Add human-readable descriptions to CheckCode returns in modules by adfoster-r7 · Pull Request #21355 · rapid7/metasploit-framework

adfoster-r7 · 2026-04-22T11:02:10Z

Improves multiple module check code messages and statuses

This metadata is currently missing in modules, which means the bubbling up of results to users is often missing

Continuation of #21304

Verification

Ensure CI passes
Ensure the updated messages are sensical

Copilot

Pull request overview

This pull request improves user-facing check output across a wide set of exploit modules by adding human-readable “reason” strings to Exploit::CheckCode::* return values, helping results bubble up more clearly to users.

Changes:

Add descriptive reason strings to many CheckCode returns (Safe/Unknown/Detected/Appears/Vulnerable/Unsupported).
Make check outcomes more self-explanatory (e.g., include detected version/service in the result reason).
Minor related adjustments (e.g., small message tweaks; one module removes a vprint_good line).

Reviewed changes

Copilot reviewed 53 out of 53 changed files in this pull request and generated 11 comments.

Show a summary per file

File	Description
modules/exploits/multi/scada/inductive_ignition_rce.rb	Adds version-specific Appears/Safe reasons.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb	Adds Detected/Safe reasons for SXPG service presence.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb	Adds Detected/Safe reasons for SXPG service presence.
modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb	Adds reasons for connection/service/vuln detection outcomes.
modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb	Adds Safe/Vulnerable reasons for agent-list retrieval and CVE status.
modules/exploits/multi/realserver/describe.rb	Adds Detected/Safe reasons for RealServer RTSP detection.
modules/exploits/multi/postgres/postgres_createlang.rb	Adds Appears/Safe reasons based on version check.
modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb	Adds Appears/Safe reasons based on version check.
modules/exploits/multi/php/wp_duplicator_code_inject.rb	Adds reasons for connection/HTTP status and version result.
modules/exploits/multi/php/php_unserialize_zval_cookie.rb	Adds reasons for no response, HTTP mismatch, version detection, and final status.
modules/exploits/multi/php/jorani_path_trav.rb	Adds reasons for service not running, version unknown, and vulnerable/safe version.
modules/exploits/multi/php/ignition_laravel_debug_rce.rb	Adds reasons for vulnerable version and non-Ignition targets.
modules/exploits/multi/persistence/periodic_script.rb	Adds reasons for writable/non-writable periodic directory.
modules/exploits/multi/misc/xdh_x_exec.rb	Adds reasons for IRC connection/channel join and final vuln state.
modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb	Adds reasons to WebLogic console/version parsing checks.
modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb	Adds reasons to WebLogic console/version parsing checks.
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb	Adds reasons to WebLogic console/version parsing checks.
modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb	Adds Appears reason when version is in vulnerable list.
modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb	Adds Appears reason when version is in vulnerable list.
modules/exploits/multi/misc/weblogic_deserialize_asyncresponseservice.rb	Adds reasons for SOAP fault/non-vulnerable/unknown outcomes.
modules/exploits/multi/misc/weblogic_deserialize.rb	Adds reasons for no response, version-based Appears, and detection/unknown paths.
modules/exploits/multi/misc/w3tw0rk_exec.rb	Adds reasons for IRC connection/channel join and final vuln state.
modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb	Adds Unsupported reason for check.
modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb	Adds reasons for vulnerable echo confirmation and safe case.
modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb	Adds reasons for vulnerable/safe agent version.
modules/exploits/multi/misc/ra1nx_pubcall_exec.rb	Adds reasons for IRC connection failure and vuln/safe result.
modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb	Adds reasons for service detection and safe case.
modules/exploits/multi/misc/pbot_exec.rb	Adds reasons for IRC connection/channel join and final vuln state.
modules/exploits/multi/misc/osgi_console_exec.rb	Adds reasons for vulnerable prompt and safe case.
modules/exploits/multi/misc/openview_omniback_exec.rb	Adds reasons for no reply/vulnerable/safe outcomes for Unix/Windows.
modules/exploits/multi/misc/nomad_exec.rb	Adds reasons for connection/HTTP/unmarshal outcomes and vuln checks.
modules/exploits/multi/misc/nodejs_v8_debugger.rb	Adds reasons for V8 debugger protocol detection and unknown case.
modules/exploits/multi/misc/msfd_rce_remote.rb	Adds reasons for msfd banner detection and unknown case.
modules/exploits/multi/misc/legend_bot_exec.rb	Adds reasons for IRC connection/channel join and final vuln state.
modules/exploits/multi/misc/jboss_remoting_unified_invoker_rce.rb	Adds reasons for handshake match/mismatch and connection errors.
modules/exploits/multi/misc/java_jmx_server.rb	Adds reasons for RMI/JMX endpoint discovery outcomes.
modules/exploits/multi/misc/java_jdwp_debugger.rb	Adds reasons for JDWP handshake nil/success/safe.
modules/exploits/multi/misc/indesign_server_soap.rb	Adds reasons for SOAP response confirming execution vs mismatch.
modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb	Adds reasons for fingerprinting/service detection/version and patch status.
modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb	Adds reasons for ACL denial, auth mismatch, and appears case.
modules/exploits/multi/misc/consul_service_exec.rb	Adds reasons for connection/HTTP/JSON parse and vuln checks.
modules/exploits/multi/misc/consul_rexec_exec.rb	Adds reasons for connection/JSON parse and vuln checks.
modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb	Adds reasons for detection/vuln/connection failures.
modules/exploits/multi/misc/calibre_exec.rb	Adds reasons for connection/version extraction/appears/safe/unknown outcomes.
modules/exploits/multi/misc/bmc_server_automation_rscd_nsh_rce.rb	Adds reasons for detected/unknown/safe outcomes.
modules/exploits/multi/misc/arkeia_agent_exec.rb	Adds reasons for unexpected responses/connection failures and version-based results.
modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb	Adds reasons for invalid response, version detection, and timeout.
modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb	Adds reasons for console lock/auth/version parse/running state.
modules/exploits/multi/local/xorg_x11_suid_server.rb	Adds reasons for console lock/auth/version/running state; removes one verbose log line.
modules/exploits/multi/ftp/wuftpd_site_exec_format.rb	Adds reasons for initial safe state and format string checks.
modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb	Adds reasons for Pure-FTPd detection and confirmed injection.
modules/exploits/multi/elasticsearch/search_groovy_script.rb	Adds reasons for safe vs confirmed Groovy execution.
modules/exploits/multi/elasticsearch/script_mvel_rce.rb	Adds reasons for safe vs confirmed MVEL execution.

