Add human-readable descriptions to CheckCode returns in unix/webapp exploit modules

Author: adfoster-r7

modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb

@@ -70,19 +70,19 @@ def check
     res = send_request_raw('uri' => normalize_uri(target_uri.path, 'aa.php'))
     if !res
       vprint_error("Connection failed")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
     elsif res.code == 404
       vprint_error("Could not find aa.php")
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
     elsif res.code == 200 && res.body =~ /ActualAnalyzer Lite/ && res.body =~ /Admin area<\/title>/
       vprint_error("ActualAnalyzer is not installed. Try installing first.")
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
     end
     # check version
     res = send_request_raw('uri' => normalize_uri(target_uri.path, 'view.php'))
     if !res
       vprint_error("Connection failed")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
     elsif res.code == 200 && /title="ActualAnalyzer Lite \(free\) (?<version>[\d\.]+)"/ =~ res.body
       vprint_status("Found version: #{version}")
       if Rex::Version.new(version) <= Rex::Version.new('2.81')
@@ -92,13 +92,13 @@ def check
           info: "Module #{fullname} detected ActualAnalyzer #{version}",
           refs: references
         )
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
       end
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
     elsif res.code == 200 && res.body =~ /ActualAnalyzer Lite/
-      return Exploit::CheckCode::Detected
+      return Exploit::CheckCode::Detected('The target service was detected')
     end
-    Exploit::CheckCode::Safe
+    Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   #

modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb

@@ -59,11 +59,11 @@ def check
 
     unless res
       vprint_error 'Connection failed'
-      return CheckCode::Unknown
+      return CheckCode::Unknown('Could not determine the target status')
     end
 
     unless res.body =~ /ajenti/i
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
     end
 
     version = res.body.scan(/'ajentiVersion', '([\d\.]+)'/).flatten.first
@@ -73,10 +73,10 @@ def check
     end
 
     if version == '2.1.31'
-      return CheckCode::Appears
+      return CheckCode::Appears("Version #{version} appears to be vulnerable")
     end
 
-    CheckCode::Detected
+    CheckCode::Detected("Detected version #{version}")
   end
 
   def exploit

modules/exploits/unix/webapp/arkeia_upload_exec.rb

@@ -71,13 +71,13 @@ def check
     if res and res.code == 200 and res.body =~ /v(\d+\.\d+\.\d+)/
       version = $1
     else
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Could not determine the target status')
     end
 
     vprint_status("Version #{version} detected")
 
     if version > "10.0.10"
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
     end
 
     # Check for vulnerable component
@@ -90,10 +90,10 @@ def check
     })
 
     if res and res.code == 200 and res.body =~ /Les versions brutes des messages est affichee ci-dessous/
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears("Version #{version} appears to be vulnerable")
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe("Version #{version} is not vulnerable")
   end
 
   def exploit

modules/exploits/unix/webapp/awstats_configdir_exec.rb

@@ -66,10 +66,10 @@ def check
     }, 25)
 
     if (res and res.body.match(/localhost/))
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit

modules/exploits/unix/webapp/awstats_migrate_exec.rb

@@ -70,10 +70,10 @@ def check
     }, 25)
 
     if (res and res.body.match(/localhost/))
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit

modules/exploits/unix/webapp/awstatstotals_multisort.rb

@@ -64,10 +64,10 @@ def check
     }, 25)
 
     if (res and res.body.match(/localhost/))
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit

modules/exploits/unix/webapp/barracuda_img_exec.rb

@@ -66,10 +66,10 @@ def check
     }, 25)
 
     if (res and res.body.match(/localhost/))
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit

modules/exploits/unix/webapp/basilic_diff_exec.rb

@@ -75,10 +75,10 @@ def check
     })
 
     if res and res.code == 200 and res.body =~ /#{sig}/
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
-    return Exploit::CheckCode::Safe
+    return Exploit::CheckCode::Safe('The target is not vulnerable')
   end
 
   def exploit

modules/exploits/unix/webapp/byob_unauth_rce.rb

@@ -128,11 +128,11 @@ def check
     })
 
     if res&.code == 500
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable('The target is vulnerable')
     else
       case res&.code
       when 200
-        return CheckCode::Safe
+        return CheckCode::Safe('The target is not vulnerable')
       when nil
         return CheckCode::Unknown('The target did not respond.')
       else

modules/exploits/unix/webapp/carberp_backdoor_exec.rb

@@ -59,10 +59,10 @@ def check
     confirm_string = rand_text_alpha(8)
     cmd = "echo '#{confirm_string}';"
     shell = http_send_command(cmd)
-    check_code = Exploit::CheckCode::Safe
+    check_code = Exploit::CheckCode::Safe('The target is not vulnerable')
 
     if shell and shell.body.include?(confirm_string)
-      check_code = Exploit::CheckCode::Vulnerable
+      check_code = Exploit::CheckCode::Vulnerable('The target is vulnerable')
     end
 
     check_code