From 31ef5e03b5897a1e32f6d1425e297fde3fa5becb Mon Sep 17 00:00:00 2001
From: adfoster-r7 <alandavid_foster@rapid7.com>
Date: Wed, 15 Apr 2026 11:57:01 +0100
Subject: [PATCH] Improve auxiliary check code messages

---
 .../admin/dcerpc/cve_2020_1472_zerologon.rb        |  4 ++--
 .../admin/hp/hp_ilo_create_admin_account.rb        |  6 +++---
 .../admin/http/cisco_ssm_onprem_account.rb         |  2 +-
 .../admin/http/fortinet_fortiweb_create_admin.rb   |  2 +-
 .../hikvision_unauth_pwd_reset_cve_2017_7921.rb    |  4 ++--
 modules/auxiliary/admin/http/ibm_drm_download.rb   |  4 ++--
 .../auxiliary/admin/http/idsecure_auth_bypass.rb   | 10 +++++-----
 .../auxiliary/admin/http/intersil_pass_reset.rb    |  8 ++++----
 modules/auxiliary/admin/http/ivanti_vtm_admin.rb   |  4 ++--
 .../admin/http/joomla_registration_privesc.rb      | 10 +++++-----
 .../admin/http/manageengine_pmp_privesc.rb         |  6 +++---
 .../admin/http/mantisbt_password_reset.rb          |  6 +++---
 .../netgear_pnpx_getsharefolderlist_auth_bypass.rb |  8 ++++----
 .../admin/http/netgear_r6700_pass_reset.rb         |  4 ++--
 .../netgear_r7000_backup_cgi_heap_overflow_rce.rb  |  4 ++--
 .../admin/http/pfadmin_set_protected_alias.rb      | 14 +++++++-------
 .../admin/http/pihole_domains_api_exec.rb          | 10 +++++-----
 modules/auxiliary/admin/http/tomcat_ghostcat.rb    |  2 +-
 modules/auxiliary/admin/http/whatsup_gold_sqli.rb  |  6 +++---
 .../admin/http/wp_automatic_plugin_privesc.rb      |  4 ++--
 .../auxiliary/admin/http/wp_google_maps_sqli.rb    |  4 ++--
 modules/auxiliary/admin/ldap/bad_successor.rb      |  4 ++--
 .../admin/networking/cisco_asa_extrabacon.rb       |  6 +++---
 .../admin/networking/cisco_dcnm_auth_bypass.rb     |  6 +++---
 .../networking/thinmanager_traversal_delete.rb     |  6 +++---
 .../networking/thinmanager_traversal_upload.rb     |  6 +++---
 .../networking/thinmanager_traversal_upload2.rb    |  6 +++---
 .../admin/sap/cve_2020_6287_ws_add_user.rb         | 11 ++++++-----
 .../scada/advantech_webaccess_dbvisitor_sqli.rb    |  4 ++--
 .../admin/scada/modicon_password_recovery.rb       |  6 +++---
 .../admin/scada/moxa_credentials_recovery.rb       |  6 +++---
 modules/auxiliary/admin/scada/mypro_mgr_creds.rb   |  8 ++++----
 modules/auxiliary/admin/wemo/crockpot.rb           |  2 +-
 modules/auxiliary/dos/ftp/vsftpd_232.rb            | 12 ++++++------
 .../auxiliary/dos/http/flexense_http_server_dos.rb |  8 ++++----
 .../auxiliary/dos/http/ms15_034_ulonglongadd.rb    |  6 +++---
 modules/auxiliary/dos/http/nodejs_pipelining.rb    |  6 +++---
 modules/auxiliary/dos/scada/allen_bradley_pccc.rb  | 12 ++++++------
 .../gather/cisco_pvc2300_download_config.rb        |  2 +-
 modules/auxiliary/gather/coldfusion_pwd_props.rb   |  4 ++--
 .../cve_2021_27850_apache_tapestry_hmac_key.rb     |  8 ++++----
 modules/auxiliary/gather/drupal_openid_xxe.rb      |  8 ++++----
 .../gather/flash_rosetta_jsonp_url_disclosure.rb   |  4 ++--
 .../hikvision_info_disclosure_cve_2017_7921.rb     |  6 +++---
 modules/auxiliary/gather/jenkins_cred_recovery.rb  |  4 ++--
 .../auxiliary/gather/jetty_web_inf_disclosure.rb   |  4 ++--
 .../auxiliary/gather/joomla_contenthistory_sqli.rb |  4 ++--
 modules/auxiliary/gather/joomla_weblinks_sqli.rb   |  8 ++++----
 modules/auxiliary/gather/microweber_lfi.rb         | 10 +++++-----
 modules/auxiliary/gather/mybb_db_fingerprint.rb    |  8 ++++----
 .../gather/netgear_password_disclosure.rb          |  4 ++--
 .../gather/oats_downloadservlet_traversal.rb       |  4 ++--
 modules/auxiliary/gather/pacsserver_traversal.rb   |  2 +-
 modules/auxiliary/gather/peplink_bauth_sqli.rb     |  4 ++--
 .../auxiliary/gather/qnap_backtrace_admin_hash.rb  |  6 +++---
 modules/auxiliary/gather/qnap_lfi.rb               |  6 +++---
 .../auxiliary/gather/rails_doubletap_file_read.rb  |  8 ++++----
 modules/auxiliary/gather/ray_lfi_cve_2023_6020.rb  | 10 +++++-----
 modules/auxiliary/gather/redis_extractor.rb        |  2 +-
 .../auxiliary/gather/saltstack_salt_root_key.rb    |  4 ++--
 .../solarwinds_servu_fileread_cve_2024_28995.rb    |  2 +-
 .../gather/solarwinds_webhelpdesk_backdoor.rb      |  6 +++---
 modules/auxiliary/gather/suite_crm_export_sqli.rb  |  2 +-
 .../gather/thinmanager_traversal_download.rb       |  4 ++--
 modules/auxiliary/gather/upsmon_traversal.rb       |  4 ++--
 modules/auxiliary/gather/vbulletin_vote_sqli.rb    |  6 +++---
 .../auxiliary/gather/vmware_vcenter_vmdir_ldap.rb  |  2 +-
 .../wp_bookingpress_category_services_sqli.rb      |  2 +-
 .../gather/wp_depicter_sqli_cve_2025_2011.rb       |  2 +-
 modules/auxiliary/gather/wp_photo_gallery_sqli.rb  |  2 +-
 modules/auxiliary/gather/zabbix_toggleids_sqli.rb  |  6 +++---
 .../auxiliary/scanner/http/exchange_proxylogon.rb  |  8 ++++----
 .../auxiliary/scanner/ssh/libssh_auth_bypass.rb    |  8 ++++----
 .../server/relay/relay_get_naa_credentials.rb      |  4 ++--
 modules/auxiliary/spoof/dns/bailiwicked_domain.rb  |  8 ++++----
 modules/auxiliary/spoof/dns/bailiwicked_host.rb    |  8 ++++----
 .../sqli/dlink/dlink_central_wifimanager_sqli.rb   |  4 ++--
 .../auxiliary/sqli/openemr/openemr_sqli_dump.rb    |  6 +++---
 78 files changed, 221 insertions(+), 220 deletions(-)

diff --git a/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb b/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb
index 8f237e71b9..fe1c987e29 100644
--- a/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb
+++ b/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb
@@ -101,9 +101,9 @@ class MetasploitModule < Msf::Auxiliary
       fail_with(Failure::UnexpectedReply, windows_error)
     end
 
-    return Exploit::CheckCode::Detected unless status == 0
+    return Exploit::CheckCode::Detected('Target responded but Zerologon exploit did not succeed') unless status == 0
 
-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('Zerologon authentication bypass succeeded')
   end
 
   def run
diff --git a/modules/auxiliary/admin/hp/hp_ilo_create_admin_account.rb b/modules/auxiliary/admin/hp/hp_ilo_create_admin_account.rb
index 87efa3ee03..f9319bee8b 100644
--- a/modules/auxiliary/admin/hp/hp_ilo_create_admin_account.rb
+++ b/modules/auxiliary/admin/hp/hp_ilo_create_admin_account.rb
@@ -56,14 +56,14 @@ class MetasploitModule < Msf::Auxiliary
         }
       })
     rescue StandardError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to connect to the target')
     end
 
     if (res.code == 200) && res.body.include?('"Description":"iLO User Accounts"')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Authentication bypass returned iLO User Accounts')
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Authentication bypass did not return account data')
   end
 
   def run
diff --git a/modules/auxiliary/admin/http/cisco_ssm_onprem_account.rb b/modules/auxiliary/admin/http/cisco_ssm_onprem_account.rb
index 8feec1eb91..91943627b8 100644
--- a/modules/auxiliary/admin/http/cisco_ssm_onprem_account.rb
+++ b/modules/auxiliary/admin/http/cisco_ssm_onprem_account.rb
@@ -143,7 +143,7 @@ class MetasploitModule < Msf::Auxiliary
       return Exploit::CheckCode::Appears('Password reset was successful, target is vulnerable')
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Password reset status could not be determined')
   end
 
   def decode_url(encoded_string)
diff --git a/modules/auxiliary/admin/http/fortinet_fortiweb_create_admin.rb b/modules/auxiliary/admin/http/fortinet_fortiweb_create_admin.rb
index 4d59da1928..31e5ff28b5 100644
--- a/modules/auxiliary/admin/http/fortinet_fortiweb_create_admin.rb
+++ b/modules/auxiliary/admin/http/fortinet_fortiweb_create_admin.rb
@@ -77,7 +77,7 @@ class MetasploitModule < Msf::Auxiliary
     j = JSON.parse(res.body)
 
     # Tested against vulnerable FortiWeb versions 8.0.1, 7.4.8, 6.4.3, and 6.3.9
-    return Exploit::CheckCode::Appears if j.dig('results', 'errcode') == -56
+    return Exploit::CheckCode::Appears('Authentication bypass succeeded on FortiWeb') if j.dig('results', 'errcode') == -56
 
