Add human-readable descriptions to CheckCode returns in modules#21348
Merged
cgranleese-r7 merged 1 commit intorapid7:masterfrom Apr 22, 2026
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves user-facing check results by attaching human-readable reason strings (and, in a few cases, check_code metadata for reported vulns) across many Metasploit modules, continuing the work from #21304.
Changes:
- Add descriptive reason strings to many
Exploit::CheckCode::*/Msf::Exploit::CheckCode::*returns so results “bubble up” with clearer context. - Add
check_code:metadata to somereport_vulncalls to preserve the check result semantics in reported findings. - Add module
Referencesmetadata insmb_versionand reuse it when reporting SMB signing issues.
Reviewed changes
Copilot reviewed 49 out of 49 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| modules/post/windows/gather/credentials/pulse_secure.rb | Add reasons to CheckCode returns for install/version/vuln status. |
| modules/post/osx/gather/apfs_encrypted_volume_passwd.rb | Add reasons to Safe/Vulnerable check results (also changes the vulnerable-version matching line). |
| modules/post/osx/escalate/tccbypass.rb | Add reasons to Unknown/Safe/Appears based on macOS version detection. |
| modules/auxiliary/server/relay/esc8.rb | Add Unknown reason when target gives no response. |
| modules/auxiliary/scanner/ssl/openssl_heartbleed.rb | Add reasons to Appears/Safe based on heartbeat behavior. |
| modules/auxiliary/scanner/ssh/ssh_version.rb | Add check_code metadata into report_vuln entries for deprecated algorithms. |
| modules/auxiliary/scanner/smb/smb_version.rb | Add module references; add reporting info + check_code when SMB signing not required. |
| modules/auxiliary/scanner/smb/smb_uninit_cred.rb | Add reasons to Safe/Appears/Vulnerable/Detected outcomes for Samba checks. |
| modules/auxiliary/scanner/smb/smb_ms17_010.rb | Attach computed checkcode to report_vuln. |
| modules/auxiliary/scanner/redis/file_upload.rb | Add reasons to Safe/Vulnerable around CONFIG accessibility. |
| modules/auxiliary/scanner/rdp/ms12_020_check.rb | Add an initial Unknown reason message. |
| modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb | Add initial/exception Unknown reason messages. |
| modules/auxiliary/scanner/ntp/ntp_nak_to_the_future.rb | Add reasons to Appears/Unknown for NTP association behavior. |
| modules/auxiliary/scanner/misc/freeswitch_event_socket_login.rb | Add Appears reason when auth requests are accepted. |
| modules/auxiliary/scanner/http/wp_perfect_survey_sqli.rb | Add reasons to Vulnerable/Safe outcomes. |
| modules/auxiliary/scanner/http/wp_chopslider_id_sqli.rb | Add reasons to Appears/Unknown outcomes. |
| modules/auxiliary/scanner/http/wordpress_content_injection.rb | Add reasons to Safe/Appears/Detected outcomes based on version detection/range. |
| modules/auxiliary/scanner/http/totaljs_traversal.rb | Add reasons to Safe/Vulnerable/Detected/Unknown check results. |
| modules/auxiliary/scanner/http/syncovery_linux_token_cve_2022_36536.rb | Add reasons to Detected/Appears/Safe/Unknown outcomes around platform/version retrieval. |
| modules/auxiliary/scanner/http/surgenews_user_creds.rb | Add reasons to Vulnerable/Safe outcomes. |
| modules/auxiliary/scanner/http/strapi_3_password_reset.rb | Add Safe reason when version is not vulnerable. |
| modules/auxiliary/scanner/http/pretalx_file_read_cve_2023_28459.rb | Add Detected reason when version can’t be determined. |
| modules/auxiliary/scanner/http/netalertx_file_read.rb | Add Unknown reason when response/status is unexpected. |
| modules/auxiliary/scanner/http/ms15_034_http_sys_memory_dump.rb | Add more descriptive Vulnerable/Safe/Unknown reasons. |
| modules/auxiliary/scanner/http/manageengine_deviceexpert_user_creds.rb | Add reasons to Vulnerable/Safe based on credential retrieval. |
| modules/auxiliary/scanner/http/iis_shortname_scanner.rb | Add reasons to Vulnerable/Safe outcomes. |
| modules/auxiliary/scanner/http/grafana_plugin_traversal.rb | Add reasons to Unknown/Safe/Appears outcomes based on response/version parsing. |
| modules/auxiliary/scanner/http/drupal_views_user_enum.rb | Add reasons to Unknown/Safe/Appears outcomes based on endpoint accessibility. |
| modules/auxiliary/scanner/http/dolibarr_16_contact_dump.rb | Add Safe reason when HTTP status is not 200. |
| modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb | Add reasons to Vulnerable/Safe/Unknown outcomes based on version detection. |
| modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.rb | Add reasons to Vulnerable/Safe/Unknown/Appears outcomes during Shellshock check. |
| modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb | Add reasons to Appears/Safe outcomes based on banner match. |
| modules/auxiliary/scanner/ftp/konica_ftp_traversal.rb | Add reasons to Appears/Safe outcomes based on banner match. |
| modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.rb | Add reasons to Detected/Safe outcomes based on banner match. |
| modules/auxiliary/scanner/ftp/colorado_ftp_traversal.rb | Add reasons to Detected/Safe outcomes based on banner match. |
| modules/auxiliary/scanner/ftp/bison_ftp_traversal.rb | Add reasons to Appears/Safe outcomes based on banner match. |
| modules/auxiliary/scanner/dlsw/dlsw_leak_capture.rb | Add reasons to Safe/Vulnerable outcomes based on response/leak detection. |