    /WebLogic Server Version: (?<version>\d+\.\d+\.\d+\.\d*)/ =~ resp.body
    unless version
      vprint_warning("Oracle WebLogic Server version cannot be found")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('No response received')
    end


    unless res.code == 200
      vprint_error 'Unexpected reply'
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')
    end


    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Connection failed')


  def check
-    CheckCode::Unsupported
+    CheckCode::Unsupported('This module does not support check')
  end


      if !(res and res.length > 0)
        print_status("The remote service did not reply to our request")
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe('The target is not vulnerable')


    unless res.code == 200
      vprint_error 'Unexpected reply'
-      return CheckCode::Safe
+      return CheckCode::Safe('The target is not vulnerable')


    end
    disconnect
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Connection failed')


    end

-    Exploit::CheckCode::Detected # there is no patch at the time of module writing
+    Exploit::CheckCode::Detected('there is no patch at the time of module writing')


      else
-        return CheckCode::Safe
+        return CheckCode::Safe("Calibre version #{version[1]} is not vulnerable")
      end


    /WebLogic Server Version: (?<version>\d+\.\d+\.\d+\.\d*)/ =~ resp.body
    unless version
      vprint_warning("Oracle WebLogic Server version cannot be found")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('No response received')
    end


Copilot

Pull request overview

This PR improves Metasploit module check results by adding human-readable descriptions to CheckCode returns so that check outcomes bubble up to users with clearer context (continuing work from #21304).