     Exploit::CheckCode::Unknown('Unexpected JSON results')
   rescue JSON::ParserError
diff --git a/modules/auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921.rb b/modules/auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921.rb
index a0f8a95416..eff31a1a9d 100644
--- a/modules/auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921.rb
+++ b/modules/auxiliary/admin/http/hikvision_unauth_pwd_reset_cve_2017_7921.rb
@@ -118,9 +118,9 @@ class MetasploitModule < Msf::Auxiliary
       user_array.each do |user|
         print_status("USERNAME:#{user&.at_css('userName')&.content} | ID:#{user&.at_css('id')&.content} | ROLE:#{user&.at_css('userLevel')&.content}")
       end
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Unauthenticated access to user credentials succeeded')
     else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("Target returned HTTP #{res.code}")
     end
   end
 
diff --git a/modules/auxiliary/admin/http/ibm_drm_download.rb b/modules/auxiliary/admin/http/ibm_drm_download.rb
index 395fe5541c..af2a0f8e68 100644
--- a/modules/auxiliary/admin/http/ibm_drm_download.rb
+++ b/modules/auxiliary/admin/http/ibm_drm_download.rb
@@ -75,10 +75,10 @@ class MetasploitModule < Msf::Auxiliary
       }
     })
     if res && (res.code == 302)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('IBM DRM web interface detected')
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine if target is IBM DRM')
   end
 
   def create_session_id
diff --git a/modules/auxiliary/admin/http/idsecure_auth_bypass.rb b/modules/auxiliary/admin/http/idsecure_auth_bypass.rb
index c02aea8c3c..613fbb874b 100644
--- a/modules/auxiliary/admin/http/idsecure_auth_bypass.rb
+++ b/modules/auxiliary/admin/http/idsecure_auth_bypass.rb
@@ -47,19 +47,19 @@ class MetasploitModule < Msf::Auxiliary
         'uri' => normalize_uri(target_uri.path, 'api/util/configUI')
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection failed')
     end
 
-    return Exploit::CheckCode::Unknown unless res&.code == 401
+    return Exploit::CheckCode::Unknown('Target did not return HTTP 401') unless res&.code == 401
 
     data = res.get_json_document
     version = data['Version']
-    return Exploit::CheckCode::Unknown if version.nil?
+    return Exploit::CheckCode::Unknown('Could not determine IDSecure version') if version.nil?
 
     print_status('Got version: ' + version)
-    return Exploit::CheckCode::Safe unless Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')
+    return Exploit::CheckCode::Safe("IDSecure version #{version} is not vulnerable") unless Rex::Version.new(version) <= Rex::Version.new('4.7.43.0')
 
-    return Exploit::CheckCode::Appears
+    return Exploit::CheckCode::Appears("IDSecure version #{version} is vulnerable")
   end
 
   def run
diff --git a/modules/auxiliary/admin/http/intersil_pass_reset.rb b/modules/auxiliary/admin/http/intersil_pass_reset.rb
index b5db2eb29f..6fdfbaa38e 100644
--- a/modules/auxiliary/admin/http/intersil_pass_reset.rb
+++ b/modules/auxiliary/admin/http/intersil_pass_reset.rb
@@ -58,16 +58,16 @@ class MetasploitModule < Msf::Auxiliary
 
     if res && (m = res.headers['Server'].match(%r{Boa/(.*)}))
       vprint_status("Boa Version Detected: #{m[1]}")
-      return Exploit::CheckCode::Safe if (m[1][0].ord - 48 > 0) # boa server wrong version
-      return Exploit::CheckCode::Safe if (m[1][3].ord - 48 > 4)
+      return Exploit::CheckCode::Safe("Boa version #{m[1]} is not vulnerable") if (m[1][0].ord - 48 > 0) # boa server wrong version
+      return Exploit::CheckCode::Safe("Boa version #{m[1]} is not vulnerable") if (m[1][3].ord - 48 > 4)
 
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable("Boa version #{m[1]} is vulnerable")
     end
 
     return Exploit::CheckCode::Safe('Not a Boa Server!')
   rescue Rex::ConnectionRefused
     print_error('Connection refused by server.')
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Connection refused by server')
   end
 
   def run
diff --git a/modules/auxiliary/admin/http/ivanti_vtm_admin.rb b/modules/auxiliary/admin/http/ivanti_vtm_admin.rb
index 3952793192..5bc4542fbb 100644
--- a/modules/auxiliary/admin/http/ivanti_vtm_admin.rb
+++ b/modules/auxiliary/admin/http/ivanti_vtm_admin.rb
@@ -61,10 +61,10 @@ class MetasploitModule < Msf::Auxiliary
       version = match[1]
       return Exploit::CheckCode::Appears("Version: #{version}") if Rex::Version.new(version) <= Rex::Version.new('22.7R1')
     else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not detect Ivanti vTM version')
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Ivanti vTM version is not vulnerable')
   end
 
   def run
diff --git a/modules/auxiliary/admin/http/joomla_registration_privesc.rb b/modules/auxiliary/admin/http/joomla_registration_privesc.rb
index 5a3b125cc5..febf029c90 100644
--- a/modules/auxiliary/admin/http/joomla_registration_privesc.rb
+++ b/modules/auxiliary/admin/http/joomla_registration_privesc.rb
@@ -52,28 +52,28 @@ class MetasploitModule < Msf::Auxiliary
 
     unless res
       vprint_error('Unable to connect to target')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to connect to target')
     end
 
     unless joomla_and_online?
       vprint_error('Unable to detect Joomla')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be Joomla')
     end
 
     version = Rex::Version.new(joomla_version)
 
     unless version
       vprint_error('Unable to detect Joomla version')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Joomla detected but version could not be determined')
     end
 
     vprint_status("Detected Joomla version #{version}")
 
     if version.between?(Rex::Version.new('3.4.4'), Rex::Version.new('3.6.3'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Joomla #{version} is in the vulnerable range 3.4.4-3.6.3")
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe("Joomla #{version} is not in the vulnerable range")
   end
 
   def get_csrf(hidden_fields)
diff --git a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
index 33e258a84a..c0d584c810 100644
--- a/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
+++ b/modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
@@ -211,11 +211,11 @@ class MetasploitModule < Msf::Auxiliary
     version = get_version
     case version
     when 0..7104
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("ManageEngine PMP build #{version} is in the vulnerable range")
     when 7105..9998
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("ManageEngine PMP build #{version} is patched")
     else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown("ManageEngine PMP build #{version} could not be assessed")
     end
   end
 
diff --git a/modules/auxiliary/admin/http/mantisbt_password_reset.rb b/modules/auxiliary/admin/http/mantisbt_password_reset.rb
index 912ff06a6e..d592903eb9 100644
--- a/modules/auxiliary/admin/http/mantisbt_password_reset.rb
+++ b/modules/auxiliary/admin/http/mantisbt_password_reset.rb
@@ -52,14 +52,14 @@ class MetasploitModule < Msf::Auxiliary
 
     if res && res.body && res.body.include?('Powered by <a href="http://www.mantisbt.org" title="bug tracking software">MantisBT')
       vprint_status('MantisBT detected')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('MantisBT detected')
     else
       vprint_status('Not a MantisBT Instance!')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be MantisBT')
     end
   rescue Rex::ConnectionRefused
     print_error('Connection refused by server.')
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Connection refused by server')
   end
 
   def run
diff --git a/modules/auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.rb b/modules/auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.rb
index 55366911a2..db596f4779 100644
--- a/modules/auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.rb
+++ b/modules/auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.rb
@@ -94,13 +94,13 @@ class MetasploitModule < Msf::Auxiliary
     # Check version is vulnerable
     print_status("Target is a #{model_name} router running firmware version #{major_version}_#{minor_version}")
     if (Rex::Version.new(major_version) >= Rex::Version.new('1.2.0.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.2.0.88'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
     elsif (Rex::Version.new(major_version) >= Rex::Version.new('1.0.1.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.0.1.80'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
     elsif (Rex::Version.new(major_version) >= Rex::Version.new('1.1.0.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.1.0.110')) # Need more work on this as this isn't a good check for affected versions and may overlap with patched versions.
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
     elsif (Rex::Version.new(major_version) >= Rex::Version.new('1.1.0.0')) && (Rex::Version.new(major_version) < Rex::Version.new('1.1.0.84')) # Need more work on this to make sure we apply this to the correct systems.
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Firmware #{major_version} is in the vulnerable range")
     else
       return Exploit::CheckCode::Safe('Not a vulnerable router version!')
     end
diff --git a/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb b/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb
index 9ba4af2400..fba89be692 100644
--- a/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb
+++ b/modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb
@@ -104,9 +104,9 @@ class MetasploitModule < Msf::Auxiliary
     target_version = retrieve_version
     print_status("Target is running firmware version #{target_version}")
     if (target_version < Rex::Version.new('1.0.4.94')) && (target_version >= Rex::Version.new('1.0.2.62'))
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("NETGEAR R6700 firmware #{target_version} is in the vulnerable range")
     else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("NETGEAR R6700 firmware #{target_version} is not vulnerable")
     end
   end
 
diff --git a/modules/auxiliary/admin/http/netgear_r7000_backup_cgi_heap_overflow_rce.rb b/modules/auxiliary/admin/http/netgear_r7000_backup_cgi_heap_overflow_rce.rb
index dc8023b466..6a6b167769 100644
--- a/modules/auxiliary/admin/http/netgear_r7000_backup_cgi_heap_overflow_rce.rb
+++ b/modules/auxiliary/admin/http/netgear_r7000_backup_cgi_heap_overflow_rce.rb
@@ -102,13 +102,13 @@ class MetasploitModule < Msf::Auxiliary
       model = scrape(data, marker_one, marker_two)
       print_status("Router is a NETGEAR router (#{model})")
       if model == 'R7000' && check_vuln_firmware
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('NETGEAR R7000 with vulnerable firmware')
       end
 
     else
       print_error('Router is not a NETGEAR router')
     end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Target does not appear to be a vulnerable NETGEAR router')
   end
 
   def fake_logins_to_ease_heap
diff --git a/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb b/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb
index e402193087..90617ec727 100644
--- a/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb
+++ b/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb
@@ -66,23 +66,23 @@ class MetasploitModule < Msf::Auxiliary
   def check
     res = send_request_cgi({ 'uri' => postfixadmin_url_login, 'method' => 'GET' })
 
