Merge pull request #21358 from adfoster-r7/improve-checkcode-messages-11

Add human-readable descriptions to CheckCode returns in modules
2026-04-24 15:25:00 +01:00
parent aa14df9b6c 2ae936473e
commit b765db798e
146 changed files with 414 additions and 416 deletions
@@ -70,10 +70,10 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res && res.code == 200 && res.body =~ /Symantec Endpoint Protection Manager/ && res.body =~ /1995 - 2013 Symantec Corporation/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Symantec Endpoint Protection Manager detected')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Symantec Endpoint Protection Manager not detected')
  end

  def exploit
@@ -222,17 +222,17 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def check
-    check_result = Exploit::CheckCode::Safe
+    check_result = Exploit::CheckCode::Safe('Symantec Workspace Streaming not detected')

    if jboss_deploy_path.nil?
      xml = build_soap_check_put
      res = send_xml_rpc_request(xml)

      if res && res.code == 200 && res.body && res.body.to_s =~ /No method matching arguments/
-        check_result = Exploit::CheckCode::Detected
+        check_result = Exploit::CheckCode::Detected('Symantec Workspace Streaming SOAP endpoint detected')
      end
    else
-      check_result = Exploit::CheckCode::Appears
+      check_result = Exploit::CheckCode::Appears('Symantec Workspace Streaming JBoss deployment path found')
    end

    check_result
@@ -63,7 +63,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def check
    info = arkeia_info
    if !(info and info['Version'])
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not retrieve Arkeia server version')
    end

    vprint_status('Arkeia Server Information:')
@@ -73,14 +73,14 @@ class MetasploitModule < Msf::Exploit::Remote

    if (info['System'] !~ /Windows/)
      vprint_status('This module only supports Windows targets')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("Arkeia detected on #{info['System']} but this module only supports Windows")
    end

    if (info['Version'] =~ /Backup (4\.|5\.([012]\.|3\.[0123]$))/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Arkeia #{info['Version']} appears vulnerable")
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("Arkeia #{info['Version']} does not appear to be vulnerable")
  end

  def exploit
@@ -79,10 +79,10 @@ class MetasploitModule < Msf::Exploit::Remote
      vprint_status("Version: #{info['Version']}")

      if (info['Vendor'] =~ /VERITAS/i and info['Version'] =~ /^(4\.2|5\.1)$/)
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("VERITAS Backup Exec version #{info['Version']} detected")
      end
    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('VERITAS Backup Exec vulnerable version not detected')
  end

  def exploit
@@ -126,10 +126,10 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    s = NDMP::Socket.new(connect)
-    return CheckCode::Unknown unless connect_ndmp(s, 2)
+    return CheckCode::Unknown('No response from NDMP service') unless connect_ndmp(s, 2)

    resp = s.do_request_response(NDMP::Message.new_request(NDMP::Message::CONFIG_GET_HOST_INFO))
-    return CheckCode::Unknown unless resp
+    return CheckCode::Unknown('No response to host info request') unless resp

    info = HostInfoResponse.from_xdr(resp.body)
    print_line('Hostname: ' + info.hostname)
@@ -139,10 +139,10 @@ class MetasploitModule < Msf::Exploit::Remote

    disconnect
    s = NDMP::Socket.new(connect)
-    return CheckCode::Unknown unless connect_ndmp(s, 3)
+    return CheckCode::Unknown('No response from NDMP v3 service') unless connect_ndmp(s, 3)

    resp = s.do_request_response(NDMP::Message.new_request(NDMP::Message::CONFIG_GET_SERVER_INFO))
-    return CheckCode::Unknown unless resp
+    return CheckCode::Unknown('No response to server info request') unless resp

    info = ServiceInfoResponse.from_xdr(resp.body)
    print_line('Vendor: ' + info.vendor_name)
@@ -151,9 +151,9 @@ class MetasploitModule < Msf::Exploit::Remote

    ver = info.revision_number.split('.')
    if ver[0].to_i < 9 || (ver[0].to_i == 9 && ver[1].to_i <= 2)
-      CheckCode::Appears
+      CheckCode::Appears("Backup Exec revision #{info.revision_number} appears to be vulnerable")
    else
-      CheckCode::Detected
+      CheckCode::Detected("Backup Exec revision #{info.revision_number} detected but may not be vulnerable")
    end
  end

@@ -113,10 +113,10 @@ class MetasploitModule < Msf::Exploit::Remote
    csock.close

    if (y and !x)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('BrightStor Discovery Service responded on TCP')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('BrightStor Discovery Service not detected on TCP')
  end

  def exploit
@@ -101,10 +101,10 @@ class MetasploitModule < Msf::Exploit::Remote
    csock.close

    if (y and !x)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('BrightStor Discovery Service responded on UDP')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('BrightStor Discovery Service not detected on UDP')
  end

  def exploit
@@ -61,10 +61,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (ver and ver =~ /11\.1\.742/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('BrightStor ARCserve version 11.1.742 detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('BrightStor ARCserve version 11.1.742 not detected')
  end

  def exploit
@@ -62,10 +62,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (ver and ver =~ /11\.1\.742/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('BrightStor ARCserve version 11.1.742 detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('BrightStor ARCserve version 11.1.742 not detected')
  end

  def exploit
@@ -60,10 +60,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (ver and ver =~ /11\.1\.742/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('BrightStor ARCserve version 11.1.742 detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('BrightStor ARCserve version 11.1.742 not detected')
  end

  def exploit
@@ -61,10 +61,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (ver and ver =~ /11\.1\.742/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('BrightStor ARCserve version 11.1.742 detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('BrightStor ARCserve version 11.1.742 not detected')
  end

  def exploit
@@ -89,7 +89,7 @@ class MetasploitModule < Msf::Exploit::Remote
      return CheckCode::Safe("SMB error: #{e.message}")
    end

