Add human-readable descriptions to CheckCode returns in modules

modules/exploits/linux/http/accellion_fta_getstatus_oauth.rb

@@ -74,7 +74,7 @@ def check
     })
 
     unless res && res.code == 200 && res.body.to_s =~ /"result_msg":"MD5 token is invalid"/
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
     end
 
     res = send_request_cgi({
@@ -87,10 +87,10 @@ def check
     })
 
     unless res && res.code == 200 && res.body.to_s =~ /"result_msg":"Success","transaction_id":"/
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
     end
 
-    Msf::Exploit::CheckCode::Vulnerable
+    Msf::Exploit::CheckCode::Vulnerable('The target is vulnerable')
   end
 
   def exploit

modules/exploits/linux/http/advantech_switch_bash_env_exec.rb

@@ -75,19 +75,19 @@ def check
     )
     if !res
       vprint_error("No response from host")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
     elsif res.headers['Server'] =~ /Boa\/(.*)/
       vprint_status("Found Boa version #{$1}")
     else
       print_status("Target is not a Boa web server")
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
     end
 
     if res.body.to_s.index('127.0.0.1 ping statistics')
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
     else
       vprint_error("Target does not appear to be an Advantech switch")
-      return Expoit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
     end
   end
 

modules/exploits/linux/http/airties_login_cgi_bof.rb

@@ -69,13 +69,13 @@ def check
       })
 
       if res && [200, 301, 302].include?(res.code) && res.body.to_s =~ /login.html\?ErrorCode=2/
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
       end
     rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
   end
 
   def exploit

modules/exploits/linux/http/alienvault_exec.rb

@@ -87,9 +87,9 @@ def check
     })
 
     if res && res.code == 200 && res.body =~ /XPATH syntax error: ':#{r}'/
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('The target is vulnerable')
     else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')
     end
   end
 

modules/exploits/linux/http/alienvault_sqli_exec.rb

@@ -75,10 +75,10 @@ def check
     })
 
     if res && res.code == 200 && res.body =~ /#{marker}726F6F7440[0-9a-zA-Z]+#{marker}/ # 726F6F7440 = root
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     else
       print_status("#{res.body}")
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
     end
   end
 

modules/exploits/linux/http/apache_airflow_dag_rce.rb

@@ -103,7 +103,7 @@ def check
     end
 
     unless Rex::Version.new(version_number) < Rex::Version.new('1.10.11')
-      return CheckCode::Safe
+      return CheckCode::Safe("Version #{version_number} is not vulnerable")
     end
 
     vprint_status(
@@ -115,7 +115,7 @@ def check
     check_task
     check_unpaused
 
-    return CheckCode::Appears
+    return CheckCode::Appears("Version #{version_number} appears to be vulnerable")
   end
 
   def check_api

modules/exploits/linux/http/apache_continuum_cmd_exec.rb

@@ -56,11 +56,11 @@ def check
     )
 
     if res && res.body.include?('1.4.2')
-      CheckCode::Appears
+      CheckCode::Appears('The target appears to be vulnerable')
     elsif res && res.code == 200
-      CheckCode::Detected
+      CheckCode::Detected('The target service was detected')
     else
-      CheckCode::Safe
+      CheckCode::Safe('The target is not vulnerable')
     end
   end
 

modules/exploits/linux/http/apache_couchdb_cmd_exec.rb

@@ -77,16 +77,16 @@ def post_auth?
 
   def check
     get_version
-    return CheckCode::Unknown if @version.nil?
+    return CheckCode::Unknown('Could not determine the target status') if @version.nil?
 
     version = Rex::Version.new(@version)
-    return CheckCode::Unknown if version.version.empty?
+    return CheckCode::Unknown('Could not determine the target status') if version.version.empty?
 
     vprint_status "Found CouchDB version #{version}"
 
-    return CheckCode::Appears if version < Rex::Version.new('1.7.0') || version.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.1.0'))
+    return CheckCode::Appears("Version #{version} appears to be vulnerable") if version < Rex::Version.new('1.7.0') || version.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.1.0'))
 
-    CheckCode::Safe
+    CheckCode::Safe("Version #{version} is not vulnerable")
   end
 
   def exploit

modules/exploits/linux/http/apache_druid_js_rce.rb

@@ -138,11 +138,11 @@ def check
     end
 
     unless res.code == 200
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
     end
 
     if res.body.include?(genecho)
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable('The target is vulnerable')
     end
 