-    return Exploit::CheckCode::Unknown unless res
+    return Exploit::CheckCode::Unknown('No response received from the target') unless res
 
-    return Exploit::CheckCode::Safe if res.code != 200
+    return Exploit::CheckCode::Safe('Target did not return a 200 response') if res.code != 200
 
     if res.body =~ /<div id="footer".*Postfix Admin/m
       version = res.body.match(%r{<div id="footer"[^<]*<a[^<]*Postfix\s*Admin\s*([^<]*)</}mi)
-      return Exploit::CheckCode::Detected unless version
+      return Exploit::CheckCode::Detected('Postfix Admin detected but version could not be determined') unless version
       if Rex::Version.new('2.91') > Rex::Version.new(version[1])
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected("Postfix Admin #{version[1]} is older than the vulnerable range")
       elsif Rex::Version.new('3.0.1') < Rex::Version.new(version[1])
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected("Postfix Admin #{version[1]} is newer than the vulnerable range")
       end
 
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Postfix Admin #{version[1]} is in the vulnerable range 2.91-3.0.1")
     end
 
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not identify Postfix Admin on the target')
   end
 
   def run
diff --git a/modules/auxiliary/admin/http/pihole_domains_api_exec.rb b/modules/auxiliary/admin/http/pihole_domains_api_exec.rb
index 7bcdbd10c4..dd57374149 100644
--- a/modules/auxiliary/admin/http/pihole_domains_api_exec.rb
+++ b/modules/auxiliary/admin/http/pihole_domains_api_exec.rb
@@ -59,21 +59,21 @@ class MetasploitModule < Msf::Auxiliary
 
       if web_version.nil?
         print_error("#{peer} - Could not connect to web service - no response or non-200 HTTP code")
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Could not connect to web service')
       end
 
       if web_version && Rex::Version.new(web_version) <= Rex::Version.new('5.6')
         vprint_good("Web Interface Version Detected: #{web_version}")
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("Pi-hole web interface version #{web_version} is vulnerable")
       else
         vprint_bad("Web Interface Version Detected: #{web_version}")
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("Pi-hole web interface version #{web_version} is not vulnerable")
       end
     rescue ::Rex::ConnectionError
       print_error("#{peer} - Could not connect to the web service")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not connect to the web service')
     end
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be Pi-hole')
   end
 
   def validate_command
diff --git a/modules/auxiliary/admin/http/tomcat_ghostcat.rb b/modules/auxiliary/admin/http/tomcat_ghostcat.rb
index 4610e15d8a..32a95e2cdc 100644
--- a/modules/auxiliary/admin/http/tomcat_ghostcat.rb
+++ b/modules/auxiliary/admin/http/tomcat_ghostcat.rb
@@ -151,7 +151,7 @@ class MetasploitModule < Msf::Auxiliary
       return Exploit::CheckCode::Appears("Successfully read file #{datastore['FILENAME']}")
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target did not return a valid Ghostcat response')
   rescue StandardError => e
     Exploit::CheckCode::Unknown(e.message)
   end
diff --git a/modules/auxiliary/admin/http/whatsup_gold_sqli.rb b/modules/auxiliary/admin/http/whatsup_gold_sqli.rb
index 71bb1e718c..016ada2218 100644
--- a/modules/auxiliary/admin/http/whatsup_gold_sqli.rb
+++ b/modules/auxiliary/admin/http/whatsup_gold_sqli.rb
@@ -51,21 +51,21 @@ class MetasploitModule < Msf::Auxiliary
       'uri' => normalize_uri(target_uri.path, 'NmConsole/app.json')
     })
 
-    return Exploit::CheckCode::Unknown unless res && res.code == 200
+    return Exploit::CheckCode::Unknown('No response or unexpected HTTP status') unless res && res.code == 200
 
     data = res.get_json_document
     data_js = data['js']
     version_path = data_js.find { |item| item['path'] =~ /app-/ }['path']
     version = version_path[/app-(.*)\.js/, 1]
     if version.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine WhatsUp Gold version')
     else
       vprint_status('Version retrieved: ' + version)
     end
 
     return Exploit::CheckCode::Appears("Version: #{version}") if Rex::Version.new(version) <= Rex::Version.new('23.1.3')
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe("WhatsUp Gold version #{version} is not vulnerable")
   end
 
   def run
diff --git a/modules/auxiliary/admin/http/wp_automatic_plugin_privesc.rb b/modules/auxiliary/admin/http/wp_automatic_plugin_privesc.rb
index 6c70300926..e863ac9f16 100644
--- a/modules/auxiliary/admin/http/wp_automatic_plugin_privesc.rb
+++ b/modules/auxiliary/admin/http/wp_automatic_plugin_privesc.rb
@@ -59,9 +59,9 @@ class MetasploitModule < Msf::Auxiliary
     # check_plugin_version_from_readme('wp-automatic', '3.53.3')
 
     if set_wp_option(Rex::Text.rand_text_numeric(8..20), Rex::Text.rand_text_numeric(8..20))
-      checkcode = Exploit::CheckCode::Vulnerable
+      checkcode = Exploit::CheckCode::Vulnerable('SQL injection via WP Automatic plugin confirmed')
     else
-      checkcode = Exploit::CheckCode::Safe
+      checkcode = Exploit::CheckCode::Safe('WP Automatic plugin is not vulnerable')
       print_error('Automatic not a vulnerable version')
     end
     checkcode
diff --git a/modules/auxiliary/admin/http/wp_google_maps_sqli.rb b/modules/auxiliary/admin/http/wp_google_maps_sqli.rb
index 8cc6cdfdf4..9be9a20c9a 100644
--- a/modules/auxiliary/admin/http/wp_google_maps_sqli.rb
+++ b/modules/auxiliary/admin/http/wp_google_maps_sqli.rb
@@ -59,10 +59,10 @@ class MetasploitModule < Msf::Auxiliary
   def check
     mynum = Rex::Text.rand_text_numeric(8..20).to_s
     body = send_sql_request(mynum)
-    return Exploit::CheckCode::Unknown if body.nil?
+    return Exploit::CheckCode::Unknown('No response from target') if body.nil?
     return Exploit::CheckCode::Vulnerable if body.include?(mynum)
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('SQL injection test did not return expected result')
   end
 
   def run
diff --git a/modules/auxiliary/admin/ldap/bad_successor.rb b/modules/auxiliary/admin/ldap/bad_successor.rb
index 1aa30a2062..15500eb4c1 100644
--- a/modules/auxiliary/admin/ldap/bad_successor.rb
+++ b/modules/auxiliary/admin/ldap/bad_successor.rb
@@ -105,7 +105,7 @@ class MetasploitModule < Msf::Auxiliary
       end
       @ldap = ldap
 
-      return Exploit::CheckCode::Safe unless windows_version_vulnerable?
+      return Exploit::CheckCode::Safe('Target Windows version is not vulnerable to BadSuccessor') unless windows_version_vulnerable?
 
       ous = get_ous_we_can_write_to
       if ous.blank?
@@ -117,7 +117,7 @@ class MetasploitModule < Msf::Auxiliary
         print_good(" - #{ou}")
       end
 
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears('Writable Organizational Units found, target appears vulnerable to BadSuccessor')
     end
   rescue Errno::ECONNRESET
     fail_with(Failure::Disconnected, 'The connection was reset.')
diff --git a/modules/auxiliary/admin/networking/cisco_asa_extrabacon.rb b/modules/auxiliary/admin/networking/cisco_asa_extrabacon.rb
index 11347209ce..ed5fa48c21 100644
--- a/modules/auxiliary/admin/networking/cisco_asa_extrabacon.rb
+++ b/modules/auxiliary/admin/networking/cisco_asa_extrabacon.rb
@@ -112,16 +112,16 @@ class MetasploitModule < Msf::Auxiliary
       vers_string = retrieve_asa_version
     rescue ::StandardError
       print_error('Error: Unable to retrieve version information')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to retrieve version information')
     end
 
     if @offsets[vers_string]
       print_good("Payload for Cisco ASA version #{vers_string} available!")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Cisco ASA version #{vers_string} has an available payload")
     end
 
     print_warning("Received Cisco ASA version #{vers_string}, but no payload available")
-    return Exploit::CheckCode::Detected
+    return Exploit::CheckCode::Detected("Cisco ASA version #{vers_string} detected but no payload available")
   end
 
   def build_payload(vers_string, mode)
diff --git a/modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb b/modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
index c75af866ba..5a9f932ab3 100644
--- a/modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
+++ b/modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
@@ -149,11 +149,11 @@ class MetasploitModule < Msf::Auxiliary
     res = add_admin_account('test', 'test')
 
     if res == :success || res == :user_already_exists || res == :weak_password
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('Authentication bypass succeeded on DCNM REST API')
     elsif res == :failed_to_connect
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Unknown('Failed to connect to the target or determine vulnerability status')
     else
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Unknown('Could not determine vulnerability status')
     end
   end
 
diff --git a/modules/auxiliary/admin/networking/thinmanager_traversal_delete.rb b/modules/auxiliary/admin/networking/thinmanager_traversal_delete.rb
index 16320b606c..560dcf9358 100644
--- a/modules/auxiliary/admin/networking/thinmanager_traversal_delete.rb
+++ b/modules/auxiliary/admin/networking/thinmanager_traversal_delete.rb
@@ -55,7 +55,7 @@ class MetasploitModule < Msf::Auxiliary
       connect
     rescue Rex::ConnectionTimeout
       print_error("Connection to #{datastore['RHOSTS']}:#{datastore['RPORT']} failed.")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
     end
 
     vprint_status('Sending handshake...')
@@ -70,12 +70,12 @@ class MetasploitModule < Msf::Auxiliary
       vprint_status('Received handshake response.')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
     elsif res
       vprint_status('Received unexpected handshake response:')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
     else
       disconnect
       return Exploit::CheckCode::Unknown('No handshake response received.')
diff --git a/modules/auxiliary/admin/networking/thinmanager_traversal_upload.rb b/modules/auxiliary/admin/networking/thinmanager_traversal_upload.rb
index 084805c741..c536482006 100644
--- a/modules/auxiliary/admin/networking/thinmanager_traversal_upload.rb
+++ b/modules/auxiliary/admin/networking/thinmanager_traversal_upload.rb
@@ -56,7 +56,7 @@ class MetasploitModule < Msf::Auxiliary
       connect
     rescue Rex::ConnectionTimeout => e
       print_error("Connection to #{datastore['RHOSTS']}:#{datastore['RPORT']} failed: #{e.message}")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
     end
 
