Improve auxiliary check code messages

2026-04-15 11:57:01 +01:00
parent 3106aef203
commit 31ef5e03b5
78 changed files with 221 additions and 220 deletions
@@ -101,9 +101,9 @@ class MetasploitModule < Msf::Auxiliary
      fail_with(Failure::UnexpectedReply, windows_error)
    end

-    return Exploit::CheckCode::Detected unless status == 0
+    return Exploit::CheckCode::Detected('Target responded but Zerologon exploit did not succeed') unless status == 0

-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('Zerologon authentication bypass succeeded')
  end

  def run
@@ -56,14 +56,14 @@ class MetasploitModule < Msf::Auxiliary
        }
      })
    rescue StandardError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to connect to the target')
    end

    if (res.code == 200) && res.body.include?('"Description":"iLO User Accounts"')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Authentication bypass returned iLO User Accounts')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Authentication bypass did not return account data')
  end

  def run
@@ -143,7 +143,7 @@ class MetasploitModule < Msf::Auxiliary
      return Exploit::CheckCode::Appears('Password reset was successful, target is vulnerable')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Password reset status could not be determined')
  end

  def decode_url(encoded_string)
@@ -77,7 +77,7 @@ class MetasploitModule < Msf::Auxiliary
    j = JSON.parse(res.body)

    # Tested against vulnerable FortiWeb versions 8.0.1, 7.4.8, 6.4.3, and 6.3.9
-    return Exploit::CheckCode::Appears if j.dig('results', 'errcode') == -56
+    return Exploit::CheckCode::Appears('Authentication bypass succeeded on FortiWeb') if j.dig('results', 'errcode') == -56

    Exploit::CheckCode::Unknown('Unexpected JSON results')
  rescue JSON::ParserError
@@ -118,9 +118,9 @@ class MetasploitModule < Msf::Auxiliary
      user_array.each do |user|
        print_status("USERNAME:#{user&.at_css('userName')&.content} | ID:#{user&.at_css('id')&.content} | ROLE:#{user&.at_css('userLevel')&.content}")
      end
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Unauthenticated access to user credentials succeeded')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("Target returned HTTP #{res.code}")
    end
  end

@@ -75,10 +75,10 @@ class MetasploitModule < Msf::Auxiliary
      }
    })
    if res && (res.code == 302)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('IBM DRM web interface detected')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine if target is IBM DRM')
  end

  def create_session_id
@@ -47,19 +47,19 @@ class MetasploitModule < Msf::Auxiliary
        'uri' => normalize_uri(target_uri.path, 'api/util/configUI')
      })
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection failed')
    end

-    return Exploit::CheckCode::Unknown unless res&.code == 401
+    return Exploit::CheckCode::Unknown('Target did not return HTTP 401') unless res&.code == 401

    data = res.get_json_document
    version = data['Version']
-    return Exploit::CheckCode::Unknown if version.nil?
+    return Exploit::CheckCode::Unknown('Could not determine IDSecure version') if version.nil?

    print_status('Got version: ' + version)
-    return Exploit::CheckCode::Safe unless Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')
+    return Exploit::CheckCode::Safe("IDSecure version #{version} is not vulnerable") unless Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')

-    return Exploit::CheckCode::Appears
+    return Exploit::CheckCode::Appears("IDSecure version #{version} is vulnerable")
  end

  def run
@@ -58,16 +58,16 @@ class MetasploitModule < Msf::Auxiliary

    if res && (m = res.headers['Server'].match(%r{Boa/(.*)}))
      vprint_status("Boa Version Detected: #{m[1]}")
-      return Exploit::CheckCode::Safe if (m[1][0].ord - 48 > 0) # boa server wrong version
-      return Exploit::CheckCode::Safe if (m[1][3].ord - 48 > 4)
+      return Exploit::CheckCode::Safe("Boa version #{m[1]} is not vulnerable") if (m[1][0].ord - 48 > 0) # boa server wrong version
+      return Exploit::CheckCode::Safe("Boa version #{m[1]} is not vulnerable") if (m[1][3].ord - 48 > 4)

-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable("Boa version #{m[1]} is vulnerable")
    end

    return Exploit::CheckCode::Safe('Not a Boa Server!')
  rescue Rex::ConnectionRefused
    print_error('Connection refused by server.')
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Connection refused by server')
  end

  def run
@@ -61,10 +61,10 @@ class MetasploitModule < Msf::Auxiliary
      version = match[1]
      return Exploit::CheckCode::Appears("Version: #{version}") if Rex::Version.new(version) <= Rex::Version.new('22.7R1')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not detect Ivanti vTM version')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Ivanti vTM version is not vulnerable')
  end

  def run
@@ -52,28 +52,28 @@ class MetasploitModule < Msf::Auxiliary

    unless res
      vprint_error('Unable to connect to target')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to connect to target')
    end

    unless joomla_and_online?
      vprint_error('Unable to detect Joomla')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be Joomla')
    end

    version = Rex::Version.new(joomla_version)

    unless version
      vprint_error('Unable to detect Joomla version')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Joomla detected but version could not be determined')
    end

    vprint_status("Detected Joomla version #{version}")

    if version.between?(Rex::Version.new('3.4.4'), Rex::Version.new('3.6.3'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Joomla #{version} is in the vulnerable range 3.4.4-3.6.3")
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe("Joomla #{version} is not in the vulnerable range")
  end

  def get_csrf(hidden_fields)
@@ -211,11 +211,11 @@ class MetasploitModule < Msf::Auxiliary
    version = get_version
    case version
    when 0..7104
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("ManageEngine PMP build #{version} is in the vulnerable range")
    when 7105..9998
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("ManageEngine PMP build #{version} is patched")
    else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown("ManageEngine PMP build #{version} could not be assessed")
    end
  end

@@ -52,14 +52,14 @@ class MetasploitModule < Msf::Auxiliary

    if res && res.body && res.body.include?('Powered by <a href="http://www.mantisbt.org" title="bug tracking software">MantisBT')
      vprint_status('MantisBT detected')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('MantisBT detected')
    else
      vprint_status('Not a MantisBT Instance!')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be MantisBT')
    end
  rescue Rex::ConnectionRefused
    print_error('Connection refused by server.')
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Connection refused by server')
  end

  def run
@@ -94,13 +94,13 @@ class MetasploitModule < Msf::Auxiliary
    # Check version is vulnerable
    print_status("Target is a #{model_name} router running firmware version #{major_version}_#{minor_version}")
    if (Rex::Version.new(major_version) >= Rex::Version.new('1.2.0.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.2.0.88'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
    elsif (Rex::Version.new(major_version) >= Rex::Version.new('1.0.1.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.0.1.80'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
    elsif (Rex::Version.new(major_version) >= Rex::Version.new('1.1.0.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.1.0.110')) # Need more work on this as this isn't a good check for affected versions and may overlap with patched versions.
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
    elsif (Rex::Version.new(major_version) >= Rex::Version.new('1.1.0.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.1.0.84')) # Need more work on this to make sure we apply this to the correct systems.
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
    else
      return Exploit::CheckCode::Safe('Not a vulnerable router version!')
    end
@@ -104,9 +104,9 @@ class MetasploitModule < Msf::Auxiliary
    target_version = retrieve_version
    print_status("Target is running firmware version #{target_version}")
    if (target_version < Rex::Version.new('1.0.4.94')) && (target_version >= Rex::Version.new('1.0.2.62'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("NETGEAR R6700 firmware #{target_version} is in the vulnerable range")
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("NETGEAR R6700 firmware #{target_version} is not vulnerable")
    end
  end

@@ -102,13 +102,13 @@ class MetasploitModule < Msf::Auxiliary
      model = scrape(data, marker_one, marker_two)
      print_status("Router is a NETGEAR router (#{model})")
      if model == 'R7000' && check_vuln_firmware
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('NETGEAR R7000 with vulnerable firmware')
      end

    else
      print_error('Router is not a NETGEAR router')
    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Target does not appear to be a vulnerable NETGEAR router')
  end

  def fake_logins_to_ease_heap
@@ -66,23 +66,23 @@ class MetasploitModule < Msf::Auxiliary
  def check
    res = send_request_cgi({ 'uri' => postfixadmin_url_login, 'method' => 'GET' })

-    return Exploit::CheckCode::Unknown unless res
+    return Exploit::CheckCode::Unknown('No response received from the target') unless res

-    return Exploit::CheckCode::Safe if res.code != 200
+    return Exploit::CheckCode::Safe('Target did not return a 200 response') if res.code != 200

    if res.body =~ /<div id="footer".*Postfix Admin/m
      version = res.body.match(%r{<div id="footer"[^<]*<a[^<]*Postfix\s*Admin\s*([^<]*)</}mi)
-      return Exploit::CheckCode::Detected unless version
+      return Exploit::CheckCode::Detected('Postfix Admin detected but version could not be determined') unless version
      if Rex::Version.new('2.91') > Rex::Version.new(version[1])
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected("Postfix Admin #{version[1]} is older than the vulnerable range")
      elsif Rex::Version.new('3.0.1') < Rex::Version.new(version[1])
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected("Postfix Admin #{version[1]} is newer than the vulnerable range")
      end

-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Postfix Admin #{version[1]} is in the vulnerable range 2.91-3.0.1")
    end

-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not identify Postfix Admin on the target')
  end

  def run
@@ -59,21 +59,21 @@ class MetasploitModule < Msf::Auxiliary

      if web_version.nil?
        print_error("#{peer} - Could not connect to web service - no response or non-200 HTTP code")
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Could not connect to web service')
      end

      if web_version && Rex::Version.new(web_version) <= Rex::Version.new('5.6')
        vprint_good("Web Interface Version Detected: #{web_version}")
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("Pi-hole web interface version #{web_version} is vulnerable")
      else
        vprint_bad("Web Interface Version Detected: #{web_version}")
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("Pi-hole web interface version #{web_version} is not vulnerable")
      end
    rescue ::Rex::ConnectionError
      print_error("#{peer} - Could not connect to the web service")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not connect to the web service')
    end
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be Pi-hole')
  end

  def validate_command
@@ -151,7 +151,7 @@ class MetasploitModule < Msf::Auxiliary
      return Exploit::CheckCode::Appears("Successfully read file #{datastore['FILENAME']}")
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target did not return a valid Ghostcat response')
  rescue StandardError => e
    Exploit::CheckCode::Unknown(e.message)
  end
@@ -51,21 +51,21 @@ class MetasploitModule < Msf::Auxiliary
      'uri' => normalize_uri(target_uri.path, 'NmConsole/app.json')
    })

-    return Exploit::CheckCode::Unknown unless res && res.code == 200
+    return Exploit::CheckCode::Unknown('No response or unexpected HTTP status') unless res && res.code == 200

    data = res.get_json_document
    data_js = data['js']
    version_path = data_js.find { |item| item['path'] =~ /app-/ }['path']
    version = version_path[/app-(.*)\.js/, 1]
    if version.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine WhatsUp Gold version')
    else
      vprint_status('Version retrieved: ' + version)
    end

    return Exploit::CheckCode::Appears("Version: #{version}") if Rex::Version.new(version) <= Rex::Version.new('23.1.3')

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe("WhatsUp Gold version #{version} is not vulnerable")
  end

  def run
@@ -59,9 +59,9 @@ class MetasploitModule < Msf::Auxiliary
    # check_plugin_version_from_readme('wp-automatic', '3.53.3')

    if set_wp_option(Rex::Text.rand_text_numeric(8..20), Rex::Text.rand_text_numeric(8..20))
-      checkcode = Exploit::CheckCode::Vulnerable
+      checkcode = Exploit::CheckCode::Vulnerable('SQL injection via WP Automatic plugin confirmed')
    else
-      checkcode = Exploit::CheckCode::Safe
+      checkcode = Exploit::CheckCode::Safe('WP Automatic plugin is not vulnerable')
      print_error('Automatic not a vulnerable version')
    end
    checkcode
@@ -59,10 +59,10 @@ class MetasploitModule < Msf::Auxiliary
  def check
    mynum = Rex::Text.rand_text_numeric(8..20).to_s
    body = send_sql_request(mynum)
-    return Exploit::CheckCode::Unknown if body.nil?
+    return Exploit::CheckCode::Unknown('No response from target') if body.nil?
    return Exploit::CheckCode::Vulnerable if body.include?(mynum)

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('SQL injection test did not return expected result')
  end

  def run
@@ -105,7 +105,7 @@ class MetasploitModule < Msf::Auxiliary
      end
      @ldap = ldap

-      return Exploit::CheckCode::Safe unless windows_version_vulnerable?
+      return Exploit::CheckCode::Safe('Target Windows version is not vulnerable to BadSuccessor') unless windows_version_vulnerable?

      ous = get_ous_we_can_write_to
      if ous.blank?
@@ -117,7 +117,7 @@ class MetasploitModule < Msf::Auxiliary
        print_good(" - #{ou}")
      end

-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears('Writable Organizational Units found, target appears vulnerable to BadSuccessor')
    end
  rescue Errno::ECONNRESET
    fail_with(Failure::Disconnected, 'The connection was reset.')
@@ -112,16 +112,16 @@ class MetasploitModule < Msf::Auxiliary
      vers_string = retrieve_asa_version
    rescue ::StandardError
      print_error('Error: Unable to retrieve version information')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to retrieve version information')
    end

    if @offsets[vers_string]
      print_good("Payload for Cisco ASA version #{vers_string} available!")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Cisco ASA version #{vers_string} has an available payload")
    end

    print_warning("Received Cisco ASA version #{vers_string}, but no payload available")
-    return Exploit::CheckCode::Detected
+    return Exploit::CheckCode::Detected("Cisco ASA version #{vers_string} detected but no payload available")
  end

  def build_payload(vers_string, mode)
@@ -149,11 +149,11 @@ class MetasploitModule < Msf::Auxiliary
    res = add_admin_account('test', 'test')

    if res == :success || res == :user_already_exists || res == :weak_password
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('Authentication bypass succeeded on DCNM REST API')
    elsif res == :failed_to_connect
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Unknown('Failed to connect to the target or determine vulnerability status')
    else
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Unknown('Could not determine vulnerability status')
    end
  end

@@ -55,7 +55,7 @@ class MetasploitModule < Msf::Auxiliary
      connect
    rescue Rex::ConnectionTimeout
      print_error("Connection to #{datastore['RHOSTS']}:#{datastore['RPORT']} failed.")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
    end

    vprint_status('Sending handshake...')
@@ -70,12 +70,12 @@ class MetasploitModule < Msf::Auxiliary
      vprint_status('Received handshake response.')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
    elsif res
      vprint_status('Received unexpected handshake response:')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
    else
      disconnect
      return Exploit::CheckCode::Unknown('No handshake response received.')
@@ -56,7 +56,7 @@ class MetasploitModule < Msf::Auxiliary
      connect
    rescue Rex::ConnectionTimeout => e
      print_error("Connection to #{datastore['RHOSTS']}:#{datastore['RPORT']} failed: #{e.message}")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
    end

    vprint_status('Sending handshake...')
@@ -71,12 +71,12 @@ class MetasploitModule < Msf::Auxiliary
      vprint_status('Received handshake response.')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
    elsif res
      vprint_status('Received unexpected handshake response:')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
    else
      disconnect
      return Exploit::CheckCode::Unknown('No handshake response received.')
@@ -56,7 +56,7 @@ class MetasploitModule < Msf::Auxiliary
      connect
    rescue Rex::ConnectionTimeout
      print_error("Connection to #{datastore['RHOSTS']}:#{datastore['RPORT']} failed.")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
    end

    vprint_status('Sending handshake...')
@@ -71,12 +71,12 @@ class MetasploitModule < Msf::Auxiliary
      vprint_status('Received handshake response.')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
    elsif res
      vprint_status('Received unexpected handshake response:')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
    else
      disconnect
      return Exploit::CheckCode::Unknown('No handshake response received.')
@@ -63,14 +63,15 @@ class MetasploitModule < Msf::Auxiliary
      }
    )

-    return Exploit::CheckCode::Safe unless res&.code == 200
-    return Exploit::CheckCode::Safe unless res.headers['Content-Type'].strip.start_with?('text/xml')
+    return Exploit::CheckCode::Unknown('No response received from target') if res.nil?
+    return Exploit::CheckCode::Safe('Unexpected HTTP status') unless res.code == 200
+    return Exploit::CheckCode::Safe('Response is not XML') unless res.headers['Content-Type'].to_s.strip.start_with?('text/xml')

    xml = res.get_xml_document
-    return Exploit::CheckCode::Safe unless xml.namespaces['xmlns:wsdl'] == 'http://schemas.xmlsoap.org/wsdl/'
-    return Exploit::CheckCode::Safe if xml.xpath("//wsdl:definitions/wsdl:service[@name='CTCWebService']").empty?
+    return Exploit::CheckCode::Safe('Response does not contain WSDL namespace') unless xml.namespaces['xmlns:wsdl'] == 'http://schemas.xmlsoap.org/wsdl/'
+    return Exploit::CheckCode::Safe('CTCWebService not found in WSDL') if xml.xpath("//wsdl:definitions/wsdl:service[@name='CTCWebService']").empty?

-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('SAP NetWeaver CTCWebService WSDL endpoint is accessible')
  end

  def run
@@ -100,10 +100,10 @@ class MetasploitModule < Msf::Auxiliary
    data = do_sqli(injection, mark)

    if data.nil?
-      return Msf::Exploit::CheckCode::Safe
+      return Msf::Exploit::CheckCode::Safe('Could not retrieve data from Advantech WebAccess')
    end

-    Msf::Exploit::CheckCode::Vulnerable
+    Msf::Exploit::CheckCode::Vulnerable('SQL injection via DBVisitor.asp confirmed')
  end

  def parse_users(xml, mark, separator)
@@ -77,17 +77,17 @@ class MetasploitModule < Msf::Auxiliary
      disconnect
    else
      vprint_error "#{ip}:#{rport} - FTP - Cannot connect, skipping"
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to connect via FTP')
    end

    if is_modicon
      vprint_status "#{ip}:#{rport} - FTP - Matches Modicon fingerprint"
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner matches Modicon fingerprint')
    end

    vprint_error "#{ip}:#{rport} - FTP - Skipping due to fingerprint mismatch"

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Modicon fingerprint')
  end

  def run
@@ -222,19 +222,19 @@ class MetasploitModule < Msf::Auxiliary

    unless response
      vprint_error('Unknown response')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response from target')
    end

    # A valid response is 24 bytes, starts with 0x81, and contains the values
    # 0x00, 0x90, 0xe8 (the Moxa OIU) in bytes 14, 15, and 16.
    if response[0] == "\x81" && response[14..16] == "\x00\x90\xe8" && response.length == 24
      format_output(response)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Moxa device detected via proprietary protocol')
    end

    cleanup

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be a Moxa device')
  end

  def run
@@ -64,19 +64,19 @@ class MetasploitModule < Msf::Auxiliary
        'uri' => normalize_uri(target_uri.path, 'assets/index-DBkpc6FO.js')
      })
    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to connect to the target')
    end

    if res.to_s =~ /const S="([^"]+)"/
      version = ::Regexp.last_match(1)
      vprint_status('Version retrieved: ' + version)
      if Rex::Version.new(version) <= Rex::Version.new('1.3')
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("myPRO Manager version #{version} is vulnerable")
      end

-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("myPRO Manager version #{version} is not vulnerable")
    end
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine myPRO Manager version')
  end

  def run
@@ -65,7 +65,7 @@ class MetasploitModule < Msf::Auxiliary
      return Exploit::CheckCode::Detected('Wemo device detected, but it is not a Crock-Pot')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be a Wemo device')
  end

  def run
@@ -43,14 +43,14 @@ class MetasploitModule < Msf::Auxiliary
    begin
      if !connect_login
        print_error('Connection refused.')
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Failed to connect or authenticate via FTP')
      end
    rescue Rex::ConnectionRefused
      print_error('Connection refused.')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection refused by the target')
    rescue Rex::ConnectionTimeout
      print_error('Connection timed out')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
    end
    s = ''
    loop do
@@ -62,15 +62,15 @@ class MetasploitModule < Msf::Auxiliary
    # check if version was found
    if s !~ /vsFTPd \d+\.\d+\.\d+/
      print_error('Did not find FTP version in FTP session.')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine vsFTPd version')
    end

    # pull out version and check if its in range of vulnerability
    version = s[/\d+\.\d+\.\d+/]
    if Rex::Version.new(version) < Rex::Version.new('2.3.3')
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears("vsFTPd #{version} is older than the patched version 2.3.3")
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe("vsFTPd #{version} is not vulnerable")
    end
  end

@@ -48,16 +48,16 @@ class MetasploitModule < Msf::Auxiliary
    sock.put("GET / HTTP/1.0\r\n\r\n")
    res = sock.get
    if res && res.include?('Flexense HTTP Server v10.6.24')
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears('Flexense HTTP Server v10.6.24 detected')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('Target does not appear to be Flexense HTTP Server v10.6.24')
    end
  rescue Rex::ConnectionRefused
    print_error('Target refused the connection')
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Target refused the connection')
  rescue StandardError
    print_error('Target did not respond to HTTP request')
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Target did not respond to HTTP request')
  end

  def run
@@ -163,16 +163,16 @@ class MetasploitModule < Msf::Auxiliary

        target_uri.path = uri # Needed for the DoS attack

-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('Target returned expected vulnerable response to range header')
      elsif res && res.body.include?('The request has an invalid header name')
        vprint_status("#{vmessage} [#{res.code}] - Safe")

-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe('Target rejected the range header')
      else
        vprint_status("#{vmessage} - Unknown")
      end
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine vulnerability status')
  end
 end
@@ -50,17 +50,17 @@ class MetasploitModule < Msf::Auxiliary
  def check
    # http://blog.nodejs.org/2013/08/21/node-v0-10-17-stable/
    # check if we are < 0.10.17 by seeing if a malformed HTTP request is accepted
-    status = Exploit::CheckCode::Safe
+    status = Exploit::CheckCode::Safe('Target does not appear to be a vulnerable Node.js server')
    connect
    sock.put(http_request('GEM'))
    begin
      response = sock.get_once
-      status = Exploit::CheckCode::Appears if response =~ /HTTP/
+      status = Exploit::CheckCode::Appears('Node.js accepted a malformed HTTP method, likely < 0.10.17') if response =~ /HTTP/
    rescue EOFError
      # checking against >= 0.10.17 raises EOFError because there is no
      # response to GEM requests
      vprint_error('Failed to determine the vulnerable state due to an EOFError (no response)')
-      return Msf::Exploit::CheckCode::Unknown
+      return Msf::Exploit::CheckCode::Unknown('No response to malformed HTTP request')
    ensure
      disconnect
    end
@@ -142,7 +142,7 @@ class MetasploitModule < Msf::Auxiliary

    unless res && res[0].length > 63 && res[0][0, 2] == "\x63\x00"
      print_error 'EtherNet/IP Packet Not Valid'
-      return Exploit::CheckCode::Unsupported
+      return Exploit::CheckCode::Unsupported('Target did not return a valid EtherNet/IP response')
    end

    res[0][54, 2]
@@ -154,20 +154,20 @@ class MetasploitModule < Msf::Auxiliary
    array = product_name.split(' ')
    plc_model = array[0]

