-params\fR
 Test all URL query param names\.
-.LP
 .TP
-\fB--test-header-name\fR \fINAME\fP
+\fB\-\-test\-header\-name\fR \fINAME\fP
 Tests the HTTP Header name\.
-.LP
 .TP
-\fB--test-cookie-param\fR \fINAME\fP
+\fB\-\-test\-cookie\-param\fR \fINAME\fP
 Tests the HTTP Cookie name\.
-.LP
 .TP
-\fB--test-all-cookie-params\fR
+\fB\-\-test\-all\-cookie\-params\fR
 Test all Cookie param names\.
-.LP
 .TP
-\fB--test-form-param\fR \fINAME\fP
+\fB\-\-test\-form\-param\fR \fINAME\fP
 Tests the form param name\.
-.LP
 .TP
-\fB-i\fR, \fB--input\fR \fIFILE\fP
+\fB\-i\fR, \fB\-\-input\fR \fIFILE\fP
 Reads URLs from the given \fIFILE\fP\.
-.LP
-.PP
-\fB-T\fR, \fB--test-expr\fR \[lC]\fIX*Y\fP \[or] \fIX\[sl]Z\fP \[or] \fIX\[pl]Y\fP \[or] \fIX\-Y\fP\[rC]
+.TP
+\fB\-T\fR, \fB\-\-test\-expr\fR \[lC]\fIX*Y\fP \[or] \fIX\[sl]Z\fP \[or] \fIX\[pl]Y\fP \[or] \fIX\-Y\fP\[rC]
 Optional numeric test to use\.
-.LP
 .TP
-\fB-h\fR, \fB--help\fR
+\fB\-h\fR, \fB\-\-help\fR
 Print help information\.
-.LP
 .SH AUTHOR
-.LP
 .PP
 Postmodern 
 .MT postmodern\.mod3\[at]gmail\.com
 .ME
-.LP
 .SH SEE ALSO
-.LP
 .PP
-ronin\-vulns\-scan(1)
+.BR ronin\-vulns\-scan (1)

data/man/ronin-vulns-ssti.1.md

@@ -1,5 +1,9 @@
 # ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
 
+## NAME
+
+ronin-vulns-ssti - Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities
+
 ## SYNOPSIS
 
 `ronin-vulns lfi` [*options*] {*URL* ... \| `--input` *FILE*}
@@ -13,57 +17,85 @@ to scan can be given as additional arguments or read from a file using the
 ## ARGUMENTS
 
 *URL*
-  A URL to scan.
+: A URL to scan.
 
 ## OPTIONS
 
+`--db` *NAME*
+: The database name to connect to. Defaults to `default` if not given.
+
+`--db-uri` *URI*
+: The database URI to connect to
+  (ex: `postgres://user:password@host/db`).
+
+`--db-file` *PATH*
+: The sqlite3 database file to use.
+
+`--import`
+: Imports discovered vulnerabilities into the database.
+
 `--first`
-  Only find the first vulnerability for each URL.
+: Only find the first vulnerability for each URL.
 
 `-A`, `--all`
-  Find all vulnerabilities for each URL.
+: Find all vulnerabilities for each URL.
+
+`--print-curl`
+: Also prints an example `curl` command for each vulnerability.
+
+`--print-http`
+: Also prints an example HTTP request for each vulnerability.
+
+`-M`, `--request-method` `COPY`|`DELETE`|`GET`|`HEAD`|`LOCK`|`MKCOL`|`MOVE`|`OPTIONS`|`PATCH`|`POST`|`PROPFIND`|`PROPPATCH`|`PUT`|`TRACE`|`UNLOCK`
+: Sets the HTTP request method to use.
 
 `-H`, `--header` "*Name*: *value*"
-  Sets an additional header using the given *Name* and *value*.
+: Sets an additional header using the given *Name* and *value*.
+
+`-U`, `--user-agent-string` *STRING*
+: Sets the `User-Agent` header string.
+
+`-u`, `--user-agent` `chrome-linux`\|`chrome-macos`\|`chrome-windows`\|`chrome-iphone`\|`chrome-ipad`\|`chrome-android`\|`firefox-linux`\|`firefox-macos`\|`firefox-windows`\|`firefox-iphone`\|`firefox-ipad`\|`firefox-android`\|`safari-macos`\|`safari-iphone`\|`safari-ipad`\|`edge`
+: Sets the `User-Agent` header.
 
 `-C`, `--cookie` *COOKIE*
-  Sets the raw `Cookie` header.
+: Sets the raw `Cookie` header.
 
 `-c`, `--cookie-param` *NAME*`=`*VALUE*
-  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+: Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
 
 `-R`, `--referer` *URL*
-  Sets the `Referer` header.
+: Sets the `Referer` header.
 
 `-F`, `--form-param` *NAME*`=`*VALUE*
-  Sets an additional form param using the given *NAME* and *VALUE*.
+: Sets an additional form param using the given *NAME* and *VALUE*.
 
 `--test-query-param` *NAME*
-  Tests the URL query param name.
+: Tests the URL query param name.
 
 `--test-all-query-params`
-  Test all URL query param names.
+: Test all URL query param names.
 
 `--test-header-name` *NAME*
-  Tests the HTTP Header name.
+: Tests the HTTP Header name.
 
 `--test-cookie-param` *NAME*
-  Tests the HTTP Cookie name.
+: Tests the HTTP Cookie name.
 
 `--test-all-cookie-params`
-  Test all Cookie param names.
+: Test all Cookie param names.
 
 `--test-form-param` *NAME*
-  Tests the form param name.
+: Tests the form param name.
 
 `-i`, `--input` *FILE*
-  Reads URLs from the given *FILE*.
+: Reads URLs from the given *FILE*.
 
 `-T`, `--test-expr` {*X\*Y* \| *X/Z* \| *X+Y* \| *X-Y*}
-  Optional numeric test to use.
+: Optional numeric test to use.
 
 `-h`, `--help`
-  Print help information.
+: Print help information.
 
 ## AUTHOR
 
@@ -71,4 +103,4 @@ Postmodern <postmodern.mod3@gmail.com>
 
 ## SEE ALSO
 
-ronin-vulns-scan(1)
+[ronin-vulns-scan](ronin-vulns-scan.1.md)

data/man/ronin-vulns.1

@@ -0,0 +1,73 @@
+.\" Generated by kramdown-man 1.0.1
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns 1 "2024-01-01" Ronin Vulns "User Manuals"
+.SH NAME
+.PP
+ronin\-vulns \- A library and tool that tests for various web vulnerabilities\.
+.SH SYNOPSIS
+.PP
+\fBronin\-vulns\fR \[lB]\fIoptions\fP\[rB] \[lB]\fICOMMAND\fP \[lB]\.\.\.\[rB]\[rB]
+.SH DESCRIPTION
+.PP
+Runs a \fBronin\-vulns\fR \fICOMMAND\fP\.
+.SH ARGUMENTS
+.TP
+\fICOMMAND\fP
+The \fBronin\-vulns\fR command to execute\.
+.SH OPTIONS
+.TP
+\fB\-V\fR, \fB\-\-version\fR
+Prints the \fBronin\-vulns\fR version and exits\.
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Print help information
+.SH COMMANDS
+.TP
+\fIcommand\-injection\fP, \fIcmdi\fP
+Scans URL(s) for Command Injection vulnerabilities\.
+.TP
+\fIcompletion\fP
+Manages the shell completion rules for \fBronin\-vulns\fR\.
+.TP
+\fIhelp\fP
+Lists available commands or shows help about a specific command\.
+.TP
+\fIirb\fP
+Starts an interactive Ruby shell with ronin\-vulns loaded\.
+.TP
+\fIlfi\fP
+Scans URL(s) for Local File Inclusion (LFI) vulnerabilities\.
+.TP
+\fIopen\-redirect\fP
+Scans URL(s) for Open Redirect vulnerabilities\.
+.TP
+\fIreflected\-xss\fP, \fIxss\fP
+Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities\.
+.TP
+\fIrfi\fP
+Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities\.
+.TP
+\fIscan\fP
+Scans URL(s) for web vulnerabilities\.
+.TP
+\fIsqli\fP
+Scans URL(s) for SQL injection (SQLi) vulnerabilities\.
+.TP
+\fIssti\fP
+Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities\.
+.SH AUTHOR
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.SH SEE ALSO
+.PP
+.BR ronin\-vulns\-command\-injection (1)
+.BR ronin\-vulns\-completion (1)
+.BR ronin\-vulns\-lfi (1)
+.BR ronin\-vulns\-open\-redirect (1)
+.BR ronin\-vulns\-reflected\-xss (1)
+.BR ronin\-vulns\-rfi (1)
+.BR ronin\-vulns\-scan (1)
+.BR ronin\-vulns\-sqli (1)
+.BR ronin\-vulns\-ssti (1)