     vprint_status('Sending handshake...')
@@ -71,12 +71,12 @@ class MetasploitModule < Msf::Auxiliary
       vprint_status('Received handshake response.')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
     elsif res
       vprint_status('Received unexpected handshake response:')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
     else
       disconnect
       return Exploit::CheckCode::Unknown('No handshake response received.')
diff --git a/modules/auxiliary/admin/networking/thinmanager_traversal_upload2.rb b/modules/auxiliary/admin/networking/thinmanager_traversal_upload2.rb
index 79eb6dec7e..82fb19ebb7 100644
--- a/modules/auxiliary/admin/networking/thinmanager_traversal_upload2.rb
+++ b/modules/auxiliary/admin/networking/thinmanager_traversal_upload2.rb
@@ -56,7 +56,7 @@ class MetasploitModule < Msf::Auxiliary
       connect
     rescue Rex::ConnectionTimeout
       print_error("Connection to #{datastore['RHOSTS']}:#{datastore['RPORT']} failed.")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
     end
 
     vprint_status('Sending handshake...')
@@ -71,12 +71,12 @@ class MetasploitModule < Msf::Auxiliary
       vprint_status('Received handshake response.')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
     elsif res
       vprint_status('Received unexpected handshake response:')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
     else
       disconnect
       return Exploit::CheckCode::Unknown('No handshake response received.')
diff --git a/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb b/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb
index cb614b5d77..dd5fc1273a 100644
--- a/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb
+++ b/modules/auxiliary/admin/sap/cve_2020_6287_ws_add_user.rb
@@ -63,14 +63,15 @@ class MetasploitModule < Msf::Auxiliary
       }
     )
 
-    return Exploit::CheckCode::Safe unless res&.code == 200
-    return Exploit::CheckCode::Safe unless res.headers['Content-Type'].strip.start_with?('text/xml')
+    return Exploit::CheckCode::Unknown('No response received from target') if res.nil?
+    return Exploit::CheckCode::Safe('Unexpected HTTP status') unless res.code == 200
+    return Exploit::CheckCode::Safe('Response is not XML') unless res.headers['Content-Type'].to_s.strip.start_with?('text/xml')
 
     xml = res.get_xml_document
-    return Exploit::CheckCode::Safe unless xml.namespaces['xmlns:wsdl'] == 'http://schemas.xmlsoap.org/wsdl/'
-    return Exploit::CheckCode::Safe if xml.xpath("//wsdl:definitions/wsdl:service[@name='CTCWebService']").empty?
+    return Exploit::CheckCode::Safe('Response does not contain WSDL namespace') unless xml.namespaces['xmlns:wsdl'] == 'http://schemas.xmlsoap.org/wsdl/'
+    return Exploit::CheckCode::Safe('CTCWebService not found in WSDL') if xml.xpath("//wsdl:definitions/wsdl:service[@name='CTCWebService']").empty?
 
-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('SAP NetWeaver CTCWebService WSDL endpoint is accessible')
   end
 
   def run
diff --git a/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb b/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb
index f584e4feab..9b114a3c86 100644
--- a/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb
+++ b/modules/auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli.rb
@@ -100,10 +100,10 @@ class MetasploitModule < Msf::Auxiliary
     data = do_sqli(injection, mark)
 
     if data.nil?
-      return Msf::Exploit::CheckCode::Safe
+      return Msf::Exploit::CheckCode::Safe('Could not retrieve data from Advantech WebAccess')
     end
 
-    Msf::Exploit::CheckCode::Vulnerable
+    Msf::Exploit::CheckCode::Vulnerable('SQL injection via DBVisitor.asp confirmed')
   end
 
   def parse_users(xml, mark, separator)
diff --git a/modules/auxiliary/admin/scada/modicon_password_recovery.rb b/modules/auxiliary/admin/scada/modicon_password_recovery.rb
index 7754f45500..0022ea1760 100644
--- a/modules/auxiliary/admin/scada/modicon_password_recovery.rb
+++ b/modules/auxiliary/admin/scada/modicon_password_recovery.rb
@@ -77,17 +77,17 @@ class MetasploitModule < Msf::Auxiliary
       disconnect
     else
       vprint_error "#{ip}:#{rport} - FTP - Cannot connect, skipping"
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to connect via FTP')
     end
 
     if is_modicon
       vprint_status "#{ip}:#{rport} - FTP - Matches Modicon fingerprint"
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner matches Modicon fingerprint')
     end
 
     vprint_error "#{ip}:#{rport} - FTP - Skipping due to fingerprint mismatch"
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Modicon fingerprint')
   end
 
   def run
diff --git a/modules/auxiliary/admin/scada/moxa_credentials_recovery.rb b/modules/auxiliary/admin/scada/moxa_credentials_recovery.rb
index 64aae1a63e..cffe966c30 100644
--- a/modules/auxiliary/admin/scada/moxa_credentials_recovery.rb
+++ b/modules/auxiliary/admin/scada/moxa_credentials_recovery.rb
@@ -222,19 +222,19 @@ class MetasploitModule < Msf::Auxiliary
 
     unless response
       vprint_error('Unknown response')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response from target')
     end
 
     # A valid response is 24 bytes, starts with 0x81, and contains the values
     # 0x00, 0x90, 0xe8 (the Moxa OIU) in bytes 14, 15, and 16.
     if response[0] == "\x81" && response[14..16] == "\x00\x90\xe8" && response.length == 24
       format_output(response)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Moxa device detected via proprietary protocol')
     end
 
     cleanup
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be a Moxa device')
   end
 
   def run
diff --git a/modules/auxiliary/admin/scada/mypro_mgr_creds.rb b/modules/auxiliary/admin/scada/mypro_mgr_creds.rb
index 6fd57f5cd4..6807f5153f 100644
--- a/modules/auxiliary/admin/scada/mypro_mgr_creds.rb
+++ b/modules/auxiliary/admin/scada/mypro_mgr_creds.rb
@@ -64,19 +64,19 @@ class MetasploitModule < Msf::Auxiliary
         'uri' => normalize_uri(target_uri.path, 'assets/index-DBkpc6FO.js')
       })
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to connect to the target')
     end
 
     if res.to_s =~ /const S="([^"]+)"/
       version = ::Regexp.last_match(1)
       vprint_status('Version retrieved: ' + version)
       if Rex::Version.new(version) <= Rex::Version.new('1.3')
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("myPRO Manager version #{version} is vulnerable")
       end
 
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("myPRO Manager version #{version} is not vulnerable")
     end
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine myPRO Manager version')
   end
 
   def run
diff --git a/modules/auxiliary/admin/wemo/crockpot.rb b/modules/auxiliary/admin/wemo/crockpot.rb
index 7ee481bd66..9ce7ac9def 100644
--- a/modules/auxiliary/admin/wemo/crockpot.rb
+++ b/modules/auxiliary/admin/wemo/crockpot.rb
@@ -65,7 +65,7 @@ class MetasploitModule < Msf::Auxiliary
       return Exploit::CheckCode::Detected('Wemo device detected, but it is not a Crock-Pot')
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be a Wemo device')
   end
 
   def run
diff --git a/modules/auxiliary/dos/ftp/vsftpd_232.rb b/modules/auxiliary/dos/ftp/vsftpd_232.rb
index 5d3fbc7158..0615f7c5c8 100644
--- a/modules/auxiliary/dos/ftp/vsftpd_232.rb
+++ b/modules/auxiliary/dos/ftp/vsftpd_232.rb
@@ -43,14 +43,14 @@ class MetasploitModule < Msf::Auxiliary
     begin
       if !connect_login
         print_error('Connection refused.')
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Failed to connect or authenticate via FTP')
       end
     rescue Rex::ConnectionRefused
       print_error('Connection refused.')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection refused by the target')
     rescue Rex::ConnectionTimeout
       print_error('Connection timed out')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
     end
     s = ''
     loop do
@@ -62,15 +62,15 @@ class MetasploitModule < Msf::Auxiliary
     # check if version was found
     if s !~ /vsFTPd \d+\.\d+\.\d+/
       print_error('Did not find FTP version in FTP session.')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine vsFTPd version')
     end
 
     # pull out version and check if its in range of vulnerability
     version = s[/\d+\.\d+\.\d+/]
     if Rex::Version.new(version) < Rex::Version.new('2.3.3')
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears("vsFTPd #{version} is older than the patched version 2.3.3")
     else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe("vsFTPd #{version} is not vulnerable")
     end
   end
 
diff --git a/modules/auxiliary/dos/http/flexense_http_server_dos.rb b/modules/auxiliary/dos/http/flexense_http_server_dos.rb
index 5faae6bb10..deec4b9d7f 100644
--- a/modules/auxiliary/dos/http/flexense_http_server_dos.rb
+++ b/modules/auxiliary/dos/http/flexense_http_server_dos.rb
@@ -48,16 +48,16 @@ class MetasploitModule < Msf::Auxiliary
     sock.put("GET / HTTP/1.0\r\n\r\n")
     res = sock.get
     if res && res.include?('Flexense HTTP Server v10.6.24')
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears('Flexense HTTP Server v10.6.24 detected')
     else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('Target does not appear to be Flexense HTTP Server v10.6.24')
     end
   rescue Rex::ConnectionRefused
     print_error('Target refused the connection')
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Target refused the connection')
   rescue StandardError
     print_error('Target did not respond to HTTP request')
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Target did not respond to HTTP request')
   end
 
   def run
diff --git a/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb b/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb
index de8c747886..c728da458f 100644
--- a/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb
+++ b/modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb
@@ -163,16 +163,16 @@ class MetasploitModule < Msf::Auxiliary
 
         target_uri.path = uri # Needed for the DoS attack
 
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('Target returned expected vulnerable response to range header')
       elsif res && res.body.include?('The request has an invalid header name')
         vprint_status("#{vmessage} [#{res.code}] - Safe")
 
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe('Target rejected the range header')
       else
         vprint_status("#{vmessage} - Unknown")
       end
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine vulnerability status')
   end
 end
diff --git a/modules/auxiliary/dos/http/nodejs_pipelining.rb b/modules/auxiliary/dos/http/nodejs_pipelining.rb
index 2dff794830..41d78d6716 100644
--- a/modules/auxiliary/dos/http/nodejs_pipelining.rb
+++ b/modules/auxiliary/dos/http/nodejs_pipelining.rb
@@ -50,17 +50,17 @@ class MetasploitModule < Msf::Auxiliary
   def check
     # http://blog.nodejs.org/2013/08/21/node-v0-10-17-stable/
     # check if we are < 0.10.17 by seeing if a malformed HTTP request is accepted
-    status = Exploit::CheckCode::Safe
+    status = Exploit::CheckCode::Safe('Target does not appear to be a vulnerable Node.js server')
     connect
     sock.put(http_request('GEM'))
     begin
       response = sock.get_once
-      status = Exploit::CheckCode::Appears if response =~ /HTTP/
+      status = Exploit::CheckCode::Appears('Node.js accepted a malformed HTTP method, likely < 0.10.17') if response =~ /HTTP/
     rescue EOFError
       # checking against >= 0.10.17 raises EOFError because there is no
       # response to GEM requests
       vprint_error('Failed to determine the vulnerable state due to an EOFError (no response)')
-      return Msf::Exploit::CheckCode::Unknown
+      return Msf::Exploit::CheckCode::Unknown('No response to malformed HTTP request')
     ensure
       disconnect
     end
diff --git a/modules/auxiliary/dos/scada/allen_bradley_pccc.rb b/modules/auxiliary/dos/scada/allen_bradley_pccc.rb
index c9433ce360..50db489035 100644
--- a/modules/auxiliary/dos/scada/allen_bradley_pccc.rb
+++ b/modules/auxiliary/dos/scada/allen_bradley_pccc.rb
@@ -142,7 +142,7 @@ class MetasploitModule < Msf::Auxiliary
 
     unless res && res[0].length > 63 && res[0][0, 2] == "\x63\x00"
       print_error 'EtherNet/IP Packet Not Valid'
-      return Exploit::CheckCode::Unsupported
+      return Exploit::CheckCode::Unsupported('Target did not return a valid EtherNet/IP response')
     end
 
     res[0][54, 2]
@@ -154,20 +154,20 @@ class MetasploitModule < Msf::Auxiliary
     array = product_name.split(' ')
     plc_model = array[0]
 
-    return Exploit::CheckCode::Safe unless VULN_LIST.any? { |e| plc_model.include? e }
+    return Exploit::CheckCode::Safe("PLC model #{plc_model} is not in the vulnerable list") unless VULN_LIST.any? { |e| plc_model.include? e }
 
     firmware = array[1]
     begin
       firmware_nbr = firmware.scan(/(\d+[.,]\d+)/).flatten.first.to_f
       if firmware_nbr >= VULN_FW_VERSION_MIN && firmware_nbr < VULN_FW_VERSION_MAX
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable("#{plc_model} firmware #{firmware_nbr} is in the vulnerable range")
       elsif firmware_nbr < VULN_FW_VERSION_MIN
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("#{plc_model} firmware #{firmware_nbr} may be vulnerable")
       else
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("#{plc_model} firmware #{firmware_nbr} is patched")
       end
     rescue StandardError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not parse firmware version')
     end
   rescue Rex::AddressInUse, ::Errno::ETIMEDOUT, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError => e
     elog(e)
diff --git a/modules/auxiliary/gather/cisco_pvc2300_download_config.rb b/modules/auxiliary/gather/cisco_pvc2300_download_config.rb
index ee2ca38b97..31d9d2e73f 100644
--- a/modules/auxiliary/gather/cisco_pvc2300_download_config.rb
+++ b/modules/auxiliary/gather/cisco_pvc2300_download_config.rb
@@ -223,7 +223,7 @@ class MetasploitModule < Msf::Auxiliary
     end
 
     vprint_status('Target seems to be a Cisco camera')
-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears('Target appears to be a Cisco PVC2300 camera')
   end
 
   def run
diff --git a/modules/auxiliary/gather/coldfusion_pwd_props.rb b/modules/auxiliary/gather/coldfusion_pwd_props.rb
index 5acc38a639..f1e11e48f5 100644
--- a/modules/auxiliary/gather/coldfusion_pwd_props.rb
+++ b/modules/auxiliary/gather/coldfusion_pwd_props.rb
@@ -114,10 +114,10 @@ class MetasploitModule < Msf::Auxiliary
 
   def check
     if check_cf
-      return Msf::Exploit::CheckCode::Vulnerable
+      return Msf::Exploit::CheckCode::Vulnerable('ColdFusion password.properties file is accessible')
     end
 
-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('ColdFusion password.properties file is not accessible')
   end
 
   def check_cf
diff --git a/modules/auxiliary/gather/cve_2021_27850_apache_tapestry_hmac_key.rb b/modules/auxiliary/gather/cve_2021_27850_apache_tapestry_hmac_key.rb
index 5a1a299107..634aa025f1 100644
--- a/modules/auxiliary/gather/cve_2021_27850_apache_tapestry_hmac_key.rb
+++ b/modules/auxiliary/gather/cve_2021_27850_apache_tapestry_hmac_key.rb
@@ -54,7 +54,7 @@ class MetasploitModule < Msf::Auxiliary
     })
 
     if res.nil?
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Unknown('No response received from the target')
     elsif res.code == 302
 
       id_url = res.redirection.to_s[%r{assets/app/(\w+)/services/#{class_file}}, 1]
@@ -66,12 +66,12 @@ class MetasploitModule < Msf::Auxiliary
 
       if res.code == 200 && res.headers['Content-Type'] =~ %r{application/java.*}
         print_good("Java file leak at #{rhost}:#{rport}#{normalized_url}")
-        Exploit::CheckCode::Vulnerable
+        Exploit::CheckCode::Vulnerable("Java class file leaked at #{normalized_url}")
       else
-        Exploit::CheckCode::Safe
+        Exploit::CheckCode::Safe('Redirected but class file not accessible')
       end
     else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe("Unexpected HTTP response code: #{res.code}")
     end
   end
 
diff --git a/modules/auxiliary/gather/drupal_openid_xxe.rb b/modules/auxiliary/gather/drupal_openid_xxe.rb
index 6b5f77226b..69323fdac1 100644
--- a/modules/auxiliary/gather/drupal_openid_xxe.rb
+++ b/modules/auxiliary/gather/drupal_openid_xxe.rb
@@ -106,18 +106,18 @@ class MetasploitModule < Msf::Auxiliary
 
     unless res
       vprint_status("Connection timed out")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection timed out')
     end
 
     if drupal_with_openid?(res, signature)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Drupal with OpenID module detected')
     end
 
     if generated_with_drupal?(res)
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Drupal detected but OpenID module not found')
     end
 
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine if target is Drupal')
   end
 
   def run
diff --git a/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb b/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb
index c98d44ab46..202efb174c 100644
--- a/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb
+++ b/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb
@@ -74,9 +74,9 @@ class MetasploitModule < Msf::Auxiliary
     test_string = Rex::Text.rand_text_alphanumeric(encoded_swf.length)
     io = URI.parse(exploit_url(test_string)).open
     if io.read.start_with? test_string
-      Msf::Exploit::CheckCode::Vulnerable
+      Msf::Exploit::CheckCode::Vulnerable('JSONP endpoint reflects callback with sufficient length')
     else
-      Msf::Exploit::CheckCode::Safe
+      Msf::Exploit::CheckCode::Safe('JSONP endpoint does not reflect callback as expected')
     end
   end
 
diff --git a/modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb b/modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb
index 82239f6711..b6cb006cee 100644
--- a/modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb
+++ b/modules/auxiliary/gather/hikvision_info_disclosure_cve_2017_7921.rb
@@ -312,11 +312,11 @@ class MetasploitModule < Msf::Auxiliary
     res = get_info(uri)
 
     if res.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response received from the target')
     elsif res.code == 200
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Unauthenticated access to system time endpoint succeeded')
     else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("System time endpoint returned HTTP #{res.code}")
     end
   end
 
diff --git a/modules/auxiliary/gather/jenkins_cred_recovery.rb b/modules/auxiliary/gather/jenkins_cred_recovery.rb
index e4781ebabf..2f2266e337 100644
--- a/modules/auxiliary/gather/jenkins_cred_recovery.rb
+++ b/modules/auxiliary/gather/jenkins_cred_recovery.rb
@@ -83,10 +83,10 @@ class MetasploitModule < Msf::Auxiliary
     # Default version is vulnerable, but can be mitigated by refusing anonymous permission on
     # decryption API. So a version wouldn't be adequate to check.
     if version
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Jenkins detected')
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Target does not appear to be Jenkins')
   end
 
   # Returns all the found Jenkins accounts of a specific domain. The accounts collected only
diff --git a/modules/auxiliary/gather/jetty_web_inf_disclosure.rb b/modules/auxiliary/gather/jetty_web_inf_disclosure.rb
index 61636cc37a..5778a23fdc 100644
--- a/modules/auxiliary/gather/jetty_web_inf_disclosure.rb
+++ b/modules/auxiliary/gather/jetty_web_inf_disclosure.rb
@@ -70,12 +70,12 @@ class MetasploitModule < Msf::Auxiliary
 
     if version == Rex::Version.new('9.4.37.v20210219') || version == Rex::Version.new('9.4.38.v20210224')
       print_good("#{version} vulnerable to CVE-2021-28164")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("Jetty #{version} vulnerable to CVE-2021-28164")
     elsif version.between?(Rex::Version.new('9.4.37'), Rex::Version.new('9.4.43')) ||
           version.between?(Rex::Version.new('10.0.1'), Rex::Version.new('10.0.6')) ||
           version.between?(Rex::Version.new('11.0.1'), Rex::Version.new('11.0.6'))
       print_good("#{version} vulnerable to CVE-2021-34429")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Jetty #{version} vulnerable to CVE-2021-34429")
     end
 
     Exploit::CheckCode::Safe('Server not vulnerable')
diff --git a/modules/auxiliary/gather/joomla_contenthistory_sqli.rb b/modules/auxiliary/gather/joomla_contenthistory_sqli.rb
index 67a4a6f93e..814b3c6b18 100644
--- a/modules/auxiliary/gather/joomla_contenthistory_sqli.rb
+++ b/modules/auxiliary/gather/joomla_contenthistory_sqli.rb
@@ -57,9 +57,9 @@ class MetasploitModule < Msf::Auxiliary
     res = sqli(payload)
 
     if res && res.code == 500 && res.body =~ /#{lmark}#{flag}#{rmark}/
-      Msf::Exploit::CheckCode::Vulnerable
+      Msf::Exploit::CheckCode::Vulnerable('SQL injection confirmed via contenthistory parameter')
     else
-      Msf::Exploit::CheckCode::Safe
+      Msf::Exploit::CheckCode::Safe('SQL injection test did not succeed')
     end
   end
 
diff --git a/modules/auxiliary/gather/joomla_weblinks_sqli.rb b/modules/auxiliary/gather/joomla_weblinks_sqli.rb
index 47475ace9b..afb37de05b 100644
--- a/modules/auxiliary/gather/joomla_weblinks_sqli.rb
+++ b/modules/auxiliary/gather/joomla_weblinks_sqli.rb
@@ -61,22 +61,22 @@ class MetasploitModule < Msf::Auxiliary
     })
 
     if !resp or !resp.body
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Unknown('No response received from the target')
     end
 
     if resp.body =~ /404<\/span> Category not found/
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Joomla detected but com_weblinks component not found')
     end
 
     version = /#{front_marker}(.*)#{back_marker}/.match(resp.body)
 
     if !version
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not determine Joomla version')
     end
 
     version = version[1].gsub(front_marker, '').gsub(back_marker, '')
     print_good("Fingerprinted: #{version}")
-    return Exploit::CheckCode::Vulnerable
+    return Exploit::CheckCode::Vulnerable("Joomla #{version} is vulnerable to com_weblinks SQLi")
   end
 
   def run
diff --git a/modules/auxiliary/gather/microweber_lfi.rb b/modules/auxiliary/gather/microweber_lfi.rb
index c7fdee4464..a8acbd587b 100644
--- a/modules/auxiliary/gather/microweber_lfi.rb
+++ b/modules/auxiliary/gather/microweber_lfi.rb
@@ -62,7 +62,7 @@ class MetasploitModule < Msf::Auxiliary
 
     if res.code == 200 && !res.body.include?('Microweber')
       print_error 'Microweber CMS has not been detected.'
-      Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be running Microweber CMS')
     end
 
     if res.code != 200
@@ -81,22 +81,22 @@ class MetasploitModule < Msf::Auxiliary
       major, minor, build = res_body[/Version:\s+(\d+\.\d+\.\d+)/].gsub(/Version:\s+/, '').split('.')
       version = Rex::Version.new("#{major}.#{minor}.#{build}")
     rescue NoMethodError, TypeError
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Unknown('Could not extract Microweber version')
     end
 
     if version == Rex::Version.new('1.2.10')
       print_good 'Microweber version ' + version.to_s
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Microweber version #{version} is vulnerable")
     end
 
     print_error 'Microweber version ' + version.to_s
 
     if version < Rex::Version.new('1.2.10')
       print_warning 'The versions that are older than 1.2.10 have not been tested. You can follow the exploitation steps of the official vulnerability report.'
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown("Microweber version #{version} has not been tested")
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("Microweber version #{version} is not vulnerable")
   end
 
   def try_login
diff --git a/modules/auxiliary/gather/mybb_db_fingerprint.rb b/modules/auxiliary/gather/mybb_db_fingerprint.rb
index f094f39519..a3bd4db46e 100644
--- a/modules/auxiliary/gather/mybb_db_fingerprint.rb
+++ b/modules/auxiliary/gather/mybb_db_fingerprint.rb
@@ -51,7 +51,7 @@ class MetasploitModule < Msf::Auxiliary
       )
 
       if res.nil? || res.code != 200
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('No response or unexpected HTTP status code')
       end
 
       # Check PhP
@@ -73,12 +73,12 @@ class MetasploitModule < Msf::Auxiliary
       # Check forum MyBB
       if res.body.match("&#077;&#089;&#066;&#066;")
         print_good("MyBB forum found running on #{web_server} / #{php_version}")
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('MyBB forum detected')
       else
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Target does not appear to be a MyBB forum')
       end
     rescue
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('An error occurred during the check')
     end
   end
 
diff --git a/modules/auxiliary/gather/netgear_password_disclosure.rb b/modules/auxiliary/gather/netgear_password_disclosure.rb
index 5c6cd962cf..1202f2ffb0 100644
--- a/modules/auxiliary/gather/netgear_password_disclosure.rb
+++ b/modules/auxiliary/gather/netgear_password_disclosure.rb
@@ -126,10 +126,10 @@ class MetasploitModule < Msf::Auxiliary
       marker_two = "\""
       model = data[/#{marker_one}(.*?)#{marker_two}/m, 1]
       print_good("Router is a NETGEAR router (#{model})")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Target is a NETGEAR router')
     else
       print_error('Router is not a NETGEAR router')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target is not a NETGEAR router')
     end
   end
 end
diff --git a/modules/auxiliary/gather/oats_downloadservlet_traversal.rb b/modules/auxiliary/gather/oats_downloadservlet_traversal.rb
index f5b5f3cb31..ebf7a37822 100644
--- a/modules/auxiliary/gather/oats_downloadservlet_traversal.rb
+++ b/modules/auxiliary/gather/oats_downloadservlet_traversal.rb
@@ -85,9 +85,9 @@ class MetasploitModule < Msf::Auxiliary
     })
 
     if res && res.body.include?('AdfLoopbackUtils.runLoopback')
-      Exploit::CheckCode::Detected
+      Exploit::CheckCode::Detected('Oracle ADF Faces endpoint detected')
     else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('Target does not appear to be Oracle ADF Faces')
     end
   end
 
diff --git a/modules/auxiliary/gather/pacsserver_traversal.rb b/modules/auxiliary/gather/pacsserver_traversal.rb
index e70df20b0b..bdd76ac6a0 100644
--- a/modules/auxiliary/gather/pacsserver_traversal.rb
+++ b/modules/auxiliary/gather/pacsserver_traversal.rb
@@ -65,7 +65,7 @@ class MetasploitModule < Msf::Auxiliary
       end
 
     end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Target does not appear to be Sante PACS Server')
   end
 
   def run
diff --git a/modules/auxiliary/gather/peplink_bauth_sqli.rb b/modules/auxiliary/gather/peplink_bauth_sqli.rb
index 3e5c122fc2..17228ec812 100644
--- a/modules/auxiliary/gather/peplink_bauth_sqli.rb
+++ b/modules/auxiliary/gather/peplink_bauth_sqli.rb
@@ -205,9 +205,9 @@ class MetasploitModule < Msf::Auxiliary
       res.get_cookies.empty? # no Set-Cookie header means the session cookie is valid
     end
     if @sqli.test_vulnerable
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('SQL injection in bauth cookie confirmed')
     else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('SQL injection test did not succeed')
     end
   end
 
diff --git a/modules/auxiliary/gather/qnap_backtrace_admin_hash.rb b/modules/auxiliary/gather/qnap_backtrace_admin_hash.rb
index a655cefd29..acf73eedac 100644
--- a/modules/auxiliary/gather/qnap_backtrace_admin_hash.rb
+++ b/modules/auxiliary/gather/qnap_backtrace_admin_hash.rb
@@ -74,12 +74,12 @@ class MetasploitModule < Msf::Auxiliary
       vprint_status("QNAP #{info[0]} #{info[1..-1].join('-')} detected")
 
       if Rex::Version.new(info[1]) < Rex::Version.new('4.2.3')
-        Exploit::CheckCode::Appears
+        Exploit::CheckCode::Appears("QNAP #{info[0]} version #{info[1]} is older than the patched version 4.2.3")
       else
-        Exploit::CheckCode::Detected
+        Exploit::CheckCode::Detected("QNAP #{info[0]} version #{info[1]} detected but not confirmed vulnerable")
       end
     else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('Target does not appear to be a QNAP device')
     end
   end
 
diff --git a/modules/auxiliary/gather/qnap_lfi.rb b/modules/auxiliary/gather/qnap_lfi.rb
index f818bbbc25..7cf6ef1cba 100644
--- a/modules/auxiliary/gather/qnap_lfi.rb
+++ b/modules/auxiliary/gather/qnap_lfi.rb
@@ -68,7 +68,7 @@ class MetasploitModule < Msf::Auxiliary
     )
 
     unless res && res.code == 200 && (xml = res.get_xml_document)
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be a QNAP device')
     end
 
     info = %w[modelName version build patch].map do |node|
@@ -77,9 +77,9 @@ class MetasploitModule < Msf::Auxiliary
 
     vprint_status("QNAP #{info[0]} #{info[1..].join('-')} detected")
 
-    return Exploit::CheckCode::Appears if info[2].to_i < 20191206
+    return Exploit::CheckCode::Appears("QNAP #{info[0]} build #{info[2]} is older than the patched build 20191206") if info[2].to_i < 20191206
 
-    Exploit::CheckCode::Detected
+    Exploit::CheckCode::Detected("QNAP #{info[0]} #{info[1..].join('-')} detected, but build is not confirmed vulnerable")
   end
 
   def run
diff --git a/modules/auxiliary/gather/rails_doubletap_file_read.rb b/modules/auxiliary/gather/rails_doubletap_file_read.rb
index cbdae0db7f..b4b3d5b794 100644
--- a/modules/auxiliary/gather/rails_doubletap_file_read.rb
+++ b/modules/auxiliary/gather/rails_doubletap_file_read.rb
@@ -64,7 +64,7 @@ class MetasploitModule < Msf::Auxiliary
     # Check if target file is absolute path
     unless datastore['TARGET_FILE'].start_with? '/'
       vprint_error "TARGET_FILE must be an absolute path (eg. /etc/passwd)."
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('TARGET_FILE must be an absolute path')
     end
 
     # Fire off the request
@@ -76,14 +76,14 @@ class MetasploitModule < Msf::Auxiliary
 
     if res.nil?
       vprint_error "Request timed out."
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Request timed out')
     end
 
     if res.body.include? 'root:x:0:0:root:'
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Successfully read /etc/passwd via file disclosure')
     else
       vprint_error 'Target is not vulnerable. Make sure your route is correct.'
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not read /etc/passwd, target may not be vulnerable')
     end
   end
 
diff --git a/modules/auxiliary/gather/ray_lfi_cve_2023_6020.rb b/modules/auxiliary/gather/ray_lfi_cve_2023_6020.rb
index de0066a486..5d9f748587 100644
--- a/modules/auxiliary/gather/ray_lfi_cve_2023_6020.rb
+++ b/modules/auxiliary/gather/ray_lfi_cve_2023_6020.rb
@@ -49,18 +49,18 @@ class MetasploitModule < Msf::Auxiliary
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, 'api/version')
     })
-    return Exploit::CheckCode::Unknown unless res && res.code == 200
+    return Exploit::CheckCode::Unknown('No response or unexpected status from Ray API') unless res && res.code == 200
 
     ray_version = res.get_json_document['ray_version']
 
-    return Exploit::CheckCode::Unknown unless ray_version
+    return Exploit::CheckCode::Unknown('Could not determine Ray version') unless ray_version
 
-    return Exploit::CheckCode::Safe unless Rex::Version.new(ray_version) <= Rex::Version.new('2.6.3')
+    return Exploit::CheckCode::Safe("Ray version #{ray_version} is not vulnerable") unless Rex::Version.new(ray_version) <= Rex::Version.new('2.6.3')
 
     file_content = lfi('/etc/passwd')
-    return Exploit::CheckCode::Vulnerable unless file_content.nil?
+    return Exploit::CheckCode::Vulnerable("Ray #{ray_version} - successfully read /etc/passwd") unless file_content.nil?
 
-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears("Ray version #{ray_version} is in the vulnerable range")
   end
 
   def lfi(filepath)
diff --git a/modules/auxiliary/gather/redis_extractor.rb b/modules/auxiliary/gather/redis_extractor.rb
index 412dba5868..05293839d5 100644
--- a/modules/auxiliary/gather/redis_extractor.rb
+++ b/modules/auxiliary/gather/redis_extractor.rb
@@ -147,7 +147,7 @@ class MetasploitModule < Msf::Auxiliary
       end
     end
     disconnect
-    return info_data ? Msf::Exploit::CheckCode::Appears : Msf::Exploit::CheckCode::Unknown
+    return info_data ? Msf::Exploit::CheckCode::Appears('Redis service detected') : Msf::Exploit::CheckCode::Unknown('Could not confirm Redis service')
   end
 
   def get_keyspace
diff --git a/modules/auxiliary/gather/saltstack_salt_root_key.rb b/modules/auxiliary/gather/saltstack_salt_root_key.rb
index c686b8b6d8..f10c839002 100644
--- a/modules/auxiliary/gather/saltstack_salt_root_key.rb
+++ b/modules/auxiliary/gather/saltstack_salt_root_key.rb
@@ -69,7 +69,7 @@ class MetasploitModule < Msf::Auxiliary
       print_error('Could not find root key in serialized auth info')
 
       # Return CheckCode for exploit/linux/misc/saltstack_salt_unauth_rce
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be a vulnerable SaltStack master')
     end
 
     print_good("Root key: #{root_key}")
@@ -92,7 +92,7 @@ class MetasploitModule < Msf::Auxiliary
     Exploit::CheckCode::Vulnerable(root_key) # And the root key as the reason!
   rescue EOFError, Rex::ConnectionError => e
     print_error("#{e.class}: #{e.message}")
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Connection error occurred')
   ensure
     # This is from Msf::Exploit::Remote::ZeroMQ
     zmq_disconnect
diff --git a/modules/auxiliary/gather/solarwinds_servu_fileread_cve_2024_28995.rb b/modules/auxiliary/gather/solarwinds_servu_fileread_cve_2024_28995.rb
index 0affcd314e..907d2cc4b2 100644
--- a/modules/auxiliary/gather/solarwinds_servu_fileread_cve_2024_28995.rb
+++ b/modules/auxiliary/gather/solarwinds_servu_fileread_cve_2024_28995.rb
@@ -87,7 +87,7 @@ class MetasploitModule < Msf::Auxiliary
       return Msf::Exploit::CheckCode::Vulnerable("SolarWinds Serv-U version #{version[1]} (#{os.nil? ? 'Unknown OS' : os[1]})")
     end
 
-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('Target does not appear to be a vulnerable SolarWinds Serv-U instance')
   end
 
   def run
diff --git a/modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.rb b/modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.rb
index a88abb7327..f1ea48c7ea 100644
--- a/modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.rb
+++ b/modules/auxiliary/gather/solarwinds_webhelpdesk_backdoor.rb
@@ -49,12 +49,12 @@ class MetasploitModule < Msf::Auxiliary
     return Exploit::CheckCode::Unknown('Target is unreachable') unless @auth
 
     if @auth.code == 401
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Backdoor credentials returned 401 Unauthorized')
     elsif @auth.code == 200
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Backdoor credentials returned 200 OK')
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown("Unexpected HTTP response code: #{@auth.code}")
   end
 
   def auth
diff --git a/modules/auxiliary/gather/suite_crm_export_sqli.rb b/modules/auxiliary/gather/suite_crm_export_sqli.rb
index 262b32d0e0..bd917e0756 100644
--- a/modules/auxiliary/gather/suite_crm_export_sqli.rb
+++ b/modules/auxiliary/gather/suite_crm_export_sqli.rb
@@ -76,7 +76,7 @@ class MetasploitModule < Msf::Auxiliary
 
     return Exploit::CheckCode::Vulnerable if version <= Rex::Version.new('7.12.5')
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe("SuiteCRM version #{version} is not vulnerable")
   end
 
   def authenticate
diff --git a/modules/auxiliary/gather/thinmanager_traversal_download.rb b/modules/auxiliary/gather/thinmanager_traversal_download.rb
index d3cc600c71..2ac9d49f5a 100644
--- a/modules/auxiliary/gather/thinmanager_traversal_download.rb
+++ b/modules/auxiliary/gather/thinmanager_traversal_download.rb
@@ -70,12 +70,12 @@ class MetasploitModule < Msf::Auxiliary
       vprint_status('Received handshake response.')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ThinManager ThinServer accepted the handshake')
     elsif res
       vprint_status('Received unexpected handshake response:')
       vprint_status(Rex::Text.to_hex_dump(res))
       disconnect
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Unexpected handshake response from target')
     else
       disconnect
       return Exploit::CheckCode::Unknown('No handshake response received.')
diff --git a/modules/auxiliary/gather/upsmon_traversal.rb b/modules/auxiliary/gather/upsmon_traversal.rb
index acead1be09..1f381c322a 100644
--- a/modules/auxiliary/gather/upsmon_traversal.rb
+++ b/modules/auxiliary/gather/upsmon_traversal.rb
@@ -67,9 +67,9 @@ class MetasploitModule < Msf::Auxiliary
         return Exploit::CheckCode::Detected('UPSMON PRO Web seems to be running on target system.')
       end
 
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target does not appear to be UPSMON PRO')
     end
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('No response received from the target')
   end
 
   def print_ini_field(label, value)
diff --git a/modules/auxiliary/gather/vbulletin_vote_sqli.rb b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
index 1c5fc00b01..ebecc16e04 100644
--- a/modules/auxiliary/gather/vbulletin_vote_sqli.rb
+++ b/modules/auxiliary/gather/vbulletin_vote_sqli.rb
@@ -139,14 +139,14 @@ class MetasploitModule < Msf::Auxiliary
     if res and res.code == 200 and res.body.to_s =~ /"simpleversion": "v=5/
       if get_node
         # Multiple factors determine this LOOKS vulnerable
-        return Msf::Exploit::CheckCode::Appears
+        return Msf::Exploit::CheckCode::Appears('vBulletin vote node found, target appears vulnerable')
       else
         # Not enough information about the vuln state, but at least we know this is vbulletin
-        return Msf::Exploit::CheckCode::Detected
+        return Msf::Exploit::CheckCode::Detected('vBulletin detected but vulnerability not confirmed')
       end
     end
 
-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('Target does not appear to be vBulletin')
   end
 
   def report_cred(opts)
diff --git a/modules/auxiliary/gather/vmware_vcenter_vmdir_ldap.rb b/modules/auxiliary/gather/vmware_vcenter_vmdir_ldap.rb
index da5073b809..eb9e5de817 100644
--- a/modules/auxiliary/gather/vmware_vcenter_vmdir_ldap.rb
+++ b/modules/auxiliary/gather/vmware_vcenter_vmdir_ldap.rb
@@ -94,7 +94,7 @@ class MetasploitModule < Msf::Auxiliary
       unless entries&.find { |entry| entry[:vmwstsprivatekey].any? }
         print_error("#{ldap.peerinfo} is NOT vulnerable to CVE-2020-3952") unless datastore['LDAPPassword'].present?
         print_error('Dump failed')
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe('Dump did not contain expected vmwSTSPrivateKey attribute')
       end
 
       print_good("#{ldap.peerinfo} is vulnerable to CVE-2020-3952") unless datastore['LDAPPassword'].present?
diff --git a/modules/auxiliary/gather/wp_bookingpress_category_services_sqli.rb b/modules/auxiliary/gather/wp_bookingpress_category_services_sqli.rb
index 51b317022b..8e3edff009 100644
--- a/modules/auxiliary/gather/wp_bookingpress_category_services_sqli.rb
+++ b/modules/auxiliary/gather/wp_bookingpress_category_services_sqli.rb
@@ -59,7 +59,7 @@ class MetasploitModule < Msf::Auxiliary
     return Exploit::CheckCode::Unknown(GET_SQLI_OBJECT_FAILED_ERROR_MSG) if @sqli == GET_SQLI_OBJECT_FAILED_ERROR_MSG
     return Exploit::CheckCode::Vulnerable if @sqli.test_vulnerable
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('SQL injection test did not succeed')
   end
 
   def generate_vars_post(sqli)
diff --git a/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb b/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb
index f709eeeccf..6a3c0a7d22 100644
--- a/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb
+++ b/modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb
@@ -92,7 +92,7 @@ class MetasploitModule < Msf::Auxiliary
     return Exploit::CheckCode::Unknown(GET_SQLI_OBJECT_FAILED_ERROR_MSG) if @sqli == GET_SQLI_OBJECT_FAILED_ERROR_MSG
     return Exploit::CheckCode::Vulnerable if @sqli.test_vulnerable
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('SQL injection test did not succeed')
   end
 
   def run
diff --git a/modules/auxiliary/gather/wp_photo_gallery_sqli.rb b/modules/auxiliary/gather/wp_photo_gallery_sqli.rb
index aeda7f7d22..07271ff8df 100644
--- a/modules/auxiliary/gather/wp_photo_gallery_sqli.rb
+++ b/modules/auxiliary/gather/wp_photo_gallery_sqli.rb
@@ -79,7 +79,7 @@ class MetasploitModule < Msf::Auxiliary
     @sqli = get_sqli_object
     return Exploit::CheckCode::Unknown(GET_SQLI_OBJECT_FAILED_ERROR_MSG) if @sqli == GET_SQLI_OBJECT_FAILED_ERROR_MSG
 
