Merge pull request #21349 from adfoster-r7/improve-checkcode-messages-2

Add human-readable descriptions to CheckCode returns in modules
2026-04-22 14:32:05 +01:00
parent de636c1457 2cbb3942b6
commit 380911db97
108 changed files with 297 additions and 295 deletions
@@ -74,7 +74,7 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    unless res && res.code == 200 && res.body.to_s =~ /"result_msg":"MD5 token is invalid"/
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

    res = send_request_cgi({
@@ -87,10 +87,10 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    unless res && res.code == 200 && res.body.to_s =~ /"result_msg":"Success","transaction_id":"/
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

-    Msf::Exploit::CheckCode::Vulnerable
+    Msf::Exploit::CheckCode::Vulnerable('The target is vulnerable')
  end

  def exploit
@@ -75,19 +75,19 @@ class MetasploitModule < Msf::Exploit::Remote
    )
    if !res
      vprint_error("No response from host")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    elsif res.headers['Server'] =~ /Boa\/(.*)/
      vprint_status("Found Boa version #{$1}")
    else
      print_status("Target is not a Boa web server")
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

    if res.body.to_s.index('127.0.0.1 ping statistics')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    else
      vprint_error("Target does not appear to be an Advantech switch")
-      return Expoit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -69,13 +69,13 @@ class MetasploitModule < Msf::Exploit::Remote
      })

      if res && [200, 301, 302].include?(res.code) && res.body.to_s =~ /login.html\?ErrorCode=2/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -87,9 +87,9 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    if res && res.code == 200 && res.body =~ /XPATH syntax error: ':#{r}'/
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('The target is vulnerable')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -75,10 +75,10 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    if res && res.code == 200 && res.body =~ /#{marker}726F6F7440[0-9a-zA-Z]+#{marker}/ # 726F6F7440 = root
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
    else
      print_status("#{res.body}")
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -103,7 +103,7 @@ class MetasploitModule < Msf::Exploit::Remote
    end

    unless Rex::Version.new(version_number) < Rex::Version.new('1.10.11')
-      return CheckCode::Safe
+      return CheckCode::Safe("Version #{version_number} is not vulnerable")
    end

    vprint_status(
@@ -115,7 +115,7 @@ class MetasploitModule < Msf::Exploit::Remote
    check_task
    check_unpaused

-    return CheckCode::Appears
+    return CheckCode::Appears("Version #{version_number} appears to be vulnerable")
  end

  def check_api
@@ -56,11 +56,11 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res && res.body.include?('1.4.2')
-      CheckCode::Appears
+      CheckCode::Appears('The target appears to be vulnerable')
    elsif res && res.code == 200
-      CheckCode::Detected
+      CheckCode::Detected('The target service was detected')
    else
-      CheckCode::Safe
+      CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -77,16 +77,16 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    get_version
-    return CheckCode::Unknown if @version.nil?
+    return CheckCode::Unknown('Could not determine the target status') if @version.nil?

    version = Rex::Version.new(@version)
-    return CheckCode::Unknown if version.version.empty?
+    return CheckCode::Unknown('Could not determine the target status') if version.version.empty?

    vprint_status "Found CouchDB version #{version}"

-    return CheckCode::Appears if version < Rex::Version.new('1.7.0') || version.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.1.0'))
+    return CheckCode::Appears("Version #{version} appears to be vulnerable") if version < Rex::Version.new('1.7.0') || version.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.1.0'))

-    CheckCode::Safe
+    CheckCode::Safe("Version #{version} is not vulnerable")
  end

  def exploit
@@ -138,11 +138,11 @@ class MetasploitModule < Msf::Exploit::Remote
    end

    unless res.code == 200
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

    if res.body.include?(genecho)
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable('The target is vulnerable')
    end

    CheckCode::Unknown('Target does not seem to be running Apache Druid.')
@@ -93,9 +93,9 @@ class MetasploitModule < Msf::Exploit::Remote
    end
    rand_string = Rex::Text.rand_text_alphanumeric(4..16)
    if execute_command("echo #{Rex::Text.encode_base64(rand_string)}|base64 -d").include?(rand_string)
-      CheckCode::Appears
+      CheckCode::Appears('The target appears to be vulnerable')
    else
-      CheckCode::Safe
+      CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -172,7 +172,7 @@ class MetasploitModule < Msf::Exploit::Remote
        return CheckCode::Safe("Artica version: #{version[1]}")
      end
    end
-    CheckCode::Unknown
+    CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -68,9 +68,9 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    if res and res.code == 302 and res.body =~ /direct entry from outside/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end
  end

@@ -90,20 +90,20 @@ class MetasploitModule < Msf::Exploit::Remote
    # obviously not ideal, but if anyone knows better, feel free to change
    unless datastore['USERNAME'] && datastore['PASSWORD']
      # if we cant login, it may still be vuln
-      return Exploit::CheckCode::Unknown 'Check requires credentials. The target may still be vulnerable. If so, it may be possible to bypass authentication.'
+      return Exploit::CheckCode::Unknown('Check requires credentials. The target may still be vulnerable. If so, it may be possible to bypass authentication.')
    end

    student_cookie = login(datastore['USERNAME'], datastore['PASSWORD'], check = true)
    if !student_cookie.nil? && disclose_web_root
      begin
        if upload_shell(student_cookie, check = true) && found
-          return Exploit::CheckCode::Vulnerable
+          return Exploit::CheckCode::Vulnerable('The target is vulnerable')
        end
      rescue Msf::Exploit::Failed => e
        vprint_error(e.message)
      end
    end
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def create_zip_file(check = false)
@@ -85,10 +85,10 @@ class MetasploitModule < Msf::Exploit::Remote
      'uri' => normalize_uri(target_uri.path, '/axis-cgi/prod_brand_info/getbrand.cgi')
    })

-    return CheckCode::Unknown unless res && (res.code == 200)
+    return CheckCode::Unknown('Could not determine the target status') unless res && (res.code == 200)

    body_json = res.get_json_document
-    return CheckCode::Unknown if body_json.empty? || body_json.dig('Brand', 'ProdShortName').nil?
+    return CheckCode::Unknown('Could not determine the target status') if body_json.empty? || body_json.dig('Brand', 'ProdShortName').nil?

