Add human-readable descriptions to CheckCode returns in remaining multi exploit modules

Author: adfoster-r7

modules/exploits/multi/elasticsearch/script_mvel_rce.rb

@@ -60,10 +60,10 @@ def initialize(info = {})
   end
 
   def check
-    result = Exploit::CheckCode::Safe
+    result = Exploit::CheckCode::Safe('Elasticsearch does not appear to be vulnerable')
 
     if vulnerable?
-      result = Exploit::CheckCode::Vulnerable
+      result = Exploit::CheckCode::Vulnerable('Arbitrary Java execution confirmed via MVEL scripting')
     end
 
     result

modules/exploits/multi/elasticsearch/search_groovy_script.rb

@@ -58,10 +58,10 @@ module has been tested successfully on ElasticSearch 1.4.2 on Ubuntu Server 12.0
   end
 
   def check
-    result = Exploit::CheckCode::Safe
+    result = Exploit::CheckCode::Safe('Elasticsearch does not appear to be vulnerable')
 
     if vulnerable?
-      result = Exploit::CheckCode::Vulnerable
+      result = Exploit::CheckCode::Vulnerable('Arbitrary Java execution confirmed via Groovy scripting')
     end
 
     result

modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb

@@ -85,17 +85,17 @@ def check
     command = "echo auth_ok:1; echo uid:#{random_id}; echo gid:#{random_id}; echo dir:/tmp; echo end"
     if send_command(username, command) =~ /^2\d\d ok./i
       disconnect
-      return CheckCode::Safe if banner !~ /pure-ftpd/i
+      return CheckCode::Safe('Target does not appear to be running Pure-FTPd') if banner !~ /pure-ftpd/i
 
       command = "echo auth_ok:0; echo end"
       if send_command(username, command) =~ /^5\d\d login authentication failed/i
         disconnect
-        return CheckCode::Vulnerable
+        return CheckCode::Vulnerable('Pure-FTPd bash environment variable injection confirmed')
       end
     end
     disconnect
 
-    CheckCode::Safe
+    CheckCode::Safe('Pure-FTPd not vulnerable to bash environment variable injection')
   end
 
   def execute_command(cmd, _opts)

modules/exploits/multi/ftp/wuftpd_site_exec_format.rb

@@ -120,21 +120,21 @@ def check
 
     # We just want the banner to check against our targets..
     vprint_status("FTP Banner: #{banner.strip}")
-    status = Exploit::CheckCode::Safe
+    status = Exploit::CheckCode::Safe('WU-FTPD not detected or version is not vulnerable')
     if banner =~ /Version wu-2\.(4|5)/
-      status = Exploit::CheckCode::Appears
+      status = Exploit::CheckCode::Appears('WU-FTPD 2.x version detected')
     elsif banner =~ /Version wu-2\.6\.0/
-      status = Exploit::CheckCode::Appears
+      status = Exploit::CheckCode::Appears('WU-FTPD 2.6.0 detected')
     end
 
     # If we've made it this far, we care if login succeeded.
     if (ret)
       # NOTE: vulnerable and exploitable might not mean the same thing here :)
       if not fmtstr_detect_vulnerable
-        status = Exploit::CheckCode::Safe
+        status = Exploit::CheckCode::Safe('Format string vulnerability not detected')
       end
       if not fmtstr_detect_exploitable
-        status = Exploit::CheckCode::Safe
+        status = Exploit::CheckCode::Safe('Format string vulnerability not exploitable')
       end
     end
 

modules/exploits/multi/local/xorg_x11_suid_server.rb

@@ -118,14 +118,12 @@ def check
         user = cmd_exec('id -un')
         unless exist?("/var/run/console/#{user}")
           vprint_error("No console lock for #{user}")
-          return CheckCode::Safe
+          return CheckCode::Safe("No console lock for #{user}")
         end
         vprint_good("Console lock for #{user}")
       end
 
       return CheckCode::Safe('SELinux is enforcing') if selinux_installed? && selinux_enforcing?
-
-      vprint_good('SELinux is not an issue')
     end
 