-    CheckCode::Detected
+    CheckCode::Detected('DCOM service detected via DCE/RPC bind')
  end

  def exploit
@@ -63,10 +63,10 @@ class MetasploitModule < Msf::Exploit::Remote
    packet = "\x75~ mminfo & #{rand_text_alpha(512)}"
    res = send_packet(packet)
    if res && res =~ /Could not fork command/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('AlphaStor Device Manager detected')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not conclusively detect AlphaStor Device Manager')
  end

  def exploit
@@ -102,10 +102,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /3Com 3CDaemon FTP Server Version 2\.0/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates 3Com 3CDaemon FTP Server Version 2.0')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match 3Com 3CDaemon')
  end

  def exploit
@@ -81,14 +81,14 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if banner =~ /Ability Server 2\.34/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates Ability Server 2.34')
    else
      if banner =~ /Ability Server/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('FTP banner indicates Ability Server')
      end
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Ability Server')
  end

  def exploit
@@ -65,9 +65,9 @@ class MetasploitModule < Msf::Exploit::Remote
    connect_login
    disconnect
    if /BisonWare BisonFTP server product V3\.5/i === banner
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates BisonWare BisonFTP server V3.5')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match BisonWare BisonFTP')
    end
  end

@@ -65,10 +65,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner =~ /CesarFTP 0\.99g/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates CesarFTP 0.99g')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match CesarFTP 0.99g')
  end

  def exploit
@@ -93,10 +93,10 @@ class MetasploitModule < Msf::Exploit::Remote
    validate << "\xf1\xc6\xf7\x21\x0d\x0a"

    if banner.to_s == validate
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('FTP banner matches known vulnerable ComSndFTP signature')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match ComSndFTP')
  end

  def junk(n = 4)
@@ -64,10 +64,10 @@ class MetasploitModule < Msf::Exploit::Remote
    banner = sock.get_once
    disconnect
    if (banner.to_s =~ /Dream FTP Server/)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates Dream FTP Server')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Dream FTP Server')
  end

  def exploit
@@ -55,10 +55,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner =~ /Easy File Sharing FTP Server/)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates Easy File Sharing FTP Server')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Easy File Sharing FTP Server')
  end

  def exploit
@@ -74,10 +74,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner =~ /BigFoolCat/) # EasyFTP Server has undergone several name changes
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates BigFoolCat EasyFTP Server')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match BigFoolCat EasyFTP Server')
  end

  def exploit
@@ -70,10 +70,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner =~ /BigFoolCat/)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates BigFoolCat EasyFTP Server')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('FTP banner does not match BigFoolCat EasyFTP Server')
  end

  def exploit
@@ -76,10 +76,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner =~ /BigFoolCat/)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates BigFoolCat EasyFTP Server')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match BigFoolCat EasyFTP Server')
  end

  def make_nops(num)
@@ -63,9 +63,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect
    if (banner =~ /FreeFloat/)
      # Software is never updated, so if you run this you're f*cked.
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('FTP banner indicates FreeFloat FTP Server')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match FreeFloat FTP Server')
    end
  end

@@ -64,9 +64,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if banner =~ /FreeFloat/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates FreeFloat FTP Server')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match FreeFloat FTP Server')
    end
  end

@@ -74,9 +74,9 @@ class MetasploitModule < Msf::Exploit::Remote
    # All versions including and above version 1.0 report "220 Hello, I'm freeFTPd 1.0"
    # when banner grabbing.
    if banner =~ /freeFTPd 1\.0/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates freeFTPd 1.0')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match freeFTPd 1.0')

    end
  end
@@ -76,10 +76,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /freeFTPd 1\.0/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates freeFTPd 1.0')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match freeFTPd 1.0')
  end

  def exploit
@@ -60,9 +60,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect
    vprint_status("FTP Banner: #{banner}".strip)
    if banner =~ /Golden FTP Server ready v(4\.\d{2})/ and $1 == "4.70"
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates Golden FTP Server v4.70')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match Golden FTP Server v4.70')
    end
  end

@@ -134,10 +134,10 @@ For now, that will have to be done manually.
    disconnect
    vprint_status("FTP Banner: #{banner}".strip)
    if banner =~ /httpdx.*\(Win32\)/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates httpdx on Win32')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match httpdx')
  end

  def exploit
@@ -61,9 +61,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if banner =~ /FTP Utility FTP server \(Version 1\.00\)/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates FTP Utility FTP server Version 1.00')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match FTP Utility FTP server')
    end
  end

@@ -80,10 +80,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /NetTerm FTP server/)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates NetTerm FTP server')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match NetTerm FTP server')
  end

  def exploit
@@ -71,9 +71,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if banner =~ /\*\*        Welcome on       \*\*/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates Open-FTPD')
    else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not confirm Open-FTPD from the FTP banner')
    end
  end

@@ -65,10 +65,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /9\.2\.0\.1\.0/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates Oracle 9i version 9.2.0.1.0')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Oracle 9i XDB')
  end

  def exploit
@@ -71,10 +71,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /9\.2\.0\.1\.0/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates Oracle 9i version 9.2.0.1.0')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Oracle 9i XDB')
  end

  def exploit
@@ -65,9 +65,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if /220 PCMan's FTP Server 2\.0/ === banner
-      Exploit::CheckCode::Appears
+      Exploit::CheckCode::Appears('FTP banner indicates PCMan FTP Server 2.0')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('FTP banner does not match PCMan FTP Server 2.0')
    end
  end

@@ -69,14 +69,14 @@ class MetasploitModule < Msf::Exploit::Remote
    if c and banner =~ /220 PCMan's FTP Server 2\.0/
      # Auth is required to exploit
      vprint_status("Able to authenticate, and banner shows the vulnerable version")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Authenticated and banner shows PCMan FTP Server 2.0')
    elsif not c and banner =~ /220 PCMan's FTP Server 2\.0/
      vprint_status("Unable to authenticate, but banner shows the vulnerable version")
      # Auth failed, but based on version maybe the target is vulnerable
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Banner shows PCMan FTP Server 2.0 but authentication failed')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match PCMan FTP Server 2.0')
  end

  def exploit
@@ -74,9 +74,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if banner =~ /quickshare ftpd/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates QuickShare File Server')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match QuickShare File Server')
    end
  end

@@ -70,9 +70,9 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if banner =~ /220 DSC ftpd 1\.0 FTP Server/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates Ricoh DSC ftpd 1.0')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match Ricoh DSC ftpd')
    end
  end

@@ -100,7 +100,7 @@ class MetasploitModule < Msf::Exploit::Remote
      return CheckCode::Appears('Sami FTP Server version 2.0.2.')
    end

-    CheckCode::Detected
+    CheckCode::Detected('Target is running Sami FTP Server')
  end

  def exploit
@@ -67,10 +67,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner =~ /Serv-U FTP Server v((4.(0|1))|3.\d)/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates vulnerable Serv-U FTP Server version')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match vulnerable Serv-U FTP Server version')
  end

  def exploit
@@ -100,11 +100,11 @@ class MetasploitModule < Msf::Exploit::Remote
    case banner
    when /Serv-U FTP Server v4\.1/
      vprint_status('Found version 4.1.0.3, exploitable')
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates Serv-U FTP Server v4.1')

    when /Serv-U FTP Server v5\.0/
      vprint_status('Found version 5! 5.0.0.0 may be exploitable, but not 5.0.0.4')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates Serv-U FTP Server v5.0')

    when /Serv-U FTP Server v4\.0/
      vprint_status('Found version 4.0.0.4 or 4.1.0.0, additional check.')
@@ -112,22 +112,22 @@ class MetasploitModule < Msf::Exploit::Remote
      send_pass(datastore['PASS'])
      if (double_ff?)
        vprint_status('Found version 4.0.0.4, exploitable')
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears('FTP banner indicates Serv-U FTP Server v4.0.0.4')
      else
        vprint_status('Found version 4.1.0.0, exploitable')
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears('FTP banner indicates Serv-U FTP Server v4.1.0.0')
      end

    when /Serv-U FTP Server/
      vprint_status('Found an unknown version, try it!')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates Serv-U FTP Server of unknown version')

    else
      vprint_status('We could not recognize the server banner')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('FTP banner does not match Serv-U FTP Server')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Serv-U FTP Server')
  end

  def exploit
@@ -69,12 +69,12 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /1\.30\.823/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates TurboFTP version 1.30.823')
    elsif (banner =~ /1\.30\.826/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates TurboFTP version 1.30.826')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match vulnerable TurboFTP version')
  end

  def create_rop_chain(ver)
@@ -103,10 +103,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect
    vprint_status("FTP Banner: #{banner}".strip)
    if banner =~ /\(vftpd .*\)/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates Vermillion FTP daemon')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match Vermillion FTP daemon')
  end

  def exploit
@@ -69,7 +69,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def check
    @session_cookie = authenticate(datastore['USERNAME'], datastore['PASSWORD'])
    if @session_cookie.nil?
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Authentication failed')
    end

    ver = send_request_cgi(
@@ -81,11 +81,11 @@ class MetasploitModule < Msf::Exploit::Remote

    unless ver
      vprint_error("Connection failed!")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Connection failed')
    end

    unless ver.code == 200 && ver.body.include?('Wing FTP Server')
-      return CheckCode::Safe
+      return CheckCode::Safe('Target is not Wing FTP Server')
    end

    @version = Rex::Version.new(ver.body.scan(/Wing FTP Server ([\d\.]+)/).flatten.first)
@@ -94,7 +94,7 @@ class MetasploitModule < Msf::Exploit::Remote
    # Lua capabilities and administrator console were added in version 3.0.0, so everything above that is (probably) vulnerable
    unless @version >= Rex::Version.new('3.0.0')
      @vuln_check = false
-      return CheckCode::Safe
+      return CheckCode::Safe("Wing FTP Server #{@version} is below 3.0.0")
    end

    @vuln_check = true
@@ -102,7 +102,7 @@ class MetasploitModule < Msf::Exploit::Remote

    unless winenv_path
      vprint_error("Connection failed!")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Connection failed while executing command')
    end

    if winenv_path.code == 200
@@ -117,7 +117,7 @@ class MetasploitModule < Msf::Exploit::Remote
    end

    @vuln_check = false
-    return CheckCode::Vulnerable
+    return CheckCode::Vulnerable("Wing FTP Server #{@version} allows Lua script execution")
  end

  def exploit
@@ -58,10 +58,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /5\.0\.3/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates WS_FTP Server version 5.0.3')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match WS_FTP Server 5.0.3')
  end

  def exploit
@@ -52,10 +52,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    disconnect
    if (banner =~ /WS_FTP Server 5\.0\.5/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('FTP banner indicates WS_FTP Server 5.0.5')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match WS_FTP Server 5.0.5')
  end

  def exploit
@@ -58,10 +58,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner =~ /XLINK FTP Server/)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FTP banner indicates XLINK FTP Server')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FTP banner does not match XLINK FTP Server')
  end

  def exploit
@@ -100,15 +100,15 @@ class MetasploitModule < Msf::Exploit::Remote
    vprint_status("Detected Unreal Tournament Server Version: #{vers}")
    if (vers =~ /^(3120|3186|3204)$/)
      vprint_status("This system appears to be exploitable")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Unreal Tournament Server version #{vers} appears vulnerable")
    end

    if (vers =~ /^(2...)$/)
      vprint_status("This system appears to be running UT2003")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("Unreal Tournament 2003 detected, version #{vers}")
    end

    vprint_status("This system appears to be patched")
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("Unreal Tournament Server version #{vers} appears patched")
  end
 end
@@ -113,19 +113,19 @@ class MetasploitModule < Msf::Exploit::Remote

    unless res
      vprint_error 'Connection failed'
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection failed')
    end

    unless supports_webdav? res.headers
      vprint_status 'Server does not support WebDAV'
-      return CheckCode::Safe
+      return CheckCode::Safe('Server does not support WebDAV')
    end

    if res.headers['Server'].to_s.include? 'IIS/6.0'
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable('IIS/6.0 with WebDAV enabled detected')
    end

-    CheckCode::Detected
+    CheckCode::Detected('WebDAV enabled but IIS version is not 6.0')
  end

  # corelan.be
@@ -87,9 +87,9 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    return CheckCode::Unknown('Connection failed') unless res
-    return CheckCode::Safe unless res.code == 500
+    return CheckCode::Safe('Server did not return expected error code') unless res.code == 500
    # Error response is language dependent: "<b>Error in web printer install.</b>"
-    return CheckCode::Safe unless res.body.to_s.starts_with?('<b>') && res.body.to_s.ends_with?('</b>')
+    return CheckCode::Safe('Server response does not match expected format') unless res.body.to_s.starts_with?('<b>') && res.body.to_s.ends_with?('</b>')

    res = send_request_cgi({
      'uri' => '/NULL.printer',
@@ -99,10 +99,10 @@ class MetasploitModule < Msf::Exploit::Remote

    return CheckCode::Unknown('Connection failed') unless res
    return CheckCode::Detected("The IUSER account is locked out, we can't check") if res.body.to_s.include?('locked out')
-    return CheckCode::Safe unless res.code == 500
-    return CheckCode::Safe unless res.body.to_s.starts_with?('<b>') && res.body.to_s.ends_with?('</b>')
+    return CheckCode::Safe('Server did not return expected error code for overflow test') unless res.code == 500
+    return CheckCode::Safe('Server response does not match expected format for overflow test') unless res.body.to_s.starts_with?('<b>') && res.body.to_s.ends_with?('</b>')

-    CheckCode::Appears
+    CheckCode::Appears('IIS .printer ISAPI extension appears vulnerable')
  end

  def exploit
@@ -124,7 +124,7 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    win_dir = detect_windows_directory
-    win_dir ? CheckCode::Vulnerable("Found Windows directory name: #{win_dir}") : CheckCode::Safe
+    win_dir ? CheckCode::Vulnerable("Found Windows directory name: #{win_dir}") : CheckCode::Safe('Could not detect Windows directory via double decode')
  end

  def execute_command(cmd, opts = {})
@@ -81,7 +81,7 @@ class MetasploitModule < Msf::Exploit::Remote
      return CheckCode::Detected("#{target_uri.path} content type matches fingerprint application/x-varg")
    end

-    CheckCode::Safe
+    CheckCode::Safe('MSADC interface not detected')
  end

  def exploit
@@ -114,7 +114,7 @@ class MetasploitModule < Msf::Exploit::Remote
      return CheckCode::Appears('The server stopped accepting requests') unless res
    end

-    CheckCode::Safe
+    CheckCode::Safe('Target does not appear to be vulnerable to WebDAV NTDLL overflow')
  end

  def exploit
@@ -87,10 +87,10 @@ class MetasploitModule < Msf::Exploit::Remote
      print_status("Server responded with HTTP #{res.code} OK")
      if (res.body =~ /Content-Type: application\/x-varg/)
        print_good("#{datastore['PATH']} matches fingerprint application\/x-varg")
-        Exploit::CheckCode::Detected
+        Exploit::CheckCode::Detected('MSADC RDS DataFactory interface detected')
      end
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('MSADC RDS DataFactory interface not detected')
    end
  end

@@ -61,9 +61,9 @@ class MetasploitModule < Msf::Exploit::Remote
    targ = auto_target
    disconnect

-    return Exploit::CheckCode::Appears if (targ)
+    return Exploit::CheckCode::Appears('Vulnerable Eudora WorldMail IMAP server detected') if (targ)

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Eudora WorldMail IMAP server not detected')
  end

  def auto_target
@@ -58,10 +58,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner and banner =~ /MailEnable Service, Version: 0-1\.54/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('MailEnable IMAP version 0-1.54 detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('MailEnable IMAP version 0-1.54 not detected')
  end

  def exploit
@@ -55,10 +55,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (banner and banner =~ /IMAP4rev1 MDaemon 9\.6\.4 ready/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('MDaemon 9.6.4 IMAP server detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('MDaemon 9.6.4 IMAP server not detected')
  end

  def exploit
@@ -68,9 +68,9 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    resp = sock.get_once
    disconnect
-    return CheckCode::Vulnerable if resp =~ %r{Mercury/32 v4\.01[ab]}
+    return CheckCode::Vulnerable('Mercury/32 v4.01a or v4.01b IMAP server detected') if resp =~ %r{Mercury/32 v4\.01[ab]}

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('Mercury/32 v4.01a or v4.01b IMAP server not detected')
  end

  def exploit
@@ -56,10 +56,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if (resp =~ /Mercury\/32 v4\.01a/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Mercury/32 v4.01a IMAP server detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Mercury/32 v4.01a IMAP server not detected')
  end

  def exploit
@@ -66,10 +66,10 @@ class MetasploitModule < Msf::Exploit::Remote
    }, 5)

    if (res and res.code == 400)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Phone Book Server ISAPI extension detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Phone Book Server ISAPI extension not detected')
  end

  def exploit
@@ -73,10 +73,10 @@ class MetasploitModule < Msf::Exploit::Remote
    }, -1)

    if (res and res.body =~ /NetShow ISAPI/)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('NetShow ISAPI extension detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('NetShow ISAPI extension not detected')
  end

  def exploit_target(target)
@@ -115,9 +115,9 @@ class MetasploitModule < Msf::Exploit::Remote
    }, -1)

    if (r and r.code == 501)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('FrontPage fp30reg.dll ISAPI extension detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('FrontPage fp30reg.dll ISAPI extension not detected')
  end
 end
@@ -76,10 +76,10 @@ class MetasploitModule < Msf::Exploit::Remote
    }, -1)

    if (r and r.body and r.body =~ /RSA Web Access Authentication/)
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('RSA Web Access Authentication agent detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('RSA Web Access Authentication agent not detected')
  end

  def exploit
@@ -87,10 +87,10 @@ class MetasploitModule < Msf::Exploit::Remote

  def check
    if auto_target
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Vulnerable w3who.dll ISAPI extension detected')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('w3who.dll ISAPI extension not detected')
  end

  def exploit
@@ -77,9 +77,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect
    if (res =~ /OS\<([^\>]+)/)
      vprint_status("CA License Server reports OS: #{$1}")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("CA License Server detected, OS: #{$1}")
    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('CA License Server not detected')
  end

  def exploit
@@ -67,10 +67,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect_udp

    if (res and res[0] == 0x7a)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('Sentinel License Manager detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Sentinel License Manager not detected')
  end

  def exploit
@@ -98,9 +98,9 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if banner =~ /Lotus Domino Release 8\.5/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Lotus Domino Release 8.5 detected')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Lotus Domino Release 8.5 not detected')
    end
  end

@@ -88,11 +88,11 @@ class MetasploitModule < Msf::Exploit::Remote
      disconnect

      if (res.to_s =~ /200 OK/)
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('Lotus Domino Sametime stmux service detected')
      end
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Lotus Domino Sametime stmux service not detected')
  end

  def exploit
@@ -347,7 +347,7 @@ class MetasploitModule < Msf::Exploit::Remote
    if cookie_res and cookie_res.code == 200
      cookie = cookie_res.get_cookies.split()[0]
    else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to retrieve initial cookie from target')
    end

    if defined?(cookie)
@@ -378,23 +378,23 @@ class MetasploitModule < Msf::Exploit::Remote
                  number = l.split("=")[1].split('"')[1]
                  if number.match /(\d+\.)?(\d+\.)?(\d+\.)?(\*|\d+)$/
                    if number <= '8.1.1.50' and not number < '7'
-                      return Exploit::CheckCode::Appears
+                      return Exploit::CheckCode::Appears("Ahsay Backup version #{number} appears vulnerable")
                    else
-                      return Exploit::CheckCode::Safe
+                      return Exploit::CheckCode::Safe("Ahsay Backup version #{number} is not vulnerable")
                    end
                  end
                end
              end
            else
-              return Exploit::CheckCode::Unknown
+              return Exploit::CheckCode::Unknown('Could not determine the target state')
            end
          end
        end
      else
-        return Exploit::CheckCode::Unknown
+        return Exploit::CheckCode::Unknown('Could not determine the target state')
      end
    else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target state')
    end
  end
 end
@@ -117,10 +117,10 @@ class MetasploitModule < Msf::Exploit::Remote
    int = rand(1..1_000)
    response_bypass = send_login_msg(create_login_msg("#{rand(1_000..9_999)}' OR #{int}=#{int}--"), false)
    if response_bypass.include? 'Zugangsdaten OK'
-      CheckCode::Vulnerable
+      CheckCode::Vulnerable('SQL injection authentication bypass successful')
    else
      print_status("Response was: #{response_bypass}")
-      CheckCode::Safe
+      CheckCode::Safe('SQL injection authentication bypass failed')
    end
  end

@@ -141,13 +141,13 @@ Processor-Speed=#{processor_speed}
    res = send_update_computer("2659")

    unless res and res =~ /Result=Success/ and res =~ /DSVersion=(.*)/
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Target did not return a successful response')
    end

    version = $1

    unless version =~ /^6\.(\d+)\.(\d+)$/
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("Altiris DS version #{version} is not vulnerable")
    end

    vprint_status "#{rhost}:#{rport} - Altiris DS Version '#{version}'"
@@ -157,17 +157,17 @@ Processor-Speed=#{processor_speed}

    if minor == 8
      if build == 206 || build == 282 || build == 378
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("Altiris DS version #{version} appears vulnerable")
      elsif build < 390
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("Altiris DS version #{version} appears vulnerable")
      end
    elsif minor == 9 and build < 176
      # The existence of versions matching this profile is a possibility... none were observed in the wild though
      # as such, we're basing confidence off of Symantec's vulnerability bulletin.
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Altiris DS version #{version} appears vulnerable")
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("Altiris DS version #{version} is not vulnerable")
  end

  def exploit
@@ -76,11 +76,11 @@ class MetasploitModule < Msf::Exploit::Remote

      if ver > 0
        print_status("Detected NetVault Build #{ver}")
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("Detected NetVault Build #{ver}")
      end
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -78,7 +78,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'uri' => normalize_uri(target_uri.path, 'login.html')
    )

-    return CheckCode::Unknown unless res
+    return CheckCode::Unknown('No response received from target') unless res

    unless res.body.include?('InfraSuite Manager Login')
      return CheckCode::Safe('Target does not appear to be InfraSuite Device Master.')
@@ -104,9 +104,9 @@ class MetasploitModule < Msf::Exploit::Remote
    vprint_status("Found version '#{version}' of InfraSuite Device Master")
    r_vers = Rex::Version.new(version)

-    return CheckCode::Appears if r_vers < Rex::Version.new('1.0.5')
+    return CheckCode::Appears("InfraSuite Device Master version #{version} is vulnerable") if r_vers < Rex::Version.new('1.0.5')

-    CheckCode::Safe
+    CheckCode::Safe("InfraSuite Device Master version #{version} is not vulnerable")
  end

  def exploit
@@ -64,7 +64,7 @@ class MetasploitModule < Msf::Exploit::Remote
      connect
    rescue
      vprint_error("Unable to get a connection")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to connect to target')
    end

    filename = "C:\\#{rand_text_alpha(12)}.fdb"
@@ -90,10 +90,10 @@ class MetasploitModule < Msf::Exploit::Remote

    opcode = data.unpack("N*")[0]
    if opcode == 3 # Accept
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def stack_pivot_rop_chain
@@ -94,10 +94,10 @@ class MetasploitModule < Msf::Exploit::Remote
    connect
    sock.put(make_packet(101, "\x00")) # heartbeat
    if validate_response(sock.get_once || '')
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Gh0st RAT C&C server detected')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -74,7 +74,7 @@ class MetasploitModule < Msf::Exploit::Remote
    fingerprint = get_fingerprint

    if fingerprint.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to fingerprint target')
    end

    print_status("HP Data Protector version #{fingerprint}")
@@ -82,14 +82,14 @@ class MetasploitModule < Msf::Exploit::Remote
    if fingerprint =~ /HP Data Protector A\.08\.(\d+)/
      minor = $1.to_i
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("#{fingerprint} is not a vulnerable version")
    end

    if minor < 11
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("HP Data Protector A.08.#{minor} appears vulnerable")
    end

-    Exploit::CheckCode::Detected
+    Exploit::CheckCode::Detected("HP Data Protector A.08.#{minor} detected")
  end

  def get_fingerprint
@@ -142,7 +142,7 @@ class MetasploitModule < Msf::Exploit::Remote

    if fingerprint.nil?
      vprint_error("Unable to fingerprint")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to fingerprint target')
    end

    port = get_crs_port
@@ -156,21 +156,21 @@ class MetasploitModule < Msf::Exploit::Remote

    if fingerprint =~ /HP Data Protector A\.06\.20: INET, internal build 370/
      # More likely to be exploitable
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("#{fingerprint} appears vulnerable")
    elsif fingerprint =~ /HP Data Protector A\.07\.00: INET, internal build 72/
      # More likely to be exploitable
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("#{fingerprint} appears vulnerable")
    elsif fingerprint =~ /HP Data Protector A\.07\.00/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("#{fingerprint} appears vulnerable")
    elsif fingerprint =~ /HP Data Protector A\.07\.01/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("#{fingerprint} appears vulnerable")
    elsif fingerprint =~ /HP Data Protector A\.06\.20/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("#{fingerprint} appears vulnerable")
    elsif fingerprint =~ /HP Data Protector A\.06\.21/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("#{fingerprint} appears vulnerable")
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("#{fingerprint} is not vulnerable")
  end

  def get_target
@@ -87,10 +87,10 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if hello_response and hello_response =~ /Dtb: Context/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('HP Data Protector DtbClsLogin service detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -65,17 +65,17 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect

    if response.nil?
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Target did not respond to probe')
    end

    service_version = Rex::Text.to_ascii(response).chop.chomp

    if service_version =~ /HP Data Protector/
      vprint_status(service_version)
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not running a vulnerable version')
  end

  def generate_dp_payload
@@ -67,7 +67,7 @@ class MetasploitModule < Msf::Exploit::Remote
    fingerprint = get_fingerprint

    if fingerprint.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to fingerprint target')
    end

    print_status("HP Data Protector version #{fingerprint}")
@@ -75,15 +75,15 @@ class MetasploitModule < Msf::Exploit::Remote
    if fingerprint =~ /HP Data Protector A\.06\.(\d+)/
      minor = $1.to_i
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("#{fingerprint} is not a vulnerable version")
    end

    if minor < 21
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("HP Data Protector A.06.#{minor} appears vulnerable")
    elsif minor == 21
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("HP Data Protector A.06.#{minor} detected")
    else
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("HP Data Protector A.06.#{minor} detected")
    end
  end

@@ -74,18 +74,16 @@ class MetasploitModule < Msf::Exploit::Remote

    if fingerprint.nil?
      vprint_status('Unable to fingerprint because no response.')
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to fingerprint target')
    end

    vprint_status("#{peer} - #{fingerprint}")

    if fingerprint =~ /HP Data Protector A\.06\.(\d+)/i
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("#{fingerprint} appears vulnerable")
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("#{fingerprint} is not vulnerable")
    end
-
-    Exploit::CheckCode::Detected
  end

  def get_fingerprint
@@ -62,7 +62,7 @@ class MetasploitModule < Msf::Exploit::Remote
    fingerprint = get_fingerprint

    if fingerprint.nil?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to fingerprint target')
    end

    print_status("HP Data Protector version #{fingerprint}")
@@ -70,15 +70,15 @@ class MetasploitModule < Msf::Exploit::Remote
    if fingerprint =~ /HP Data Protector A\.06\.(\d+)/
      minor = $1.to_i
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("#{fingerprint} is not a vulnerable version")
    end

    if minor < 21
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable("HP Data Protector A.06.#{minor} is vulnerable")
    elsif minor == 21
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("HP Data Protector A.06.#{minor} detected")
    else
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected("HP Data Protector A.06.#{minor} detected")
    end
  end

@@ -69,9 +69,9 @@ class MetasploitModule < Msf::Exploit::Remote

    # Expected reply:
    # "\x00\x00\x00\x01\x00\x00\x00:08\x02\x01\xFF\x043Dbman deal msg error, please to see dbman_debug.log"
-    return CheckCode::Detected if res =~ /dbman/i
+    return CheckCode::Detected('HP IMC dbman service detected') if res =~ /dbman/i

-    CheckCode::Safe
+    CheckCode::Safe('HP IMC dbman service not detected')
  end

  def dbman_msg(db_instance)
@@ -69,9 +69,9 @@ class MetasploitModule < Msf::Exploit::Remote

    # Expected reply:
    # "\x00\x00\x00\x01\x00\x00\x00:08\x02\x01\xFF\x043Dbman deal msg error, please to see dbman_debug.log"
-    return CheckCode::Detected if res =~ /dbman/i
+    return CheckCode::Detected('HP IMC dbman service detected') if res =~ /dbman/i

-    CheckCode::Safe
+    CheckCode::Safe('HP IMC dbman service not detected')
  end

  def dbman_msg(database_user)
@@ -112,22 +112,22 @@ class MetasploitModule < Msf::Exploit::Remote
      elsif (resp =~ /HP StorageWorks Application Recovery Manager/)
        version = resp.split[5]
      else
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('HP Data Protector service detected but version could not be extracted')
      end

      version = version.split('.')
      major = version[1].to_i
      minor = version[2].to_i
      if ((major < 6) or (major == 6 and minor < 11))
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("HP Data Protector version #{version.join('.')} appears vulnerable")
      end

      if ((major > 6) or (major == 6 and minor >= 11))
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("HP Data Protector version #{version.join('.')} is not vulnerable")
      end

    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -112,22 +112,22 @@ class MetasploitModule < Msf::Exploit::Remote
      elsif (resp =~ /HP StorageWorks Application Recovery Manager/)
        version = resp.split[5]
      else
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('HP Data Protector service detected but version could not be extracted')
      end

      version = version.split('.')
      major = version[1].to_i
      minor = version[2].to_i
      if ((major < 6) or (major == 6 and minor < 11))
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("HP Data Protector version #{version.join('.')} appears vulnerable")
      end

      if ((major > 6) or (major == 6 and minor >= 11))
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("HP Data Protector version #{version.join('.')} is not vulnerable")
      end

    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -76,22 +76,22 @@ class MetasploitModule < Msf::Exploit::Remote
      elsif (resp =~ /HP StorageWorks Application Recovery Manager/)
        version = resp.split[5]
      else
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('HP Data Protector service detected but version could not be extracted')
      end

      version = version.split('.')
      major = version[1].to_i
      minor = version[2].to_i
      if ((major < 6) or (major == 6 and minor < 11))
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("HP Data Protector version #{version.join('.')} appears vulnerable")
      end

      if ((major > 6) or (major == 6 and minor >= 11))
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("HP Data Protector version #{version.join('.')} is not vulnerable")
      end