-    return Exploit::CheckCode::Safe unless VULN_LIST.any? { |e| plc_model.include? e }
+    return Exploit::CheckCode::Safe("PLC model #{plc_model} is not in the vulnerable list") unless VULN_LIST.any? { |e| plc_model.include? e }

    firmware = array[1]
    begin
      firmware_nbr = firmware.scan(/(\d+[.,]\d+)/).flatten.first.to_f
      if firmware_nbr >= VULN_FW_VERSION_MIN && firmware_nbr < VULN_FW_VERSION_MAX
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable("#{plc_model} firmware #{firmware_nbr} is in the vulnerable range")
      elsif firmware_nbr < VULN_FW_VERSION_MIN
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("#{plc_model} firmware #{firmware_nbr} may be vulnerable")
      else
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("#{plc_model} firmware #{firmware_nbr} is patched")
      end
    rescue StandardError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not parse firmware version')
    end
  rescue Rex::AddressInUse, ::Errno::ETIMEDOUT, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError => e
    elog(e)
@@ -223,7 +223,7 @@ class MetasploitModule < Msf::Auxiliary
    end

    vprint_status('Target seems to be a Cisco camera')
-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears('Target appears to be a Cisco PVC2300 camera')
  end

  def run
@@ -114,10 +114,10 @@ class MetasploitModule < Msf::Auxiliary

  def check
    if check_cf
-      return Msf::Exploit::CheckCode::Vulnerable
+      return Msf::Exploit::CheckCode::Vulnerable('ColdFusion password.properties file is accessible')
    end

-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('ColdFusion password.properties file is not accessible')
  end

  def check_cf
@@ -54,7 +54,7 @@ class MetasploitModule < Msf::Auxiliary
    })

    if res.nil?
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Unknown('No response received from the target')
    elsif res.code == 302

      id_url = res.redirection.to_s[%r{assets/app/(\w+)/services/#{class_file}}, 1]
@@ -66,12 +66,12 @@ class MetasploitModule < Msf::Auxiliary

      if res.code == 200 && res.headers['Content-Type'] =~ %r{application/java.*}
        print_good("Java file leak at #{rhost}:#{rport}#{normalized_url}")
-        Exploit::CheckCode::Vulnerable
+        Exploit::CheckCode::Vulnerable("Java class file leaked at #{normalized_url}")
      else
-        Exploit::CheckCode::Safe
+        Exploit::CheckCode::Safe('Redirected but class file not accessible')
      end
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe("Unexpected HTTP response code: #{res.code}")
    end
  end

@@ -106,18 +106,18 @@ class MetasploitModule < Msf::Auxiliary

    unless res
      vprint_status("Connection timed out")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
    end

    if drupal_with_openid?(res, signature)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Drupal with OpenID module detected')
    end

    if generated_with_drupal?(res)
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Drupal detected but OpenID module not found')
    end

-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine if target is Drupal')
  end

  def run
@@ -74,9 +74,9 @@ class MetasploitModule < Msf::Auxiliary
    test_string = Rex::Text.rand_text_alphanumeric(encoded_swf.length)
    io = URI.parse(exploit_url(test_string)).open
    if io.read.start_with? test_string
-      Msf::Exploit::CheckCode::Vulnerable
+      Msf::Exploit::CheckCode::Vulnerable('JSONP endpoint reflects callback with sufficient length')
    else
-      Msf::Exploit::CheckCode::Safe
+      Msf::Exploit::CheckCode::Safe('JSONP endpoint does not reflect callback as expected')
    end
  end

@@ -312,11 +312,11 @@ class MetasploitModule < Msf::Auxiliary
    res = get_info(uri)

    if res.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response received from the target')
    elsif res.code == 200
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Unauthenticated access to system time endpoint succeeded')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("System time endpoint returned HTTP #{res.code}")
    end
  end

@@ -83,10 +83,10 @@ class MetasploitModule < Msf::Auxiliary
    # Default version is vulnerable, but can be mitigated by refusing anonymous permission on
    # decryption API. So a version wouldn't be adequate to check.
    if version
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Jenkins detected')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be Jenkins')
  end

  # Returns all the found Jenkins accounts of a specific domain. The accounts collected only
@@ -70,12 +70,12 @@ class MetasploitModule < Msf::Auxiliary

    if version == Rex::Version.new('9.4.37.v20210219') || version == Rex::Version.new('9.4.38.v20210224')
      print_good("#{version} vulnerable to CVE-2021-28164")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("Jetty #{version} vulnerable to CVE-2021-28164")
    elsif version.between?(Rex::Version.new('9.4.37'), Rex::Version.new('9.4.43')) ||
          version.between?(Rex::Version.new('10.0.1'), Rex::Version.new('10.0.6')) ||
          version.between?(Rex::Version.new('11.0.1'), Rex::Version.new('11.0.6'))
      print_good("#{version} vulnerable to CVE-2021-34429")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Jetty #{version} vulnerable to CVE-2021-34429")
    end

    Exploit::CheckCode::Safe('Server not vulnerable')
@@ -57,9 +57,9 @@ class MetasploitModule < Msf::Auxiliary
    res = sqli(payload)

    if res && res.code == 500 && res.body =~ /#{lmark}#{flag}#{rmark}/
-      Msf::Exploit::CheckCode::Vulnerable
+      Msf::Exploit::CheckCode::Vulnerable('SQL injection confirmed via contenthistory parameter')
    else
-      Msf::Exploit::CheckCode::Safe
+      Msf::Exploit::CheckCode::Safe('SQL injection test did not succeed')
    end
  end

@@ -61,22 +61,22 @@ class MetasploitModule < Msf::Auxiliary
    })

    if !resp or !resp.body
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Unknown('No response received from the target')
    end

    if resp.body =~ /404<\/span> Category not found/
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Joomla detected but com_weblinks component not found')
    end

    version = /#{front_marker}(.*)#{back_marker}/.match(resp.body)

    if !version
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not determine Joomla version')
    end

    version = version[1].gsub(front_marker, '').gsub(back_marker, '')
    print_good("Fingerprinted: #{version}")
-    return Exploit::CheckCode::Vulnerable
+    return Exploit::CheckCode::Vulnerable("Joomla #{version} is vulnerable to com_weblinks SQLi")
  end

  def run
@@ -62,7 +62,7 @@ class MetasploitModule < Msf::Auxiliary

    if res.code == 200 && !res.body.include?('Microweber')
      print_error 'Microweber CMS has not been detected.'
-      Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be running Microweber CMS')
    end

    if res.code != 200
@@ -81,22 +81,22 @@ class MetasploitModule < Msf::Auxiliary
      major, minor, build = res_body[/Version:\s+(\d+\.\d+\.\d+)/].gsub(/Version:\s+/, '').split('.')
      version = Rex::Version.new("#{major}.#{minor}.#{build}")
    rescue NoMethodError, TypeError
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Unknown('Could not extract Microweber version')
    end

    if version == Rex::Version.new('1.2.10')
      print_good 'Microweber version ' + version.to_s
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Microweber version #{version} is vulnerable")
    end

    print_error 'Microweber version ' + version.to_s

    if version < Rex::Version.new('1.2.10')
      print_warning 'The versions that are older than 1.2.10 have not been tested. You can follow the exploitation steps of the official vulnerability report.'
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown("Microweber version #{version} has not been tested")
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("Microweber version #{version} is not vulnerable")
  end

  def try_login
@@ -51,7 +51,7 @@ class MetasploitModule < Msf::Auxiliary
      )

      if res.nil? || res.code != 200
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('No response or unexpected HTTP status code')
      end

      # Check PhP
@@ -73,12 +73,12 @@ class MetasploitModule < Msf::Auxiliary
      # Check forum MyBB
      if res.body.match("&#077;&#089;&#066;&#066;")
        print_good("MyBB forum found running on #{web_server} / #{php_version}")
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('MyBB forum detected')
      else
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Target does not appear to be a MyBB forum')
      end
    rescue
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('An error occurred during the check')
    end
  end

@@ -126,10 +126,10 @@ class MetasploitModule < Msf::Auxiliary
      marker_two = "\""
      model = data[/#{marker_one}(.*?)#{marker_two}/m, 1]
      print_good("Router is a NETGEAR router (#{model})")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Target is a NETGEAR router')
    else
      print_error('Router is not a NETGEAR router')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target is not a NETGEAR router')
    end
  end
 end
@@ -85,9 +85,9 @@ class MetasploitModule < Msf::Auxiliary
    })

    if res && res.body.include?('AdfLoopbackUtils.runLoopback')
-      Exploit::CheckCode::Detected
+      Exploit::CheckCode::Detected('Oracle ADF Faces endpoint detected')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('Target does not appear to be Oracle ADF Faces')
    end
  end

@@ -65,7 +65,7 @@ class MetasploitModule < Msf::Auxiliary
      end

    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Target does not appear to be Sante PACS Server')
  end

  def run
@@ -205,9 +205,9 @@ class MetasploitModule < Msf::Auxiliary
      res.get_cookies.empty? # no Set-Cookie header means the session cookie is valid
    end
    if @sqli.test_vulnerable
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('SQL injection in bauth cookie confirmed')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('SQL injection test did not succeed')
    end
  end

@@ -74,12 +74,12 @@ class MetasploitModule < Msf::Auxiliary
      vprint_status("QNAP #{info[0]} #{info[1..-1].join('-')} detected")

      if Rex::Version.new(info[1]) < Rex::Version.new('4.2.3')
-        Exploit::CheckCode::Appears
+        Exploit::CheckCode::Appears("QNAP #{info[0]} version #{info[1]} is older than the patched version 4.2.3")
      else
-        Exploit::CheckCode::Detected
+        Exploit::CheckCode::Detected("QNAP #{info[0]} version #{info[1]} detected but not confirmed vulnerable")
      end
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('Target does not appear to be a QNAP device')
    end
  end

@@ -68,7 +68,7 @@ class MetasploitModule < Msf::Auxiliary
    )

    unless res && res.code == 200 && (xml = res.get_xml_document)
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be a QNAP device')
    end

    info = %w[modelName version build patch].map do |node|
@@ -77,9 +77,9 @@ class MetasploitModule < Msf::Auxiliary

    vprint_status("QNAP #{info[0]} #{info[1..].join('-')} detected")

-    return Exploit::CheckCode::Appears if info[2].to_i < 20191206
+    return Exploit::CheckCode::Appears("QNAP #{info[0]} build #{info[2]} is older than the patched build 20191206") if info[2].to_i < 20191206

-    Exploit::CheckCode::Detected
+    Exploit::CheckCode::Detected("QNAP #{info[0]} #{info[1..].join('-')} detected, but build is not confirmed vulnerable")
  end

  def run
@@ -64,7 +64,7 @@ class MetasploitModule < Msf::Auxiliary
    # Check if target file is absolute path
    unless datastore['TARGET_FILE'].start_with? '/'
      vprint_error "TARGET_FILE must be an absolute path (eg. /etc/passwd)."
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('TARGET_FILE must be an absolute path')
    end

    # Fire off the request
@@ -76,14 +76,14 @@ class MetasploitModule < Msf::Auxiliary

    if res.nil?
      vprint_error "Request timed out."
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Request timed out')
    end

    if res.body.include? 'root:x:0:0:root:'
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Successfully read /etc/passwd via file disclosure')
    else
      vprint_error 'Target is not vulnerable. Make sure your route is correct.'
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not read /etc/passwd, target may not be vulnerable')
    end
  end

@@ -49,18 +49,18 @@ class MetasploitModule < Msf::Auxiliary
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'api/version')
    })
-    return Exploit::CheckCode::Unknown unless res && res.code == 200
+    return Exploit::CheckCode::Unknown('No response or unexpected status from Ray API') unless res && res.code == 200

    ray_version = res.get_json_document['ray_version']

-    return Exploit::CheckCode::Unknown unless ray_version
+    return Exploit::CheckCode::Unknown('Could not determine Ray version') unless ray_version

-    return Exploit::CheckCode::Safe unless Rex::Version.new(ray_version) <= Rex::Version.new('2.6.3')
+    return Exploit::CheckCode::Safe("Ray version #{ray_version} is not vulnerable") unless Rex::Version.new(ray_version) <= Rex::Version.new('2.6.3')

    file_content = lfi('/etc/passwd')
-    return Exploit::CheckCode::Vulnerable unless file_content.nil?
+    return Exploit::CheckCode::Vulnerable("Ray #{ray_version} - successfully read /etc/passwd") unless file_content.nil?

-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears("Ray version #{ray_version} is in the vulnerable range")
  end

  def lfi(filepath)
@@ -147,7 +147,7 @@ class MetasploitModule < Msf::Auxiliary
      end
    end
    disconnect
-    return info_data ? Msf::Exploit::CheckCode::Appears : Msf::Exploit::CheckCode::Unknown
+    return info_data ? Msf::Exploit::CheckCode::Appears('Redis service detected') : Msf::Exploit::CheckCode::Unknown('Could not confirm Redis service')
  end

  def get_keyspace
@@ -69,7 +69,7 @@ class MetasploitModule < Msf::Auxiliary
      print_error('Could not find root key in serialized auth info')

      # Return CheckCode for exploit/linux/misc/saltstack_salt_unauth_rce
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be a vulnerable SaltStack master')
    end

    print_good("Root key: #{root_key}")
@@ -92,7 +92,7 @@ class MetasploitModule < Msf::Auxiliary
    Exploit::CheckCode::Vulnerable(root_key) # And the root key as the reason!
  rescue EOFError, Rex::ConnectionError => e
    print_error("#{e.class}: #{e.message}")
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Connection error occurred')
  ensure
    # This is from Msf::Exploit::Remote::ZeroMQ
    zmq_disconnect
@@ -87,7 +87,7 @@ class MetasploitModule < Msf::Auxiliary
      return Msf::Exploit::CheckCode::Vulnerable("SolarWinds Serv-U version #{version[1]} (#{os.nil? ? 'Unknown OS' : os[1]})")
    end

-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('Target does not appear to be a vulnerable SolarWinds Serv-U instance')
  end

  def run
@@ -49,12 +49,12 @@ class MetasploitModule < Msf::Auxiliary
    return Exploit::CheckCode::Unknown('Target is unreachable') unless @auth

    if @auth.code == 401
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Backdoor credentials returned 401 Unauthorized')
    elsif @auth.code == 200
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Backdoor credentials returned 200 OK')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown("Unexpected HTTP response code: #{@auth.code}")
  end

  def auth
@@ -76,7 +76,7 @@ class MetasploitModule < Msf::Auxiliary

    return Exploit::CheckCode::Vulnerable if version <= Rex::Version.new('7.12.5')

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe("SuiteCRM version #{version} is not vulnerable")
  end

  def authenticate
@@ -70,12 +70,12 @@ class MetasploitModule < Msf::Auxiliary
      vprint_status('Received handshake response.')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
    elsif res
      vprint_status('Received unexpected handshake response:')
      vprint_status(Rex::Text.to_hex_dump(res))
      disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
    else
      disconnect
      return Exploit::CheckCode::Unknown('No handshake response received.')
@@ -67,9 +67,9 @@ class MetasploitModule < Msf::Auxiliary
        return Exploit::CheckCode::Detected('UPSMON PRO Web seems to be running on target system.')
      end

-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be UPSMON PRO')
    end
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('No response received from the target')
  end

  def print_ini_field(label, value)
@@ -139,14 +139,14 @@ class MetasploitModule < Msf::Auxiliary
    if res and res.code == 200 and res.body.to_s =~ /"simpleversion": "v=5/
      if get_node
        # Multiple factors determine this LOOKS vulnerable
-        return Msf::Exploit::CheckCode::Appears
+        return Msf::Exploit::CheckCode::Appears('vBulletin vote node found, target appears vulnerable')
      else
        # Not enough information about the vuln state, but at least we know this is vbulletin
-        return Msf::Exploit::CheckCode::Detected
+        return Msf::Exploit::CheckCode::Detected('vBulletin detected but vulnerability not confirmed')
      end
    end

-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('Target does not appear to be vBulletin')
  end

  def report_cred(opts)
@@ -94,7 +94,7 @@ class MetasploitModule < Msf::Auxiliary
      unless entries&.find { |entry| entry[:vmwstsprivatekey].any? }
        print_error("#{ldap.peerinfo} is NOT vulnerable to CVE-2020-3952") unless datastore['LDAPPassword'].present?
        print_error('Dump failed')
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe('Dump did not contain expected vmwSTSPrivateKey attribute')
      end

      print_good("#{ldap.peerinfo} is vulnerable to CVE-2020-3952") unless datastore['LDAPPassword'].present?
@@ -59,7 +59,7 @@ class MetasploitModule < Msf::Auxiliary
    return Exploit::CheckCode::Unknown(GET_SQLI_OBJECT_FAILED_ERROR_MSG) if @sqli == GET_SQLI_OBJECT_FAILED_ERROR_MSG
    return Exploit::CheckCode::Vulnerable if @sqli.test_vulnerable

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('SQL injection test did not succeed')
  end

  def generate_vars_post(sqli)
@@ -92,7 +92,7 @@ class MetasploitModule < Msf::Auxiliary
    return Exploit::CheckCode::Unknown(GET_SQLI_OBJECT_FAILED_ERROR_MSG) if @sqli == GET_SQLI_OBJECT_FAILED_ERROR_MSG
    return Exploit::CheckCode::Vulnerable if @sqli.test_vulnerable

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('SQL injection test did not succeed')
  end

  def run
@@ -79,7 +79,7 @@ class MetasploitModule < Msf::Auxiliary
    @sqli = get_sqli_object
    return Exploit::CheckCode::Unknown(GET_SQLI_OBJECT_FAILED_ERROR_MSG) if @sqli == GET_SQLI_OBJECT_FAILED_ERROR_MSG

-    @sqli.test_vulnerable ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe
+    @sqli.test_vulnerable ? Exploit::CheckCode::Vulnerable('SQL injection confirmed') : Exploit::CheckCode::Safe('SQL injection test did not succeed')
  end

  def run
@@ -60,7 +60,7 @@ class MetasploitModule < Msf::Auxiliary
    res = make_injected_request(query, sid, cookies)

    unless res and res.body
-      return Msf::Exploit::CheckCode::Safe
+      return Msf::Exploit::CheckCode::Unknown('No response received from the target')
    end

    match = /#{left_marker}(.*)#{right_marker}/.match(res.body)
@@ -70,10 +70,10 @@ class MetasploitModule < Msf::Auxiliary
    end

    if match[1] == flag
-      return Msf::Exploit::CheckCode::Vulnerable
+      return Msf::Exploit::CheckCode::Vulnerable('SQL injection confirmed via toggleids parameter')
    end

-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('SQL injection test did not succeed')
  end

  def run
@@ -77,21 +77,21 @@ class MetasploitModule < Msf::Auxiliary
    unless received
      print_error(message('No response, target seems down.'))

-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response received from the target')
    end

    if received && (received.code != 500 && received.code != 503)
      print_error(message('The target is not vulnerable to CVE-2021-26855.'))
      vprint_error("Obtained HTTP response code #{received.code} for #{full_uri(uri)}.")

-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("HTTP #{received.code} response indicates target is not vulnerable")
    end

    if received.headers['X-CalculatedBETarget'] != 'localhost'
      print_error(message('The target is not vulnerable to CVE-2021-26855.'))
      vprint_error('Could\'t obtain a correct \'X-CalculatedBETarget\' in the response header.')

-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('X-CalculatedBETarget header does not indicate SSRF vulnerability')
    end

    print_good(message('The target is vulnerable to CVE-2021-26855.'))
@@ -105,6 +105,6 @@ class MetasploitModule < Msf::Auxiliary
      info: msg
    )

-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('SSRF via ProxyLogon confirmed with X-CalculatedBETarget header')
  end
 end
@@ -73,17 +73,17 @@ class MetasploitModule < Msf::Auxiliary

    if v.nil?
      vprint_error("#{ip}:#{rport} - #{version} does not appear to be libssh")
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Unknown("#{version} does not appear to be libssh")
    elsif v.to_s.empty?
      vprint_warning("#{ip}:#{rport} - libssh version not reported")
-      Exploit::CheckCode::Detected
+      Exploit::CheckCode::Detected('libssh detected but version not reported')
    elsif v.between?(Rex::Version.new('0.6.0'), Rex::Version.new('0.7.5')) ||
          v.between?(Rex::Version.new('0.8.0'), Rex::Version.new('0.8.3'))
      vprint_good("#{ip}:#{rport} - #{version} appears to be unpatched")
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears("#{version} appears to be unpatched")
    else
      vprint_error("#{ip}:#{rport} - #{version} appears to be patched")
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe("#{version} appears to be patched")
    end
  end

@@ -80,9 +80,9 @@ class MetasploitModule < Msf::Auxiliary
    )
    disconnect

-    return Exploit::CheckCode::Detected if res&.code == 401
+    return Exploit::CheckCode::Detected('SCCM HTTP server detected') if res&.code == 401

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Target does not appear to be an SCCM HTTP server')
  end

  def run
@@ -130,7 +130,7 @@ class MetasploitModule < Msf::Auxiliary

    if ports.keys.empty?
      vprint_error('ERROR: This server is not replying to recursive requests')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Server is not replying to recursive requests')
    end

    if (reps < 30)
@@ -144,14 +144,14 @@ class MetasploitModule < Msf::Auxiliary
      if (ports_r != 100)
        vprint_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
        # Not exploitable by this tool, so we lower this to Appears on purpose to lower the user's confidence
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears('Source ports are not truly random but may still be exploitable')
      end
    else
      vprint_error('FAIL: This server uses a static source port and is vulnerable to poisoning')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Server uses a static source port')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Server source ports appear sufficiently random')
  end

  def run
@@ -126,7 +126,7 @@ class MetasploitModule < Msf::Auxiliary

    if ports.keys.empty?
      vprint_error('ERROR: This server is not replying to recursive requests')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Server is not replying to recursive requests')
    end

    if (reps < 30)
@@ -135,7 +135,7 @@ class MetasploitModule < Msf::Auxiliary

    unless random
      vprint_error('FAIL: This server uses a static source port and is vulnerable to poisoning')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Server uses a static source port')
    end

    ports_u = ports.keys.length
@@ -145,10 +145,10 @@ class MetasploitModule < Msf::Auxiliary
    if (ports_r != 100)
      vprint_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
      # Not exploitable by this tool, so we lower this to Appears on purpose to lower the user's confidence
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Source ports are not truly random but may still be exploitable')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Server source ports appear sufficiently random')
  end

  def run
@@ -78,7 +78,7 @@ class MetasploitModule < Msf::Auxiliary
        res.body[%r{<column>(.+)</column>}m, 1] || ''
      else
        if res
-          check_error = Exploit::CheckCode::Safe
+          check_error = Exploit::CheckCode::Safe('Target responded but does not appear vulnerable')
        else
          check_error = Exploit::CheckCode::Unknown('Failed to send HTTP request')
        end
@@ -86,7 +86,7 @@ class MetasploitModule < Msf::Auxiliary
      end
    end
    vulnerable_test = sqli.test_vulnerable
-    check_error || (vulnerable_test ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe)
+    check_error || (vulnerable_test ? Exploit::CheckCode::Vulnerable('SQL injection confirmed') : Exploit::CheckCode::Safe('SQL injection test did not succeed'))
  end

  def dump_data(sqli)
@@ -68,16 +68,16 @@ class MetasploitModule < Msf::Auxiliary
    # Check version
    print_status('Trying to detect installed version')
    version = openemr_version
-    return Exploit::CheckCode::Unknown if version.empty?
+    return Exploit::CheckCode::Unknown('Could not determine OpenEMR version') if version.empty?

    vprint_status("Version #{version} detected")
    version.sub! ' (', '.'
    version.sub! ')', ''
    version.strip!

-    return Exploit::CheckCode::Safe unless Rex::Version.new(version) < Rex::Version.new('5.0.1.7')
+    return Exploit::CheckCode::Safe("OpenEMR version #{version} is not vulnerable") unless Rex::Version.new(version) < Rex::Version.new('5.0.1.7')

-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears("OpenEMR version #{version} is in the vulnerable range")
  end

  def get_response(payload)