     # suid program check
@@ -148,27 +146,27 @@ def check
       v = Rex::Version.new(x_version.scan(/\d\.\d+\.\d+/).first)
       unless v.between?(Rex::Version.new('1.19.0'), Rex::Version.new('1.20.2'))
         vprint_error "Xorg version #{v} not supported"
-        return CheckCode::Safe
+        return CheckCode::Safe("Xorg version #{v} is not in the vulnerable range")
       end
     elsif x_version.include?('Fatal server error')
       vprint_error 'User probably does not have console auth'
       vprint_error 'Below is Xorg -version output'
       vprint_error x_version
-      return CheckCode::Safe
+      return CheckCode::Safe('User does not have console auth')
     else
       vprint_warning('Could not parse Xorg -version output')
-      return CheckCode::Appears
+      return CheckCode::Appears('Could not parse Xorg version, but Xorg is SUID')
     end
     vprint_good("Xorg version #{v} is vulnerable")
 
     # process check for /X
     proc_list = cmd_exec 'ps ax'
     if proc_list.include?('/X ')
       vprint_warning('Xorg in process list')
-      return CheckCode::Appears
+      return CheckCode::Appears("Xorg version #{v} is vulnerable but Xorg is already running")
     end
     vprint_good('Xorg does not appear running')
-    return CheckCode::Vulnerable
+    return CheckCode::Vulnerable("Xorg version #{v} is vulnerable and not currently running")
   end
 
   def on_new_session(session)

modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb

@@ -102,7 +102,7 @@ def check
         user = cmd_exec('id -un')
         unless exist?("/var/run/console/#{user}")
           vprint_error("No console lock for #{user}")
-          return CheckCode::Safe
+          return CheckCode::Safe("No console lock for #{user}")
         end
         vprint_good("Console lock for #{user}")
       end
@@ -132,21 +132,21 @@ def check
       vprint_error 'User probably does not have console auth'
       vprint_error 'Below is Xorg -version output'
       vprint_error x_version
-      return CheckCode::Safe
+      return CheckCode::Safe('User does not have console auth')
     else
       vprint_warning('Could not parse Xorg -version output')
-      return CheckCode::Appears
+      return CheckCode::Appears('Could not parse Xorg version, but Xorg is SUID')
     end
     vprint_good("Xorg version #{v} is vulnerable")
 
     # process check for /X
     proc_list = cmd_exec 'ps ax'
     if proc_list.include?('/X ')
       vprint_warning('Xorg in process list')
-      return CheckCode::Appears
+      return CheckCode::Appears("Xorg version #{v} is vulnerable but Xorg is already running")
     end
     vprint_good('Xorg does not appear to be running')
-    return CheckCode::Vulnerable
+    return CheckCode::Vulnerable("Xorg version #{v} is vulnerable and not currently running")
   end
 
   def check_arch_and_compile(path, data)

modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb

@@ -81,21 +81,21 @@ def check
 
     len = sock.timed_read(4)&.unpack1('N')
 
-    return CheckCode::Unknown if len.nil? || len > 0x2000 # upper limit in case the service isn't ActiveMQ
+    return CheckCode::Unknown('Invalid or unexpected response length') if len.nil? || len > 0x2000 # upper limit in case the service isn't ActiveMQ
 
     res = sock.timed_read(len)
 
     disconnect
 
-    return CheckCode::Unknown unless res
+    return CheckCode::Unknown('No response received from target') unless res
 
     _, magic = res.unpack('CZ*')
 
-    return CheckCode::Unknown unless res.length == len
+    return CheckCode::Unknown('Response length mismatch') unless res.length == len
 
-    return CheckCode::Unknown unless magic == 'ActiveMQ'
+    return CheckCode::Unknown('Target is not an ActiveMQ service') unless magic == 'ActiveMQ'
 
-    return CheckCode::Detected unless res =~ /ProviderVersion...(\d+\.\d+\.\d+)/
+    return CheckCode::Detected('ActiveMQ detected but version could not be determined') unless res =~ /ProviderVersion...(\d+\.\d+\.\d+)/
 
     version = Rex::Version.new(::Regexp.last_match(1))
 
@@ -114,7 +114,7 @@ def check
 
     Exploit::CheckCode::Safe("Apache ActiveMQ #{version}")
   rescue ::Timeout::Error
-    CheckCode::Unknown
+    CheckCode::Unknown('Could not determine vulnerability status')
   end
 
   def exploit