    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -78,25 +78,25 @@ class MetasploitModule < Msf::Exploit::Remote

    if not res
      vprint_error("No response from target")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response from target')
    end

    if res !~ /HTTP\/1\.1 200 OK/
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to determine the target state')
    end

    if res =~ /server:.*coda 11.(\d+)/
      minor = $1.to_i
      if minor < 2
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("HP Operations Agent CODA 11.#{minor} appears vulnerable")
      end
    end

    if res =~ /server:.*coda/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def ping
@@ -78,27 +78,27 @@ class MetasploitModule < Msf::Exploit::Remote

    if not res
      vprint_error("No response from target")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('No response from target')
    end

    if res !~ /HTTP\/1\.1 200 OK/
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Failed to determine the target state')
    end

    if res =~ /server:.*coda 11.(\d+)/
      minor = $1.to_i
      if minor < 2
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("HP Operations Agent CODA 11.#{minor} appears vulnerable")
      else
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe("HP Operations Agent CODA 11.#{minor} is not vulnerable")
      end
    end

    if res =~ /server:.*coda/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def ping
@@ -252,10 +252,10 @@ class MetasploitModule < Msf::Exploit::Remote
    }, 1)

    if res and res.code == 200 and res.body =~ /CIMVERSION/
-      return CheckCode::Appears
+      return CheckCode::Appears('IBM Director CIM listener detected')
    end

-    return CheckCode::Safe
+    return CheckCode::Safe('The target is not running a vulnerable version')
  end

  def exploit
@@ -65,14 +65,14 @@ class MetasploitModule < Msf::Exploit::Remote
      connect
    rescue StandardError
      print_error('Could not connect to target!')
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not connect to target')
    end
    res = sock.get_once

    if res =~ /p\.guid/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('The target appears to be vulnerable')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end
  end

@@ -60,14 +60,14 @@ class MetasploitModule < Msf::Exploit::Remote
      connect
    rescue
      vprint_error("Unable to connect")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Unable to connect to target')
    end
    sock.put("db_net")
    if sock.recv(4) =~ /\d{1,5}/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
  end

  def exploit
@@ -72,9 +72,9 @@ class MetasploitModule < Msf::Exploit::Remote
    })

    if res && res.code == 200 && res.body && res.body.include?('ManageEngine EventLog Analyzer')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('ManageEngine EventLog Analyzer detected')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('ManageEngine EventLog Analyzer not detected')
    end
  end

@@ -106,9 +106,9 @@ class MetasploitModule < Msf::Exploit::Remote
    res = upload_file(filename, contents)

    if res and res.code == 200 and res.body =~ /ConvertFileResponse/ and res.body =~ /<m_ce>CE_OTHER<\/m_ce>/
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('SharePoint accepted the ConvertFile request')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('SharePoint did not accept the ConvertFile request')
    end
  end

@@ -137,10 +137,10 @@ class MetasploitModule < Msf::Exploit::Remote
    hdr = xor_wrap(key, hh)
    sock.put([key].pack('I<') + hdr[4..-1])
    if validate_response(sock.get_once || '')
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('PlugX C&C server detected')
    end

-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('No valid PlugX response detected')
  end

  def decode_packet(data)
@@ -92,13 +92,13 @@ class MetasploitModule < Msf::Exploit::Remote

    if (response == "\x89\xFF\x90\x0B\x00\x00")
      vprint_status("Poison Ivy C&C version 2.1.4 detected.")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Poison Ivy C&C version 2.1.4 detected')
    elsif (response == "\x89\xFF\x38\xE0\x00\x00")
      vprint_status("Poison Ivy C&C version 2.0.0 detected.")
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Poison Ivy C&C version 2.0.0 detected, not vulnerable')
    end

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not running a vulnerable version')
  end

  # Load known plaintext chunk
@@ -122,7 +122,7 @@ class MetasploitModule < Msf::Exploit::Remote
      (1..15).each do |index|
        unless response[index * 16, 16] == first_block
          vprint_status("Response doesn't match Poison Ivy Challenge-Response format.")
-          return Exploit::CheckCode::Safe
+          return Exploit::CheckCode::Safe('Response does not match Poison Ivy challenge-response format')
        end
      end

@@ -136,12 +136,12 @@ class MetasploitModule < Msf::Exploit::Remote
      if indicator.key?(response)
        version = indicator[response]
        vprint_status("Poison Ivy C&C version #{version} detected.")
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Appears("Poison Ivy C&C version #{version} detected")
      end
    end

    vprint_status("Response doesn't match Poison Ivy Challenge-Response protocol.")
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target does not appear to be Poison Ivy')
  end

  def exploit
@@ -102,9 +102,9 @@ class MetasploitModule < Msf::Exploit::Remote
    @check_run = true
    @check_success = false
    upload_file
-    return Exploit::CheckCode::Vulnerable if @check_success
+    return Exploit::CheckCode::Vulnerable('Target connected back to our server') if @check_success

-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('Target did not connect back')
  end

  def on_request_uri(cli, _req)
@@ -85,13 +85,13 @@ class MetasploitModule < Msf::Exploit::Remote
    disconnect
    if !res
      vprint_error "Connection failed"
-      Exploit::CheckCode::Unknown
+      Exploit::CheckCode::Unknown('Connection failed')
    elsif res == "\x00\x00\x00\x00"
      vprint_status "Received reply (#{res.length} bytes)"
-      Exploit::CheckCode::Detected
+      Exploit::CheckCode::Detected('SolidWorks Workgroup PDM service detected')
    else
      vprint_warning "Unexpected reply (#{res.length} bytes)"
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('Unexpected reply from target')
    end
  end

@@ -70,9 +70,9 @@ class MetasploitModule < Msf::Exploit::Remote
      info.each_pair { |k, v|
        print_status("   #{k + (" " * (15 - k.length))} = #{v}")
      }
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('MSSQL Server detected via ping')
    end
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('MSSQL Server not detected via ping')
  end

  def exploit
--- a/Show More
+++ b/Show More