     CheckCode::Unknown('Target does not seem to be running Apache Druid.')

modules/exploits/linux/http/artica_proxy_auth_bypass_service_cmds_peform_command_injection.rb

@@ -93,9 +93,9 @@ def check
     end
     rand_string = Rex::Text.rand_text_alphanumeric(4..16)
     if execute_command("echo #{Rex::Text.encode_base64(rand_string)}|base64 -d").include?(rand_string)
-      CheckCode::Appears
+      CheckCode::Appears('The target appears to be vulnerable')
     else
-      CheckCode::Safe
+      CheckCode::Safe('The target is not vulnerable')
     end
   end
 

modules/exploits/linux/http/artica_proxy_unauth_rce_cve_2024_2054.rb

@@ -172,7 +172,7 @@ def check
         return CheckCode::Safe("Artica version: #{version[1]}")
       end
     end
-    CheckCode::Unknown
+    CheckCode::Unknown('Could not determine the target status')
   end
 
   def exploit

modules/exploits/linux/http/astium_sqli_upload.rb

@@ -68,9 +68,9 @@ def check
     })
 
     if res and res.code == 302 and res.body =~ /direct entry from outside/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
     else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
   end
 

modules/exploits/linux/http/atutor_filemanager_traversal.rb

@@ -90,20 +90,20 @@ def check
     # obviously not ideal, but if anyone knows better, feel free to change
     unless datastore['USERNAME'] && datastore['PASSWORD']
       # if we cant login, it may still be vuln
-      return Exploit::CheckCode::Unknown 'Check requires credentials. The target may still be vulnerable. If so, it may be possible to bypass authentication.'
+      return Exploit::CheckCode::Unknown('Check requires credentials. The target may still be vulnerable. If so, it may be possible to bypass authentication.')
     end
 
     student_cookie = login(datastore['USERNAME'], datastore['PASSWORD'], check = true)
     if !student_cookie.nil? && disclose_web_root
       begin
         if upload_shell(student_cookie, check = true) && found
-          return Exploit::CheckCode::Vulnerable
+          return Exploit::CheckCode::Vulnerable('The target is vulnerable')
         end
       rescue Msf::Exploit::Failed => e
         vprint_error(e.message)
       end
     end
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Could not determine the target status')
   end
 
   def create_zip_file(check = false)

modules/exploits/linux/http/axis_app_install.rb

@@ -85,10 +85,10 @@ def check
       'uri' => normalize_uri(target_uri.path, '/axis-cgi/prod_brand_info/getbrand.cgi')
     })
 
-    return CheckCode::Unknown unless res && (res.code == 200)
+    return CheckCode::Unknown('Could not determine the target status') unless res && (res.code == 200)
 
     body_json = res.get_json_document
-    return CheckCode::Unknown if body_json.empty? || body_json.dig('Brand', 'ProdShortName').nil?
+    return CheckCode::Unknown('Could not determine the target status') if body_json.empty? || body_json.dig('Brand', 'ProdShortName').nil?
 
     # The brand / model are now known
     check_comment = "The target reports itself to be a '#{body_json.dig('Brand', 'ProdShortName')}'."
@@ -102,7 +102,7 @@ def check
     })
 
     # A strange edge case where there is no response... respond detected
-    return CheckCode::Detected unless res
+    return CheckCode::Detected('The target service was detected') unless res
     # Respond safe if credentials fail, to prevent the exploit from running
     return CheckCode::Safe('The user provided credentials did not work.') if res.code == 401
     # Assume any non-200 means the API doesn't exist

modules/exploits/linux/http/axis_srv_parhand_rce.rb

@@ -90,10 +90,10 @@ def check
     )
 
     if res && res.code == 204
-      return CheckCode::Appears
+      return CheckCode::Appears('The target appears to be vulnerable')
     end
 
-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit

modules/exploits/linux/http/belkin_login_bof.rb

@@ -72,13 +72,13 @@ def check
          res.headers['Server'] =~ /minhttpd/ &&
          res.body =~ /u_errpaswd/
 
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
       end
     rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
 