    # The brand / model are now known
    check_comment = "The target reports itself to be a '#{body_json.dig('Brand', 'ProdShortName')}'."
@@ -102,7 +102,7 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    # A strange edge case where there is no response... respond detected
-    return CheckCode::Detected unless res
+    return CheckCode::Detected('The target service was detected') unless res
    # Respond safe if credentials fail, to prevent the exploit from running
    return CheckCode::Safe('The user provided credentials did not work.') if res.code == 401
    # Assume any non-200 means the API doesn't exist
@@ -90,10 +90,10 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res && res.code == 204
-      return CheckCode::Appears
+      return CheckCode::Appears('The target appears to be vulnerable')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -72,13 +72,13 @@ class MetasploitModule < Msf::Exploit::Remote
         res.headers['Server'] =~ /minhttpd/ &&
         res.body =~ /u_errpaswd/

-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -83,14 +83,14 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    product_version = get_version
-    return CheckCode::Unknown unless product_version
+    return CheckCode::Unknown('Could not determine the target status') unless product_version

    product_version = Rex::Version.new(product_version)
    if Rex::Version.new(product_version) <= Rex::Version.new('24.3.1')
      return CheckCode::Appears("Detected version #{product_version}")
    end

-    CheckCode::Safe
+    CheckCode::Safe("Version #{product_version} is not vulnerable")
  end

  def exploit
@@ -107,33 +107,33 @@ class MetasploitModule < Msf::Exploit::Remote
    vprint_status("Found Bitbucket version: #{matches[1]}")

    num_vers = Rex::Version.new(version_str)
-    return CheckCode::NotVulnerable if num_vers <= Rex::Version.new('6.10.17')
+    return CheckCode::Safe("Version #{version_str} is not vulnerable") if num_vers <= Rex::Version.new('6.10.17')

    major, minor, revision = version_str.split('.')
    case major
    when '6'
-      return CheckCode::Appears
+      return CheckCode::Appears("Version #{version_str} appears to be vulnerable")
    when '7'
      case minor
      when '6'
-        return CheckCode::Appears if revision.to_i < 17
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 17
      when '17'
-        return CheckCode::Appears if revision.to_i < 10
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 10
      when '21'
-        return CheckCode::Appears if revision.to_i < 4
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 4
      end
    when '8'
      case minor
      when '0', '1'
-        return CheckCode::Appears if revision.to_i < 3
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 3
      when '2'
-        return CheckCode::Appears if revision.to_i < 2
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 2
      when '3'
-        return CheckCode::Appears if revision.to_i < 1
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 1
      end
    end

-    CheckCode::Detected
+    CheckCode::Detected("Target detected: version #{version_str}")
  end

  def username
@@ -89,27 +89,27 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error('Connection timed out')
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    html = res.get_html_document
    generator_tag = html.at('meta[@name="generator"]')
    unless generator_tag
      vprint_error('No generator metadata tag found in HTML')
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

    content_attr = generator_tag.attributes['content']
    unless content_attr
      vprint_error("No content attribute found in metadata tag")
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

    if content_attr.value == 'Bludit'
-      return CheckCode::Detected
+      return CheckCode::Detected('The target service was detected')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def get_uuid(login_badge)
@@ -75,10 +75,10 @@ class MetasploitModule < Msf::Exploit::Remote

    if res.body.include?('var model = "CMS') && res.body.include?('STR_CAYIN_LOGO')
      print_good('Cayin CMS install detected')
-      return CheckCode::Detected
+      return CheckCode::Detected('Cayin CMS install detected')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not a Cayin CMS install')
  rescue ::Rex::ConnectionError
    CheckCode::Safe('Could not connect to the web service, check URI Path and IP')
  end
@@ -71,7 +71,7 @@ class MetasploitModule < Msf::Exploit::Remote
    res = send_session_id(random_id)

    unless res && res.code == 200 && res.headers['Content-Type'] && res.headers['Content-Type'] == 'image/gif'
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

    injection = "#{random_id}' or 'a'='a"
@@ -79,13 +79,13 @@ class MetasploitModule < Msf::Exploit::Remote

    if res && res.code == 200
      if res.body && res.body.to_s =~ /sh: graph: command not found/
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
      elsif res.headers['Content-Type'] && res.headers['Content-Type'] == 'image/gif'
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -60,9 +60,9 @@ class MetasploitModule < Msf::Exploit::Remote

      if version && Rex::Version.new(version) <= Rex::Version.new('2.5.3')
        vprint_good("Version Detected: #{version}")
-        Exploit::CheckCode::Appears
+        Exploit::CheckCode::Appears('The target appears to be vulnerable')
      else
-        Exploit::CheckCode::Safe
+        Exploit::CheckCode::Safe('The target is not vulnerable')
      end
    rescue ::Rex::ConnectionError
      fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service")
@@ -66,10 +66,10 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res and res.code == 200 and res.body.to_s =~ /EVM ping response/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -190,7 +190,7 @@ class MetasploitModule < Msf::Exploit::Remote
    marker = Rex::Text.rand_text_alphanumeric(8..16)
    res = execute_command("echo #{marker}")
    if res && res.code == 200 && res.body.include?('wsConvertPptResponse') && res.body.include?(marker)
-      CheckCode::Vulnerable
+      CheckCode::Vulnerable('The target is vulnerable')
    else
      CheckCode::Safe('No valid response received from the target.')
    end
@@ -90,16 +90,16 @@ class MetasploitModule < Msf::Exploit::Remote
        end
      rescue Timeout::Error
        vprint_error('The SSH connection timed out.')
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Could not determine the target status')
      rescue Net::SSH::AuthenticationFailed
        # Hey, it talked. So that means SSH is running.
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears('The target appears to be vulnerable')
      rescue Net::SSH::Exception => e
        vprint_error(e.message)
      end
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def get_sf_action_id(sid)
@@ -87,7 +87,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'SSL' => true
    )
    unless res_ssl && res_ssl.body[%r{<title>(?:Hyperflex Installer|Cisco HyperFlex Connect)</title>}]
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

    # The vulnerability, however, lies on the HTTP endpoint /upload.
@@ -96,12 +96,12 @@ class MetasploitModule < Msf::Exploit::Remote
      'uri' => normalize_uri(target_uri.path, 'upload')
    )
    if res && res.code == 400 && res.body.include?('Apache Tomcat') && res.headers['Server'] && res.headers['Server'].include?('nginx')
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
    elsif res && res.code == 404
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

-    CheckCode::Unknown
+    CheckCode::Unknown('Could not determine the target status')
  end

  def prepare_payload(app_base, jsp_name)
@@ -84,11 +84,11 @@ class MetasploitModule < Msf::Exploit::Remote
      'uri' => normalize_uri(target_uri.path, 'storfs-asup')
    )

-    return CheckCode::Unknown unless res
+    return CheckCode::Unknown('Could not determine the target status') unless res

    unless res.code == 200 &&
           res.body.include?('Action for the servlet need be specified.')
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

    CheckCode::Appears('Storfs ASUP servlet detected.')
@@ -75,17 +75,17 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error 'Connection failed'
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    if res.code == 404 && res.body.length == 0
      # at the moment this is the best way to detect
      # a 404 in swimtemp only returns the error code with a body length of 0,
      # while a 404 to another webapp or to the root returns code plus a body with content
-      return CheckCode::Detected
+      return CheckCode::Detected('The target service was detected')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def upload_payload(payload)
@@ -190,18 +190,18 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error('Connection failed.')
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    unless res.code == 200
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

    unless res.body =~ /PASSWD/
-      return CheckCode::Detected
+      return CheckCode::Detected('The target service was detected')
    end

-    CheckCode::Vulnerable
+    CheckCode::Vulnerable('The target is vulnerable')
  end

  def exploit
@@ -74,10 +74,10 @@ class MetasploitModule < Msf::Exploit::Remote
      'method' => 'GET'
    })
    if res and res.code == 302
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -105,14 +105,14 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error('No response from the server')
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    if res.code == 200 && res.headers['Server'] && res.headers['Server'] == 'Prime'
-      return CheckCode::Detected
+      return CheckCode::Detected('The target service was detected')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def get_jsp_stager(out_file, bin_data)
@@ -181,9 +181,9 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res&.body&.include?('mkdir()') && res.body.include?(nonce)
-      CheckCode::Vulnerable
+      CheckCode::Vulnerable('The target is vulnerable')
    else
-      CheckCode::Safe
+      CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -244,9 +244,9 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    check_phpinfo
-    return CheckCode::Appears unless @config['upload_tmp_dir'].nil? || @config['document_root'].nil?
+    return CheckCode::Appears('The target appears to be vulnerable') unless @config['upload_tmp_dir'].nil? || @config['document_root'].nil?

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -87,9 +87,9 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    if bypass_login.nil?
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
    else
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears('The target appears to be vulnerable')
    end
  end

@@ -343,55 +343,55 @@ class MetasploitModule < Msf::Exploit::Remote
    fingerprints = {
      '69d906ddd59eb6755a7b9c4f46ea11cdaa47c706' => {
        'version' => 'Cisco RV110W 1.1.0.9',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '8d3b677d870425198f7fae94d6cfe262551aa8bd' => {
        'version' => 'Cisco RV110W 1.2.0.9',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '134ee643ec877641030211193a43cc5e93c96a06' => {
        'version' => 'Cisco RV110W 1.2.0.10',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      'e3b2ec9d099a3e3468f8437e5247723643ff830e' => {
        'version' => 'Cisco RV110W 1.2.1.4, 1.2.1.7, 1.2.2.1 (not vulnerable), 1.2.2.4 (not vulnerable)',
-        'status' => Exploit::CheckCode::Unknown
+        'status' => Exploit::CheckCode::Unknown('Could not determine the target status')
      },
      '6b7b1e8097e8dda26db27a09b8176b9c32b349b3' => {
        'version' => 'Cisco RV130/RV130W 1.0.0.21',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '9b1a87b752d11c5ba97dd80d6bae415532615266' => {
        'version' => 'Cisco RV130/RV130W 1.0.1.3',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '9b6399842ef69cf94409b65c4c61017c862b9d09' => {
        'version' => 'Cisco RV130/RV130W 1.0.2.7',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '8680ec6df4f8937acd3505a4dd36d40cb02c2bd6' => {
        'version' => 'Cisco RV130/RV130W 1.0.3.14, 1.0.3.16',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '8c8e05de96810a02344d96588c09b21c491ede2d' => {
        'version' => 'Cisco RV130/RV130W 1.0.3.22, 1.0.3.28, 1.0.3.44, 1.0.3.45 (not vulnerable), 1.0.3.51 (not vulnerable)',
-        'status' => Exploit::CheckCode::Unknown
+        'status' => Exploit::CheckCode::Unknown('Could not determine the target status')
      },
      '2f29a0dfa78063d643eb17388e27d3f804ff6765' => {
        'version' => 'Cisco RV215W 1.1.0.5',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      'e5cc84d7c9c2d840af85d5f25cee33baffe3ca6f' => {
        'version' => 'Cisco RV215W 1.1.0.6',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '7cc8fcce5949a68c31641c38255e7f6ed31ff4db' => {
        'version' => 'Cisco RV215W 1.2.0.14 or 1.2.0.15',
-        'status' => Exploit::CheckCode::Vulnerable
+        'status' => Exploit::CheckCode::Vulnerable('The target is vulnerable')
      },
      '050d47ea944eaeadaec08945741e8e380f796741' => {
        'version' => 'Cisco RV215W 1.3.0.7 or 1.3.0.8, 1.3.1.1 (not vulnerable), 1.3.1.4 (not vulnerable)',
-        'status' => Exploit::CheckCode::Unknown
+        'status' => Exploit::CheckCode::Unknown('Could not determine the target status')
      }
    }

@@ -409,7 +409,7 @@ class MetasploitModule < Msf::Exploit::Remote
        print_status("Couldn't reliably fingerprint the target.")
      end
    end
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -148,9 +148,9 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def check
-    return Exploit::CheckCode::Safe if get_apps.nil?
+    return Exploit::CheckCode::Safe('The target is not vulnerable') if get_apps.nil?

-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears('The target appears to be vulnerable')
  end

  def exploit
@@ -74,9 +74,9 @@ class MetasploitModule < Msf::Exploit::Remote
    # If we've managed to get token, that means target is most likely vulnerable.
    token = get_token
    if token.nil?
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
    else
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears('The target appears to be vulnerable')
    end
  end

@@ -70,13 +70,13 @@ class MetasploitModule < Msf::Exploit::Remote
      })

      if res && [200, 301, 302].include?(res.code) && res.body.to_s =~ /status.*uid/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -78,19 +78,19 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_status("The connection timed out.")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

    if res.code && res.code == 404
      vprint_status("uploadfile.htm does not exist")
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    elsif res.code && res.code == 401 && res.headers['WWW-Authenticate'] =~ /realm="DCS\-931L"/
      vprint_error("Authentication failed")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    elsif res.code && res.code == 200 && res.body && res.body =~ /Upload File/
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
    end
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -85,10 +85,10 @@ class MetasploitModule < Msf::Exploit::Remote
  def check
    res = send_request_cgi({ 'uri' => '/comm.asp' })
    if res and res.code == 200 and res.body =~ /var modelname="DIR-605L"/ and res.headers["Server"] and res.headers["Server"] =~ /Boa\/0\.94\.14rc21/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('DIR-605L with Boa server detected, appears vulnerable')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not a vulnerable DIR-605L')
  end

  def exploit
@@ -63,16 +63,16 @@ class MetasploitModule < Msf::Exploit::Remote
        auth = res.headers['Server']
        if auth =~ /DIR-850L/
          if auth =~ /WEBACCESS\/1\.0/
-            return Exploit::CheckCode::Safe
+            return Exploit::CheckCode::Safe('The target is not vulnerable')
          else
-            return Exploit::CheckCode::Detected
+            return Exploit::CheckCode::Detected('The target service was detected')
          end
        end
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def report_cred(opts)
@@ -67,26 +67,26 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error('Connection failed')
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    unless res.code.to_i == 200 && res.body.include?('DSL-2750')
      vprint_status('Remote host is not a DSL-2750')
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

    if res.body =~ /var AYECOM_FWVER="(\d.\d+)";/
      version = Regexp.last_match[1]
      vprint_status("Remote host is a DSL-2750B with firmware version #{version}")
      if version >= "1.01" && version <= "1.03"
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
      end
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  rescue ::Rex::ConnectionError
    vprint_error('Connection failed')
-    return CheckCode::Unknown
+    return CheckCode::Unknown('Could not determine the target status')
  end

  def execute_command(cmd, _opts)
@@ -68,13 +68,13 @@ class MetasploitModule < Msf::Exploit::Remote
      })

      if res && res.headers["Server"] =~ /lighttpd\/1\.4\.34/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -69,16 +69,16 @@ class MetasploitModule < Msf::Exploit::Remote
      if res && [200, 301, 302].include?(res.code)
        if res.body =~ /DSP-W215A1/ && res.body =~ /1.02/
          @my_target = targets[1] if target['auto']
-          return Exploit::CheckCode::Appears
+          return Exploit::CheckCode::Appears('The target appears to be vulnerable')
        end