| modules/auxiliary/scanner/couchdb/couchdb_enum.rb | Add reasons to Unknown/Appears/Safe based on version retrieval and range checks. |
| modules/auxiliary/gather/wp_depicter_sqli_cve_2025_2011.rb | Add Vulnerable reason when SQLi test succeeds. |
| modules/auxiliary/gather/wp_bookingpress_category_services_sqli.rb | Add Vulnerable reason when SQLi test succeeds. |
| modules/auxiliary/gather/tplink_archer_c7_traversal.rb | Add Unknown reason when no response received. |
| modules/auxiliary/gather/thinmanager_traversal_download.rb | Add Unknown reason on connection timeout. |
| modules/auxiliary/gather/suite_crm_export_sqli.rb | Add Vulnerable reason when version is in affected range. |
| modules/auxiliary/gather/joomla_com_realestatemanager_sqli.rb | Add reasons to Vulnerable/Safe based on SQLi confirmation. |
| modules/auxiliary/gather/jetty_web_inf_disclosure.rb | Improve Safe reason to include detected Jetty version. |
| modules/auxiliary/gather/doliwamp_traversal_creds.rb | Add reasons to Vulnerable/Safe based on token discovery. |
| modules/auxiliary/gather/camaleon_download_private_file.rb | Add reasons to Safe/Appears/Vulnerable around version and file retrieval. |
| modules/auxiliary/admin/http/wp_google_maps_sqli.rb | Add Vulnerable reason when SQLi reflection succeeds. |
| modules/auxiliary/admin/http/atlassian_confluence_auth_bypass.rb | Add clearer reasons for Unknown/Safe outcomes during response/version checks. |
Comment on lines
47
to
+50
| osx_version = cmd_exec('sw_vers -productVersion') | ||
| return Exploit::CheckCode::Vulnerable if osx_version =~ /^10\.13[.[0-3]]?$/ | ||
| return Exploit::CheckCode::Vulnerable('macOS 10.13.0-10.13.3 is vulnerable to APFS password disclosure') if osx_version =~ /^10\.13[.[0-3]]?$/ | ||
|
|
||
| Exploit::CheckCode::Safe | ||
| Exploit::CheckCode::Safe('macOS version is not vulnerable to APFS password disclosure') |
There was a problem hiding this comment.
The version-range regex ^10\.13[.[0-3]]?$ does not correctly match macOS 10.13.0–10.13.3 (it’s a character class, so it can match unintended values like 10.13[ and won’t reliably cover 10.13.1, 10.13.2, etc.). Consider parsing osx_version with Rex::Version and doing an explicit range check (>= 10.13.0 && <= 10.13.3), or adjust the regex to ^10\.13(\.[0-3])?$ if you only intend single-digit patch versions.
Comment on lines
226
to
228
| elsif vuln_version?(version) != true | ||
| return Exploit::CheckCode::Safe | ||
| return Exploit::CheckCode::Safe('CameleonCMS version is not vulnerable') | ||
| end |
There was a problem hiding this comment.
Product name appears misspelled in the new CheckCode reason (CameleonCMS). Elsewhere in this module it’s consistently referred to as "Camaleon CMS" (e.g., module name/description). Update the CheckCode reason strings to use the correct product name for consistency and clarity.
Comment on lines
233
to
238
| print_error('Failed to obtain file') | ||
| return Exploit::CheckCode::Appears | ||
| return Exploit::CheckCode::Appears('CameleonCMS version appears vulnerable but file download failed') | ||
| end | ||
|
|
||
| Exploit::CheckCode::Vulnerable | ||
| Exploit::CheckCode::Vulnerable('Successfully downloaded private file from CameleonCMS') | ||
| end |
There was a problem hiding this comment.
Same typo as above: the new CheckCode reason strings use CameleonCMS, but the module/product name is "Camaleon CMS". Please correct the product name in these messages.
adfoster-r7
force-pushed
the
improve-checkcode-messages-1
branch
from
88f94ef to
7a3a004
Compare
adfoster-r7
commented
Apr 22, 2026
| ] | ||
| info: 'Disabling SMB signing allows attackers to intercept and tamper with file-sharing traffic via man-in-the-middle attacks', | ||
| refs: self.references, | ||
| check_code: Msf::Exploit::CheckCode.Appears('SMB signing is not required') |
Contributor
Author
There was a problem hiding this comment.
Slightly unrelated changes; improves the check code message and ensures related modules is correctly populated as the refs for the vuln is now matched with the module
| is_vul ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Safe | ||
| is_vul ? Exploit::CheckCode::Vulnerable('Target is vulnerable to IIS shortname scanning') : Exploit::CheckCode::Safe('Target is not vulnerable to IIS shortname scanning') | ||
| rescue Rex::ConnectionError | ||
| print_bad("Failed to connect to target") |
There was a problem hiding this comment.
On Rex::ConnectionError, this check method prints an error but implicitly returns nil. The console check workflow expects a Msf::Exploit::CheckCode instance; returning nil can cause the framework to treat the check as failed/undetermined. Consider returning Exploit::CheckCode::Unknown('Failed to connect to target') (or similar) from the rescue block.
Suggested change
| print_bad("Failed to connect to target") | |
| print_bad("Failed to connect to target") | |
| Exploit::CheckCode::Unknown('Failed to connect to target') |
adfoster-r7
force-pushed
the
improve-checkcode-messages-1
branch
from
7a3a004 to
f3b07d5
Compare
Contributor
Release NotesImproves multiple module check code messages and statuses. |
cgranleese-r7
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improves multiple module check code messages and statuses
This metadata is currently missing in modules, which means the bubbling up of results to users is often missing
Continuation of #21304
Verification