-    @sqli.test_vulnerable ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe
+    @sqli.test_vulnerable ? Exploit::CheckCode::Vulnerable('SQL injection confirmed') : Exploit::CheckCode::Safe('SQL injection test did not succeed')
   end
 
   def run
diff --git a/modules/auxiliary/gather/zabbix_toggleids_sqli.rb b/modules/auxiliary/gather/zabbix_toggleids_sqli.rb
index a8b9b0d76a..d4e3a9c3ad 100644
--- a/modules/auxiliary/gather/zabbix_toggleids_sqli.rb
+++ b/modules/auxiliary/gather/zabbix_toggleids_sqli.rb
@@ -60,7 +60,7 @@ class MetasploitModule < Msf::Auxiliary
     res = make_injected_request(query, sid, cookies)
 
     unless res and res.body
-      return Msf::Exploit::CheckCode::Safe
+      return Msf::Exploit::CheckCode::Unknown('No response received from the target')
     end
 
     match = /#{left_marker}(.*)#{right_marker}/.match(res.body)
@@ -70,10 +70,10 @@ class MetasploitModule < Msf::Auxiliary
     end
 
     if match[1] == flag
-      return Msf::Exploit::CheckCode::Vulnerable
+      return Msf::Exploit::CheckCode::Vulnerable('SQL injection confirmed via toggleids parameter')
     end
 
-    Msf::Exploit::CheckCode::Safe
+    Msf::Exploit::CheckCode::Safe('SQL injection test did not succeed')
   end
 
   def run
diff --git a/modules/auxiliary/scanner/http/exchange_proxylogon.rb b/modules/auxiliary/scanner/http/exchange_proxylogon.rb
index 5b447ca6f0..09c218fbc8 100644
--- a/modules/auxiliary/scanner/http/exchange_proxylogon.rb
+++ b/modules/auxiliary/scanner/http/exchange_proxylogon.rb
@@ -77,21 +77,21 @@ class MetasploitModule < Msf::Auxiliary
     unless received
       print_error(message('No response, target seems down.'))
 
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response received from the target')
     end
 
     if received && (received.code != 500 && received.code != 503)
       print_error(message('The target is not vulnerable to CVE-2021-26855.'))
       vprint_error("Obtained HTTP response code #{received.code} for #{full_uri(uri)}.")
 
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("HTTP #{received.code} response indicates target is not vulnerable")
     end
 
     if received.headers['X-CalculatedBETarget'] != 'localhost'
       print_error(message('The target is not vulnerable to CVE-2021-26855.'))
       vprint_error('Could\'t obtain a correct \'X-CalculatedBETarget\' in the response header.')
 
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('X-CalculatedBETarget header does not indicate SSRF vulnerability')
     end
 
     print_good(message('The target is vulnerable to CVE-2021-26855.'))
@@ -105,6 +105,6 @@ class MetasploitModule < Msf::Auxiliary
       info: msg
     )
 
-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('SSRF via ProxyLogon confirmed with X-CalculatedBETarget header')
   end
 end
diff --git a/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb b/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb
index 5e39df5079..e0ca2a1cdf 100644
--- a/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb
+++ b/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb
@@ -73,17 +73,17 @@ class MetasploitModule < Msf::Auxiliary
 
     if v.nil?
       vprint_error("#{ip}:#{rport} - #{version} does not appear to be libssh")
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Unknown("#{version} does not appear to be libssh")
     elsif v.to_s.empty?
       vprint_warning("#{ip}:#{rport} - libssh version not reported")
-      Exploit::CheckCode::Detected
+      Exploit::CheckCode::Detected('libssh detected but version not reported')
     elsif v.between?(Rex::Version.new('0.6.0'), Rex::Version.new('0.7.5')) ||
           v.between?(Rex::Version.new('0.8.0'), Rex::Version.new('0.8.3'))
       vprint_good("#{ip}:#{rport} - #{version} appears to be unpatched")
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears("#{version} appears to be unpatched")
     else
       vprint_error("#{ip}:#{rport} - #{version} appears to be patched")
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe("#{version} appears to be patched")
     end
   end
 
diff --git a/modules/auxiliary/server/relay/relay_get_naa_credentials.rb b/modules/auxiliary/server/relay/relay_get_naa_credentials.rb
index 68ddff1285..ea2fffe3d3 100644
--- a/modules/auxiliary/server/relay/relay_get_naa_credentials.rb
+++ b/modules/auxiliary/server/relay/relay_get_naa_credentials.rb
@@ -80,9 +80,9 @@ class MetasploitModule < Msf::Auxiliary
     )
     disconnect
 
-    return Exploit::CheckCode::Detected if res&.code == 401
+    return Exploit::CheckCode::Detected('SCCM HTTP server detected') if res&.code == 401
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Target does not appear to be an SCCM HTTP server')
   end
 
   def run
diff --git a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb
index 11f2239464..38bd5f7129 100644
--- a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb
+++ b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb
@@ -130,7 +130,7 @@ class MetasploitModule < Msf::Auxiliary
 
     if ports.keys.empty?
       vprint_error('ERROR: This server is not replying to recursive requests')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Server is not replying to recursive requests')
     end
 
     if (reps < 30)
@@ -144,14 +144,14 @@ class MetasploitModule < Msf::Auxiliary
       if (ports_r != 100)
         vprint_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
         # Not exploitable by this tool, so we lower this to Appears on purpose to lower the user's confidence
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears('Source ports are not truly random but may still be exploitable')
       end
     else
       vprint_error('FAIL: This server uses a static source port and is vulnerable to poisoning')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Server uses a static source port')
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Server source ports appear sufficiently random')
   end
 
   def run
diff --git a/modules/auxiliary/spoof/dns/bailiwicked_host.rb b/modules/auxiliary/spoof/dns/bailiwicked_host.rb
index 2c82e4aab4..c06197e820 100644
--- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb
+++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb
@@ -126,7 +126,7 @@ class MetasploitModule < Msf::Auxiliary
 
     if ports.keys.empty?
       vprint_error('ERROR: This server is not replying to recursive requests')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Server is not replying to recursive requests')
     end
 
     if (reps < 30)
@@ -135,7 +135,7 @@ class MetasploitModule < Msf::Auxiliary
 
     unless random
       vprint_error('FAIL: This server uses a static source port and is vulnerable to poisoning')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('Server uses a static source port')
     end
 
     ports_u = ports.keys.length
@@ -145,10 +145,10 @@ class MetasploitModule < Msf::Auxiliary
     if (ports_r != 100)
       vprint_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
       # Not exploitable by this tool, so we lower this to Appears on purpose to lower the user's confidence
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Source ports are not truly random but may still be exploitable')
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Server source ports appear sufficiently random')
   end
 
   def run
diff --git a/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb b/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb
index bff2aae077..c97fb8d939 100644
--- a/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb
+++ b/modules/auxiliary/sqli/dlink/dlink_central_wifimanager_sqli.rb
@@ -78,7 +78,7 @@ class MetasploitModule < Msf::Auxiliary
         res.body[%r{<column>(.+)</column>}m, 1] || ''
       else
         if res
-          check_error = Exploit::CheckCode::Safe
+          check_error = Exploit::CheckCode::Safe('Target responded but does not appear vulnerable')
         else
           check_error = Exploit::CheckCode::Unknown('Failed to send HTTP request')
         end
@@ -86,7 +86,7 @@ class MetasploitModule < Msf::Auxiliary
       end
     end
     vulnerable_test = sqli.test_vulnerable
-    check_error || (vulnerable_test ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe)
+    check_error || (vulnerable_test ? Exploit::CheckCode::Vulnerable('SQL injection confirmed') : Exploit::CheckCode::Safe('SQL injection test did not succeed'))
   end
 
   def dump_data(sqli)
diff --git a/modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb b/modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb
index 419d302dc7..69a1372294 100644
--- a/modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb
+++ b/modules/auxiliary/sqli/openemr/openemr_sqli_dump.rb
@@ -68,16 +68,16 @@ class MetasploitModule < Msf::Auxiliary
     # Check version
     print_status('Trying to detect installed version')
     version = openemr_version
-    return Exploit::CheckCode::Unknown if version.empty?
+    return Exploit::CheckCode::Unknown('Could not determine OpenEMR version') if version.empty?
 
     vprint_status("Version #{version} detected")
     version.sub! ' (', '.'
     version.sub! ')', ''
     version.strip!
 
-    return Exploit::CheckCode::Safe unless Rex::Version.new(version) < Rex::Version.new('5.0.1.7')
+    return Exploit::CheckCode::Safe("OpenEMR version #{version} is not vulnerable") unless Rex::Version.new(version) < Rex::Version.new('5.0.1.7')
 
-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears("OpenEMR version #{version} is in the vulnerable range")
   end
 
   def get_response(payload)