-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -69,13 +69,13 @@ class MetasploitModule < Msf::Exploit::Remote
      })

      if res && [200, 301, 302].include?(res.code) && res.body.to_s =~ /unsupported HTTP request/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -83,22 +83,22 @@ class MetasploitModule < Msf::Exploit::Remote
      if res && [200, 301, 302].include?(res.code)
        if res.body =~ /DIR-505/ && res.body =~ /1.07/
          @my_target = targets[3] if target['auto']
-          return Exploit::CheckCode::Appears
+          return Exploit::CheckCode::Appears('The target appears to be vulnerable')
        elsif res.body =~ /DIR-505/ && res.body =~ /1.06/
          @my_target = targets[2] if target['auto']
-          return Exploit::CheckCode::Appears
+          return Exploit::CheckCode::Appears('The target appears to be vulnerable')
        elsif res.body =~ /DSP-W215/ && res.body =~ /1.00/
          @my_target = targets[1] if target['auto']
-          return Exploit::CheckCode::Appears
+          return Exploit::CheckCode::Appears('The target appears to be vulnerable')
        else
-          return Exploit::CheckCode::Detected
+          return Exploit::CheckCode::Detected('The target service was detected')
        end
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -76,13 +76,13 @@ class MetasploitModule < Msf::Exploit::Remote
      })

      if res && [200].include?(res.code) && res.body =~ /D-Link/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -115,13 +115,13 @@ class MetasploitModule < Msf::Exploit::Remote
      })

      if res && res.code == 500
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def calc_encode_addr(offset, big_endian = true)
@@ -76,13 +76,13 @@ class MetasploitModule < Msf::Exploit::Remote
        'uri' => '/InternetGatewayDevice.xml'
      })
      if res && [200, 301, 302].include?(res.code) && res.body.to_s =~ /<modelNumber>DIR-/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -73,12 +73,12 @@ class MetasploitModule < Msf::Exploit::Remote
      )
      if res && res.body
        if /Summary of/ =~ res.body
-          Exploit::CheckCode::Vulnerable
+          Exploit::CheckCode::Vulnerable('The target is vulnerable')
        else
-          Exploit::CheckCode::Safe
+          Exploit::CheckCode::Safe('The target is not vulnerable')
        end
      else
-        Exploit::CheckCode::Safe
+        Exploit::CheckCode::Safe('The target is not vulnerable')
      end
    rescue ::Rex::ConnectionError
      fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service")
@@ -161,14 +161,14 @@ class MetasploitModule < Msf::Exploit::Remote

    if res.nil?
      print_error('Failed to connect to the target')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

    if res && res.code == 200 && res.headers['Server'].include?('Docker')
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -71,9 +71,9 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    if res and res.body =~ /Dolibarr 3\.1\.1/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -80,7 +80,7 @@ class MetasploitModule < Msf::Exploit::Remote
        'Cookie' => "session=#{@session}" # Set the JWT token as a cookie
      }
    })
-    return Exploit::CheckCode::Unknown unless res&.code == 200
+    return Exploit::CheckCode::Unknown('Could not determine the target status') unless res&.code == 200

    html_document = res.get_html_document
    return Exploit::CheckCode::Unknown('Failed to get html document.') if html_document.blank?
@@ -99,9 +99,9 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    @staging_key = get_staging_key
-    return Exploit::CheckCode::Safe if @staging_key.nil?
+    return Exploit::CheckCode::Safe('The target is not vulnerable') if @staging_key.nil?

-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears('The target appears to be vulnerable')
  end

  def aes_encrypt(key, data, include_mac: false)
@@ -75,11 +75,11 @@ class MetasploitModule < Msf::Exploit::Remote
      'uri' => normalize_uri('/login')
    })

-    return Exploit::CheckCode::Unknown unless res&.code == 200
+    return Exploit::CheckCode::Unknown('Could not determine the target status') unless res&.code == 200

    html_body = res.get_html_document
    version_html = html_body.at('//p[contains(text(), "App version")]/strong')&.text
-    return Exploit::CheckCode::Unknown unless version_html
+    return Exploit::CheckCode::Unknown('Could not determine the target status') unless version_html

    return Exploit::CheckCode::Safe('Debug mode not enabled.') unless html_body.at('input[@name="_Token[debug]"]')

@@ -67,10 +67,10 @@ class MetasploitModule < Msf::Exploit::Remote

    # If the server doesn't return the default redirection, probably something is wrong
    if res and res.code == 200 and res.body =~ /#{clue}/
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -223,12 +223,12 @@ class MetasploitModule < Msf::Exploit::Remote
    # any other response is considered not vulnerable
    res = create_script('', '')
    if res && res.code == 500 && res.body =~ /path is empty/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
    elsif res && res.code == 401
      print_warning("HTTP/#{res.proto} #{res.code} #{res.message} -- incorrect USERNAME or PASSWORD?")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -105,10 +105,10 @@ class MetasploitModule < Msf::Exploit::Remote
        'password' => datastore['HttpPassword']
      })

-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable("Exploitable: version #{version} is vulnerable")
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
  end

  def send_cmd(cmd)
@@ -101,24 +101,24 @@ class MetasploitModule < Msf::Exploit::Remote
      'method' => 'GET'
    })

-    return CheckCode::Unknown unless res&.code == 401
+    return CheckCode::Unknown('Could not determine the target status') unless res&.code == 401

    body = res.get_json_document

-    return CheckCode::Safe unless body.key?('message') && body['kind'] == ':resterrorresponse'
+    return CheckCode::Safe('The target is not vulnerable') unless body.key?('message') && body['kind'] == ':resterrorresponse'

    signature = Rex::Text.rand_text_alpha(13)
    stub = "echo #{signature}"
    res = send_command(stub)
-    return CheckCode::Safe unless res&.code == 200
+    return CheckCode::Safe('The target is not vulnerable') unless res&.code == 200

    body = res.get_json_document

-    return CheckCode::Safe unless body['kind'] == 'tm:util:bash:runstate'
+    return CheckCode::Safe('The target is not vulnerable') unless body['kind'] == 'tm:util:bash:runstate'

-    return CheckCode::Vulnerable if body['commandResult'].chomp == signature
+    return CheckCode::Vulnerable('The target is vulnerable') if body['commandResult'].chomp == signature

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -114,7 +114,7 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def check
-    generate_token_ssrf ? CheckCode::Vulnerable : CheckCode::Safe
+    generate_token_ssrf ? CheckCode::Vulnerable('The target is vulnerable') : CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -155,7 +155,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'uri' => normalize_uri(target_uri.path, '/system/status')
    })

-    return CheckCode::Safe unless res&.code == 200
+    return CheckCode::Safe('The target is not vulnerable') unless res&.code == 200

    version = res.get_json_document['version']

@@ -139,7 +139,7 @@ class MetasploitModule < Msf::Exploit::Remote
    j = JSON.parse(res.body)

    # Tested against vulnerable FortiWeb versions 8.0.1, 7.4.8, 6.4.3, and 6.3.9
-    return Exploit::CheckCode::Appears if j.dig('results', 'errcode') == -56
+    return Exploit::CheckCode::Appears('The target appears to be vulnerable') if j.dig('results', 'errcode') == -56

    CheckCode::Unknown('Unexpected JSON results')
  rescue JSON::ParserError
@@ -81,13 +81,13 @@ class MetasploitModule < Msf::Exploit::Remote
        }
      })
      if res && res.body =~ /#{clue}/
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def execute_command(cmd, opts)
@@ -166,10 +166,10 @@ class MetasploitModule < Msf::Exploit::Remote
    rex_version = Rex::Version.new(version)
    vprint_status("Found Geutebruck version #{rex_version}")
    if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5')
-      return CheckCode::Appears
+      return CheckCode::Appears("Version #{version} appears to be vulnerable")
    end

-    CheckCode::Safe
+    CheckCode::Safe("Version #{version} is not vulnerable")
  end

  def exploit
@@ -82,10 +82,10 @@ class MetasploitModule < Msf::Exploit::Remote
    version = Rex::Version.new(@version)
    vprint_status "Found Geutebruck version #{version}"
    if version < Rex::Version.new('1.12.0.25') || version == Rex::Version.new('1.12.13.2') || version == Rex::Version.new('1.12.14.5')
-      return CheckCode::Appears
+      return CheckCode::Appears("Version #{version} appears to be vulnerable")
    end

-    CheckCode::Safe
+    CheckCode::Safe("Version #{version} is not vulnerable")
  end

  def exploit
@@ -77,12 +77,12 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error('Connection timed out.')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

    unless res.get_cookies.match(/^_gh_manage/)
      vprint_error('No _gh_manage value in cookie found')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end

    cookies = res.get_cookies
@@ -97,10 +97,10 @@ class MetasploitModule < Msf::Exploit::Remote

    if expected_hmac == hmac
      vprint_status("The HMACs match, which means you can sign and tamper the cookie.")
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def get_ruby_code
@@ -65,7 +65,7 @@ class MetasploitModule < Msf::Exploit::Remote
    repo = get_repo

    if repo.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

    chk = Rex::Text.encode_base64(rand_text_alpha(rand(32) + 5))
@@ -74,13 +74,13 @@ class MetasploitModule < Msf::Exploit::Remote

    if res && res.body
      if res.body.include?(Rex::Text.decode_base64(chk))
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
      elsif res.body.to_s =~ /sh.*not found/
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
      end
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -117,7 +117,7 @@ class MetasploitModule < Msf::Exploit::Remote
    if @token.nil? || @sid.nil? || @html.nil?
      return Exploit::CheckCode::Safe('Failed to retrieve htmLawed page')
    end
-    return Exploit::CheckCode::Appears if @html.to_s.include?('htmLawed')
+    return Exploit::CheckCode::Appears('The target appears to be vulnerable') if @html.to_s.include?('htmLawed')

    return Exploit::CheckCode::Safe('Unable to determine htmLawed status')
  end
@@ -251,10 +251,10 @@ class MetasploitModule < Msf::Exploit::Remote
    # Find a valid CGI target
    target_uri = find_target_cgi
    unless target_uri
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    return Exploit::CheckCode::Vulnerable
+    return Exploit::CheckCode::Vulnerable('The target is vulnerable')
  end

  # Upload and LD_PRELOAD execute the shared library payload
@@ -60,18 +60,18 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error "#{peer} Connection failed"
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    unless res.code == 200 && res.body =~ /goautodial/
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end

    unless res.body =~ /1421902800/
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable('The target is vulnerable')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def check_version
@@ -96,7 +96,7 @@ class MetasploitModule < Msf::Exploit::Remote
      return CheckCode::Detected('phonecookie authentication bypassed successfully.')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def execute_command(cmd, _opts = {})
@@ -69,9 +69,9 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res && res.get_hidden_inputs.first&.fetch('admin-nonce')
-      CheckCode::Appears
+      CheckCode::Appears('The target appears to be vulnerable')
    else
-      CheckCode::Safe
+      CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -76,11 +76,11 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    if res and res.body =~ /GroundWork.*6\.7\.0/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
    elsif res and res.body =~ /GroundWork/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -59,14 +59,14 @@ class MetasploitModule < Msf::Exploit::Remote
      )
    rescue Rex::ConnectionError
      vprint_error("#{peer} - Connection failed")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    if res && res.code == 200 && res.body.include?('application-id')
-      return CheckCode::Appears
+      return CheckCode::Appears('The target appears to be vulnerable')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -79,13 +79,13 @@ class MetasploitModule < Msf::Exploit::Remote

    if res.nil?
      vprint_error("Connection timed out")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    elsif res.code == 200 and res.body =~ /"HP System Management Homepage v(.*)"/
      version = $1
-      return Exploit::CheckCode::Appears if version <= "7.1.1.1"
+      return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") if version <= "7.1.1.1"
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe(version ? "Version #{version} is not vulnerable" : 'The target is not vulnerable')
  end

  def exploit
@@ -94,7 +94,7 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def check
-    checkcode = CheckCode::Safe
+    checkcode = CheckCode::Safe('The target is not vulnerable')

    res = send_request_cgi(
      'method' => 'POST',
@@ -105,11 +105,11 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res.nil?
-      checkcode = CheckCode::Unknown
+      checkcode = CheckCode::Unknown('Could not determine the target status')
    elsif res && res.code == 400 && res.body.include?('Missing field: name')
-      checkcode = CheckCode::Appears
+      checkcode = CheckCode::Appears('The target appears to be vulnerable')
    elsif res && res.code == 401 && res.body =~ /Missing|Invalid token/
-      checkcode = CheckCode::Safe
+      checkcode = CheckCode::Safe('The target is not vulnerable')
    end

    checkcode
@@ -104,14 +104,14 @@ class MetasploitModule < Msf::Exploit::Remote
      )
    rescue ::Rex::ConnectionError
      print_error("#{rhost}:#{rport} - Could not connect to device")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

    if res && res.code == 200 && res.to_s =~ httpd_fingerprint
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  #
@@ -86,10 +86,10 @@ class MetasploitModule < Msf::Exploit::Remote
    if res && (res.code == 302) &&
       res.headers['Location'].include?('localhost:8765') &&
       res.headers['Location'].include?('saml/idpSelection')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  # post-exploitation:
@@ -90,17 +90,17 @@ class MetasploitModule < Msf::Exploit::Remote

    if res.nil?
      vprint_error 'Connection failed'
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    if res.code == 403
-      return CheckCode::Detected
+      return CheckCode::Detected('The target service was detected')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  rescue ::Rex::ConnectionError
    vprint_error 'Connection failed'
-    return CheckCode::Unknown
+    return CheckCode::Unknown('Could not determine the target status')
  end

  # Handle incoming requests from QRadar
@@ -100,7 +100,7 @@ class MetasploitModule < Msf::Exploit::Remote
      res&.code == 200 && res.body.include?('ICT Innovations')
    end

-    return CheckCode::Safe unless fingerprint_found
+    return CheckCode::Safe('The target is not vulnerable') unless fingerprint_found

    print_good('JS fingerprint found; performing timing tests')

@@ -70,14 +70,14 @@ class MetasploitModule < Msf::Exploit::Remote
      res = execute_command('id')
    rescue => e
      vprint_error("#{e}")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
    end

    if res.body =~ /uid=\d+/
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable('The target is vulnerable')
    end

-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -69,7 +69,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'api/v1/app/version')
    })
-    return Exploit::CheckCode::Unknown unless res&.code == 200
+    return Exploit::CheckCode::Unknown('Could not determine the target status') unless res&.code == 200

    json_version = res&.get_json_document&.fetch('version', nil)
    return Exploit::CheckCode::Unknown('Failed to parse version.') unless json_version
@@ -74,9 +74,9 @@ class MetasploitModule < Msf::Exploit::Remote
      /\<strong\>IPFire (?<version>[\d.]{4}) \([\w]+\) - Core Update (?<update>[\d]+)/ =~ res.body

      if version && update && version == "2.15" && update.to_i < 83
-        Exploit::CheckCode::Appears
+        Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
      else
-        Exploit::CheckCode::Safe
+        Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
      end
    rescue ::Rex::ConnectionError
      fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service")
@@ -74,16 +74,16 @@ class MetasploitModule < Msf::Exploit::Remote
      end
      if version.nil? || update.nil? || !Rex::Version.correct?(version)
        vprint_error('No Recognizable Version Found')
-        CheckCode::Safe
+        CheckCode::Safe('The target is not vulnerable')
      elsif Rex::Version.new(version) <= Rex::Version.new('2.19') && update.to_i <= 110
-        CheckCode::Appears
+        CheckCode::Appears('The target appears to be vulnerable')
      else
        vprint_error('Version and/or Update Not Supported')
-        CheckCode::Safe
+        CheckCode::Safe('The target is not vulnerable')
      end
    rescue ::Rex::ConnectionError
      print_error("Connection Failed")
-      CheckCode::Safe
+      CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -71,9 +71,9 @@ class MetasploitModule < Msf::Exploit::Remote
      /\<strong\>IPFire (?<version>[\d.]{4}) \([\w]+\) - Core Update (?<update>[\d]+)/ =~ res.body

      if version && update && version == "2.19" && update.to_i < 101
-        Exploit::CheckCode::Appears
+        Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
      else
-        Exploit::CheckCode::Safe
+        Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
      end
    rescue ::Rex::ConnectionError
      fail_with(Failure::Unreachable, "#{peer} - Could not connect to the web service")
@@ -96,7 +96,7 @@ class MetasploitModule < Msf::Exploit::Remote
        end
      end
    end
-    CheckCode::Safe
+    CheckCode::Safe("Version #{version} is not vulnerable")
  end

  def authenticate
@@ -83,7 +83,7 @@ class MetasploitModule < Msf::Exploit::Remote
    return CheckCode::Unknown('Connection failed') unless res

    # If the vendor mitigation has been applied, the request will return 403 Forbidden.
-    return CheckCode::Safe if res.code != 200
+    return CheckCode::Safe('The target is not vulnerable') if res.code != 200

    # By here we know the target is vulnerable, we can pull out the exact version information from the expected JSON
    # response, this is only for display purposes, we don't need to test the version information.
@@ -81,13 +81,13 @@ class MetasploitModule < Msf::Exploit::Remote

    return CheckCode::Unknown('Connection failed') unless res

-    return CheckCode::Safe if res.code != 200
+    return CheckCode::Safe('The target is not vulnerable') if res.code != 200

    if res.body.include? 'Pulse Secure'
-      return CheckCode::Detected
+      return CheckCode::Detected('The target service was detected')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -176,7 +176,7 @@ class MetasploitModule < Msf::Exploit::Remote
      return CheckCode::Safe("Version number: #{version}")
    end

-    return CheckCode::Appears
+    return CheckCode::Appears("Version #{version} appears to be vulnerable")
  end

  def confirm_login_user(uri)
@@ -153,7 +153,7 @@ class MetasploitModule < Msf::Exploit::Remote
    print_status("Checking if #{peer} can be exploited.")
    res = check_vuln
    return CheckCode::Unknown('No response received from the target.') unless res
-    return CheckCode::Safe unless res.code == 200 && !res.body.blank? && res.body =~ /<c123>/
+    return CheckCode::Safe('The target is not vulnerable') unless res.code == 200 && !res.body.blank? && res.body =~ /<c123>/

    begin
      parsed_html = Nokogiri::HTML.parse(res.body)
@@ -90,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Remote
    return Exploit::CheckCode::Unknown('The target did not respond to the vulnerable endpoint') unless res
    return Exploit::CheckCode::Safe("A vulnerable instance should respond with an HTTP 405 with the string: 'HessianServiceExporter only supports POST requests' in the response body") unless res.code == 405 && res.body.include?('HessianServiceExporter only supports POST requests')

-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears('The target appears to be vulnerable')
  end

  def execute_command(cmd, _opts = {})
@@ -82,7 +82,7 @@ class MetasploitModule < Msf::Exploit::Remote
    vers_no = Rex::Version.new(version)
    return Exploit::CheckCode::Appears("Jenkins version #{version} detected") if vers_no < Rex::Version.new('2.54')

-    Exploit::CheckCode::Detected
+    Exploit::CheckCode::Detected("Target detected: version #{vers_no}")
  end

  def exploit
@@ -99,16 +99,16 @@ class MetasploitModule < Msf::Exploit::Remote
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'version')
    })
-    return Exploit::CheckCode::Unknown unless res&.code == 200
+    return Exploit::CheckCode::Unknown('Could not determine the target status') unless res&.code == 200

    version = Rex::Version.new(res.body)
    return Exploit::CheckCode::Safe("Version #{version} detected, which is not vulnerable") unless version <= Rex::Version.new('1.13.0')

    print_status("Version #{version} detected, which is vulnerable")

-    return Exploit::CheckCode::Appears if compile_language_ids
+    return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") if compile_language_ids

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -205,7 +205,7 @@ class MetasploitModule < Msf::Exploit::Remote
        return CheckCode::Detected("Kafka-ui unknown version: #{@version}")
      end
    end
-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -90,14 +90,14 @@ class MetasploitModule < Msf::Exploit::Remote

    if res && res.redirect?
      print_error("Got a redirect, maybe you are not using https? #{res.headers['Location']}")
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
    elsif res && res.body.include?(r)
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('The target is vulnerable')
    elsif !check_entryid
      print_error("Invalid ENTRYID")
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -79,9 +79,9 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res && res.body.include?(r)
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('The target is vulnerable')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -80,11 +80,11 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def check
-    return Exploit::CheckCode::Safe unless webcommand_exists?
-    return Exploit::CheckCode::Safe if exploit_sqli(1, bad_char(0))
-    return Exploit::CheckCode::Safe unless pefix_found?
+    return Exploit::CheckCode::Safe('The target is not vulnerable') unless webcommand_exists?
+    return Exploit::CheckCode::Safe('The target is not vulnerable') if exploit_sqli(1, bad_char(0))
+    return Exploit::CheckCode::Safe('The target is not vulnerable') unless pefix_found?

-    Exploit::CheckCode::Vulnerable
+    Exploit::CheckCode::Vulnerable('The target is vulnerable')
  end

  def exploit
@@ -64,22 +64,24 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    res = send_request_cgi!('method' => 'GET', 'uri' => target_uri.path)
-    return Exploit::CheckCode::Safe unless res && res.body.downcase.include?('librenms')
+    return Exploit::CheckCode::Safe('The target is not vulnerable') unless res && res.body.downcase.include?('librenms')

    about_res = send_request_cgi(
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'pages', 'about.inc.php')
    )

-    return Exploit::CheckCode::Detected unless about_res && about_res.code == 200
+    return Exploit::CheckCode::Detected('The target service was detected') unless about_res && about_res.code == 200

    version = about_res.body.match(/version\s+to\s+(\d+\.\d+\.?\d*)/)
-    return Exploit::CheckCode::Detected unless version && version.length > 1
+    return Exploit::CheckCode::Detected('LibreNMS detected but version could not be determined') unless version && version.length > 1

    vprint_status("LibreNMS version #{version[1]} detected")
    version = Rex::Version.new(version[1])

-    return Exploit::CheckCode::Appears if version <= Rex::Version.new('1.50')
+    return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable") if version <= Rex::Version.new('1.50')
+
+    Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
  end

  def login
@@ -101,13 +101,13 @@ class MetasploitModule < Msf::Exploit::Remote
      })

      if res && [200, 301, 302].include?(res.code)
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
      end
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
  end

  def exploit
@@ -61,14 +61,14 @@ class MetasploitModule < Msf::Exploit::Remote
      })
    rescue ::Rex::ConnectionError
      vprint_error("A connection error has occurred")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
    end

    if res and res.code == 200 and res.body =~ /<ModelName>WRT110<\/ModelName>/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
--- a/Show More
+++ b/Show More