-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Could not determine the target status')
   end
 
   def exploit

modules/exploits/linux/http/beyondtrust_pra_rs_unauth_rce.rb

@@ -83,14 +83,14 @@ def initialize(info = {})
 
   def check
     product_version = get_version
-    return CheckCode::Unknown unless product_version
+    return CheckCode::Unknown('Could not determine the target status') unless product_version
 
     product_version = Rex::Version.new(product_version)
     if Rex::Version.new(product_version) <= Rex::Version.new('24.3.1')
       return CheckCode::Appears("Detected version #{product_version}")
     end
 
-    CheckCode::Safe
+    CheckCode::Safe("Version #{product_version} is not vulnerable")
   end
 
   def exploit

modules/exploits/linux/http/bitbucket_git_cmd_injection.rb

@@ -107,33 +107,33 @@ def check
     vprint_status("Found Bitbucket version: #{matches[1]}")
 
     num_vers = Rex::Version.new(version_str)
-    return CheckCode::NotVulnerable if num_vers <= Rex::Version.new('6.10.17')
+    return CheckCode::Safe("Version #{version_str} is not vulnerable") if num_vers <= Rex::Version.new('6.10.17')
 
     major, minor, revision = version_str.split('.')
     case major
     when '6'
-      return CheckCode::Appears
+      return CheckCode::Appears("Version #{version_str} appears to be vulnerable")
     when '7'
       case minor
       when '6'
-        return CheckCode::Appears if revision.to_i < 17
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 17
       when '17'
-        return CheckCode::Appears if revision.to_i < 10
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 10
       when '21'
-        return CheckCode::Appears if revision.to_i < 4
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 4
       end
     when '8'
       case minor
       when '0', '1'
-        return CheckCode::Appears if revision.to_i < 3
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 3
       when '2'
-        return CheckCode::Appears if revision.to_i < 2
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 2
       when '3'
-        return CheckCode::Appears if revision.to_i < 1
+        return CheckCode::Appears("Version #{version_str} appears to be vulnerable") if revision.to_i < 1
       end
     end
 
-    CheckCode::Detected
+    CheckCode::Detected("Target detected: version #{version_str}")
   end
 
   def username

modules/exploits/linux/http/bludit_upload_images_exec.rb

@@ -89,27 +89,27 @@ def check
 
     unless res
       vprint_error('Connection timed out')
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
     end
 
     html = res.get_html_document
     generator_tag = html.at('meta[@name="generator"]')
     unless generator_tag
       vprint_error('No generator metadata tag found in HTML')
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
     end
 
     content_attr = generator_tag.attributes['content']
     unless content_attr
       vprint_error("No content attribute found in metadata tag")
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
     end
 
     if content_attr.value == 'Bludit'
-      return CheckCode::Detected
+      return CheckCode::Detected('The target service was detected')
     end
 
-    CheckCode::Safe
+    CheckCode::Safe('The target is not vulnerable')
   end
 
   def get_uuid(login_badge)

modules/exploits/linux/http/cayin_cms_ntp.rb

@@ -75,10 +75,10 @@ def check
 
     if res.body.include?('var model = "CMS') && res.body.include?('STR_CAYIN_LOGO')
       print_good('Cayin CMS install detected')
-      return CheckCode::Detected
+      return CheckCode::Detected('Cayin CMS install detected')
     end
 
-    CheckCode::Safe
+    CheckCode::Safe('The target is not a Cayin CMS install')
   rescue ::Rex::ConnectionError
     CheckCode::Safe('Could not connect to the web service, check URI Path and IP')
   end

modules/exploits/linux/http/centreon_sqli_exec.rb

@@ -71,21 +71,21 @@ def check
     res = send_session_id(random_id)
 
     unless res && res.code == 200 && res.headers['Content-Type'] && res.headers['Content-Type'] == 'image/gif'
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
     end
 
     injection = "#{random_id}' or 'a'='a"
     res = send_session_id(injection)
 
     if res && res.code == 200
       if res.body && res.body.to_s =~ /sh: graph: command not found/
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
       elsif res.headers['Content-Type'] && res.headers['Content-Type'] == 'image/gif'
-        return Exploit::CheckCode::Detected
+        return Exploit::CheckCode::Detected('The target service was detected')
       end
     end
 
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit