Added separate print_vuln and print_vulns methods.

* Added `CLI::Printing#print_vuln`.
* Added `CLI::Printing#print_vulns`.
* Refactored `WebVulnCommand` to collect all discovered web
  vulnerabilities and print them after scanning.
  * Override `WebVulnCommand#print_vuln` and `#print_vulns` to pass in the
    `--print-curl` and `--print-http` options.

lib/ronin/vulns/cli/printing.rb

@@ -20,6 +20,8 @@
 
 require 'ronin/core/cli/logging'
 
+require 'command_kit/printing/indent'
+
 module Ronin
   module Vulns
     class CLI
@@ -31,6 +33,7 @@ class CLI
       #
       module Printing
         include Core::CLI::Logging
+        include CommandKit::Printing::Indent
 
         # Known vulnerability types and their printable names.
         VULN_TYPES = {
@@ -102,6 +105,79 @@ def log_vuln(vuln)
             log_warn "Found #{vuln_type} on #{vuln.url}!"
           end
         end
+
+        #
+        # Prints detailed information about a discovered web vulnerability.
+        #
+        # @param [WebVuln] vuln
+        #   The web vulnerability to log.
+        #
+        # @param [Boolean] print_curl
+        #   Prints an example `curl` command to trigger the web vulnerability.
+        #
+        # @param [Boolean] print_http
+        #   Prints an example HTTP request to trigger the web vulnerability.
+        #
+        # @since 0.2.0
+        #
+        def print_vuln(vuln, print_curl: false, print_http: false)
+          vuln_type  = vuln_type(vuln)
+          param_type = vuln_param_type(vuln)
+          param_name = vuln_param_name(vuln)
+
+          if (param_type && param_name)
+            puts "#{colors.bold(colors.bright_red(vuln_type))} on #{colors.bold(colors.bright_white(vuln.url))} via #{colors.bold(colors.bright_white(param_type))} '#{colors.bold(colors.bright_red(param_name))}'"
+          else
+            puts "#{colors.bold(colors.red(vuln_type))} on #{colors.bold(colors.bright_white(vuln.url))}"
+          end
+
+          if print_curl || print_http
+            puts
+
+            if print_curl
+              puts "  #{vuln.to_curl}"
+              puts
+            end
+
+            if print_http
+              vuln.to_http.each_line(chomp: true) do |line|
+                puts "  #{line}"
+              end
+              puts
+            end
+          end
+        end
+
+        #
+        # Print a summary of all web vulnerabilities found.
+        #
+        # @param [Array<WebVuln>] vulns
+        #   The discovered web vulnerabilities.
+        #
+        # @param [Boolean] print_curl
+        #   Prints an example `curl` command to trigger the web vulnerability.
+        #
+        # @param [Boolean] print_http
+        #   Prints an example HTTP request to trigger the web vulnerability.
+        #
+        # @since 0.2.0
+        #
+        def print_vulns(vulns, print_curl: false, print_http: false)
+          if vulns.empty?
+            puts colors.green("No vulnerabilities found")
+          else
+            puts colors.bold(colors.bright_red('Vulnerabilities found!'))
+            puts
+
+            indent do
+              vulns.each do |vuln|
+                print_vuln(vuln, print_curl: print_curl,
+                                 print_http: print_http)
+              end
+            end
+            puts unless (print_curl || print_http)
+          end
+        end
       end
     end
   end

lib/ronin/vulns/cli/web_vuln_command.rb

@@ -24,6 +24,7 @@
 
 require 'ronin/support/network/http/cookie'
 require 'ronin/support/network/http/user_agents'
+require 'command_kit/printing/indent'
 
 require 'set'
 
@@ -35,6 +36,7 @@ class CLI
       #
       class WebVulnCommand < Command
 
+        include CommandKit::Printing::Indent
         include Printing
         include Importable
 
@@ -250,23 +252,66 @@ def run(*urls)
 
           db_connect if options[:import]
 
-          vulns_discovered = false
+          vulns = []
 
           if options[:input]
             File.open(options[:input]) do |file|
               file.each_line(chomp: true) do |url|
-                vulns_discovered ||= process_url(url)
+                process_url(url) do |vuln|
+                  vulns << vuln
+                end
               end
             end
           elsif !urls.empty?
             urls.each do |url|
-              vulns_discovered ||= process_url(url)
+              process_url(url) do |vuln|
+                vulns << vuln
+              end
             end
           end
 
-          unless vulns_discovered
-            puts colors.green("No vulnerabilities found")
-          end
+          puts unless vulns.empty?
+          print_vulns(vulns)
+        end
+
+        #
+        # Print a summary of all web vulnerabilities found.
+        #
+        # @param [Array<WebVuln>] vulns
+        #   The discovered web vulnerabilities.
+        #
+        # @param [Boolean] print_curl
+        #   Prints an example `curl` command to trigger the web vulnerability.
+        #
+        # @param [Boolean] print_http
+        #   Prints an example HTTP request to trigger the web vulnerability.
+        #
+        # @since 0.2.0
+        #
+        def print_vulns(vulns, print_curl: options[:print_curl],
+                               print_http: options[:print_http])
+          super(vulns, print_curl: print_curl,
+                       print_http: print_http)
+        end
+
+        #
+        # Prints detailed information about a discovered web vulnerability.
+        #
+        # @param [WebVuln] vuln
+        #   The web vulnerability to log.
+        #
+        # @param [Boolean] print_curl
+        #   Prints an example `curl` command to trigger the web vulnerability.
+        #
+        # @param [Boolean] print_http
+        #   Prints an example HTTP request to trigger the web vulnerability.
+        #
+        # @since 0.2.0
+        #
+        def print_vuln(vuln, print_curl: options[:print_curl],
+                             print_http: options[:print_http])
+          super(vuln, print_curl: print_curl,
+                      print_http: print_http)
         end
 
         #
@@ -275,32 +320,30 @@ def run(*urls)
         # @param [String] url
         #   A URL to scan.
         #
-        # @return [Boolean]
-        #   Indicates whether a vulnerability was discovered in the URL.
+        # @yield [vuln]
+        #   The given block will be passed each newly discovered web
+        #   vulnerability.
+        #
+        # @yieldparam [WebVuln] vuln
+        #   A newly discovered web vulnerability.
         #
         def process_url(url)
           unless url.start_with?('http://') || url.start_with?('https://')
             print_error("URL must start with http:// or https://: #{url.inspect}")
             exit(-1)
           end
 
-          vuln_discovered = false
-
           if @scan_mode == :first
             if (first_vuln = test_url(url))
               process_vuln(first_vuln)
-
-              vuln_discovered = true
+              yield first_vuln
             end
           else
             scan_url(url) do |vuln|
               process_vuln(vuln)
-
-              vuln_discovered = true
+              yield vuln
             end
           end
-
-          return vuln_discovered
         end
 
         #
@@ -316,30 +359,6 @@ def process_vuln(vuln)
           import_vuln(vuln) if options[:import]
         end
 
-        #
-        # Logs a discovered web vulnerability.
-        #
-        # @param [WebVuln] vuln
-        #   The discovered web vulnerability.
-        #
-        # @since 0.2.0
-        #
-        def log_vuln(vuln)
-          super(vuln)
-
-          if options[:print_curl]
-            puts
-            puts "    #{vuln.to_curl}"
-            puts
-          elsif options[:print_http]
-            puts
-            vuln.to_http.each_line do |line|
-              puts "    #{line}"
-            end
-            puts
-          end
-        end
-
         #
         # The HTTP request method to use.
         #