data/man/ronin-vulns.1.md

@@ -0,0 +1,69 @@
+# ronin-vulns 1 "2024-01-01" Ronin Vulns "User Manuals"
+
+## NAME
+
+ronin-vulns - A library and tool that tests for various web vulnerabilities.
+
+## SYNOPSIS
+
+`ronin-vulns` [*options*] [*COMMAND* [...]]
+
+## DESCRIPTION
+
+Runs a `ronin-vulns` *COMMAND*.
+
+## ARGUMENTS
+
+*COMMAND*
+: The `ronin-vulns` command to execute.
+
+## OPTIONS
+
+`-V`, `--version`
+: Prints the `ronin-vulns` version and exits.
+
+`-h`, `--help`
+: Print help information
+
+## COMMANDS
+
+*command-injection*, *cmdi*
+: Scans URL(s) for Command Injection vulnerabilities.
+
+*completion*
+: Manages the shell completion rules for `ronin-vulns`.
+
+*help*
+: Lists available commands or shows help about a specific command.
+
+*irb*
+: Starts an interactive Ruby shell with ronin-vulns loaded.
+
+*lfi*
+: Scans URL(s) for Local File Inclusion (LFI) vulnerabilities.
+
+*open-redirect*
+: Scans URL(s) for Open Redirect vulnerabilities.
+
+*reflected-xss*, *xss*
+: Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities.
+
+*rfi*
+: Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities.
+
+*scan*
+: Scans URL(s) for web vulnerabilities.
+
+*sqli*
+: Scans URL(s) for SQL injection (SQLi) vulnerabilities.
+
+*ssti*
+: Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+[ronin-vulns-command-injection](ronin-vulns-command-injection.1.md) [ronin-vulns-completion](ronin-vulns-completion.1.md) [ronin-vulns-lfi](ronin-vulns-lfi.1.md) [ronin-vulns-open-redirect](ronin-vulns-open-redirect.1.md) [ronin-vulns-reflected-xss](ronin-vulns-reflected-xss.1.md) [ronin-vulns-rfi](ronin-vulns-rfi.1.md) [ronin-vulns-scan](ronin-vulns-scan.1.md) [ronin-vulns-sqli](ronin-vulns-sqli.1.md) [ronin-vulns-ssti](ronin-vulns-ssti.1.md) 

data/scripts/setup

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+#
+# Prints a log message.
+#
+function log()
+{
+	if [[ -t 1 ]]; then
+		echo -e "\x1b[1m\x1b[32m>>>\x1b[0m \x1b[1m$1\x1b[0m"
+	else
+		echo ">>> $1"
+	fi
+}
+
+#
+# Prints a warn message.
+#
+function warn()
+{
+	if [[ -t 1 ]]; then
+		echo -e "\x1b[1m\x1b[33m***\x1b[0m \x1b[1m$1\x1b[0m" >&2
+	else
+		echo "*** $1" >&2
+	fi
+}
+
+#
+# Prints an error message.
+#
+function error()
+{
+	if [[ -t 1 ]]; then
+		echo -e "\x1b[1m\x1b[31m!!!\x1b[0m \x1b[1m$1\x1b[0m" >&2
+	else
+		echo "!!! $1" >&2
+	fi
+}
+
+#
+# Prints an error message and exists with -1.
+#
+function fail()
+{
+	error "$@"
+	exit -1
+}
+
+# default to installing gems into vendor/bundle
+if [[ ! -f .bundle/config ]]; then
+	bundle config set --local path vendor/bundle >/dev/null || \
+	  fail "Failed to run 'bundle config'"
+fi
+
+log "Installing gems ..."
+bundle install || fail "Failed to run 'bundle install'!"
+
+log "Setting up the project ..."
+bundle exec rake setup || "Failed to run 'rake setup'!"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ronin-vulns
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.2.0.rc1
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-20 00:00:00.000000000 Z
+date: 2024-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ronin-support
@@ -36,14 +36,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: 0.2.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: 0.2.0.rc1
+- !ruby/object:Gem::Dependency
+  name: ronin-db
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0.rc1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0.rc1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -85,6 +99,7 @@ files:
 - README.md
 - Rakefile
 - bin/ronin-vulns
+- data/completions/ronin-vulns
 - data/rfi_test.asp
 - data/rfi_test.aspx
 - data/rfi_test.cfm
@@ -94,6 +109,9 @@ files:
 - gemspec.yml
 - lib/ronin/vulns/cli.rb
 - lib/ronin/vulns/cli/command.rb
+- lib/ronin/vulns/cli/commands/command_injection.rb
+- lib/ronin/vulns/cli/commands/completion.rb
+- lib/ronin/vulns/cli/commands/irb.rb
 - lib/ronin/vulns/cli/commands/lfi.rb
 - lib/ronin/vulns/cli/commands/open_redirect.rb
 - lib/ronin/vulns/cli/commands/reflected_xss.rb
@@ -101,8 +119,12 @@ files:
 - lib/ronin/vulns/cli/commands/scan.rb
 - lib/ronin/vulns/cli/commands/sqli.rb
 - lib/ronin/vulns/cli/commands/ssti.rb
-- lib/ronin/vulns/cli/logging.rb
+- lib/ronin/vulns/cli/importable.rb
+- lib/ronin/vulns/cli/printing.rb
+- lib/ronin/vulns/cli/ruby_shell.rb
 - lib/ronin/vulns/cli/web_vuln_command.rb
+- lib/ronin/vulns/command_injection.rb
+- lib/ronin/vulns/importer.rb
 - lib/ronin/vulns/lfi.rb
 - lib/ronin/vulns/lfi/test_file.rb
 - lib/ronin/vulns/open_redirect.rb
@@ -120,6 +142,12 @@ files:
 - lib/ronin/vulns/vuln.rb
 - lib/ronin/vulns/web_vuln.rb
 - lib/ronin/vulns/web_vuln/http_request.rb
+- man/ronin-vulns-command-injection.1
+- man/ronin-vulns-command-injection.1.md
+- man/ronin-vulns-completion.1
+- man/ronin-vulns-completion.1.md
+- man/ronin-vulns-irb.1
+- man/ronin-vulns-irb.1.md
 - man/ronin-vulns-lfi.1
 - man/ronin-vulns-lfi.1.md
 - man/ronin-vulns-open-redirect.1
@@ -134,7 +162,10 @@ files:
 - man/ronin-vulns-sqli.1.md
 - man/ronin-vulns-ssti.1
 - man/ronin-vulns-ssti.1.md
+- man/ronin-vulns.1
+- man/ronin-vulns.1.md
 - ronin-vulns.gemspec
+- scripts/setup
 homepage: https://ronin-rb.dev/
 licenses:
 - LGPL-3.0

data/lib/ronin/vulns/cli/logging.rb

@@ -1,81 +0,0 @@
-# frozen_string_literal: true
-#
-# ronin-vulns - A Ruby library for blind vulnerability testing.
-#
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# ronin-vulns is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License as published
-# by the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# ronin-vulns is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
-#
-
-require 'ronin/core/cli/logging'
-
-module Ronin
-  module Vulns
-    class CLI
-      #
-      # Mixin that adds methods for logging discovered web vulnerabilities.
-      #
-      module Logging
-        include Core::CLI::Logging
-
-        # Known vulnerability types and their printable names.
-        VULN_TYPES = {
-          open_redirect: 'Open Redirect',
-          reflected_xss: 'reflected XSS',
-
-          lfi:  'LFI',
-          rfi:  'RFI',
-          sqli: 'SQLi',
-          ssti: 'SSTI'
-        }
-
-        #
-        # Returns the printable vulnerability type for the vulnerability object.
-        #
-        # @param [Vuln] vuln
-        #
-        # @return [String]
-        #
-        def vuln_type(vuln)
-          VULN_TYPES.fetch(vuln.class.vuln_type,'vulnerability')
-        end
-
-        #
-        # Prints a web vulnerability.
-        #
-        # @param [WebVuln] vuln
-        #   The web vulnerability to print.
-        #
-        def log_vuln(vuln)
-          vuln_name = vuln_type(vuln)
-          location  = if vuln.query_param
-                        "query param '#{vuln.query_param}'"
-                      elsif vuln.header_name
-                        "Header '#{vuln.header_name}'"
-                      elsif vuln.cookie_param
-                        "Cookie param '#{vuln.cookie_param}'"
-                      elsif vuln.form_param
-                        "form param '#{vuln.form_param}'"
-                      end
-
-          if location
-            log_info "Found #{vuln_name} on #{vuln.url} via #{location}!"
-          else
-            log_info "Found #{vuln_name} on #{vuln.url}!"
-          end
-        end
-      end
-    end
-  end
-end