Changes:

Add descriptive strings to CheckCode::* returns across many exploit modules.
Clarify check outcomes for version-based and service-detection checks by including product/version context in returned messages.
Minor cleanup in a couple of modules while updating check return paths.

Reviewed changes

Copilot reviewed 53 out of 53 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
modules/exploits/multi/scada/inductive_ignition_rce.rb	Add descriptive `CheckCode` messages for version-based vulnerability check
modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb	Add messages for Detected/Safe outcomes
modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb	Add messages for Detected/Safe outcomes
modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb	Add messages for connection/service/vuln state outcomes
modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb	Add message for failure to retrieve agents and Vulnerable result
modules/exploits/multi/realserver/describe.rb	Add messages for RTSP service detection outcomes
modules/exploits/multi/postgres/postgres_createlang.rb	Add messages for version-based Appears/Safe outcomes
modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb	Add messages for version-based Appears/Safe outcomes
modules/exploits/multi/php/wp_duplicator_code_inject.rb	Add messages for connection/response/version-based outcomes
modules/exploits/multi/php/php_unserialize_zval_cookie.rb	Add messages for response handling and version/vuln outcomes
modules/exploits/multi/php/jorani_path_trav.rb	Add messages for service/version-based outcomes
modules/exploits/multi/php/ignition_laravel_debug_rce.rb	Add messages for version-based Appears/Safe outcomes
modules/exploits/multi/persistence/periodic_script.rb	Add messages for writable/non-writable check outcomes
modules/exploits/multi/misc/xdh_x_exec.rb	Add messages for IRC interaction and vuln state outcomes
modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb	Add messages in (commented-out) check code path
modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb	Add messages in (commented-out) check code path
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb	Add messages in (commented-out) check code path
modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb	Add message for Appears outcome
modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb	Add message for Appears outcome
modules/exploits/multi/misc/weblogic_deserialize_asyncresponseservice.rb	Add messages for SOAP response-based outcomes
modules/exploits/multi/misc/weblogic_deserialize.rb	Add messages for response/version detection outcomes
modules/exploits/multi/misc/w3tw0rk_exec.rb	Add messages for IRC interaction and vuln state outcomes
modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb	Add message explaining Unsupported check
modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb	Add messages for executed-echo confirmation and Safe outcome
modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb	Add messages for version-based Appears/Safe outcomes
modules/exploits/multi/misc/ra1nx_pubcall_exec.rb	Add messages for IRC interaction and vuln state outcomes
modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb	Add messages for Detected/Safe outcomes
modules/exploits/multi/misc/pbot_exec.rb	Add messages for IRC interaction and vuln state outcomes
modules/exploits/multi/misc/osgi_console_exec.rb	Add messages for prompt-based vuln determination
modules/exploits/multi/misc/openview_omniback_exec.rb	Add messages for no-reply/vuln/safe outcomes
modules/exploits/multi/misc/nomad_exec.rb	Add messages for HTTP/JSON parsing and vuln state outcomes
modules/exploits/multi/misc/nodejs_v8_debugger.rb	Add messages for protocol detection and Unknown outcome
modules/exploits/multi/misc/msfd_rce_remote.rb	Add messages for msfd detection and Unknown outcome
modules/exploits/multi/misc/legend_bot_exec.rb	Add messages for IRC interaction and vuln state outcomes
modules/exploits/multi/misc/jboss_remoting_unified_invoker_rce.rb	Add messages for handshake-based Appears/Safe/Unknown outcomes
modules/exploits/multi/misc/java_jmx_server.rb	Add messages for RMI/JMX discovery outcomes
modules/exploits/multi/misc/java_jdwp_debugger.rb	Add messages for handshake outcomes
modules/exploits/multi/misc/indesign_server_soap.rb	Add messages for SOAP response-based vuln determination
modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb	Add messages for fingerprinting/version check outcomes
modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb	Add messages for ACL/protocol checks and Appears outcome
modules/exploits/multi/misc/consul_service_exec.rb	Add messages for HTTP/JSON parsing and vuln state outcomes
modules/exploits/multi/misc/consul_rexec_exec.rb	Add messages for JSON parsing and vuln state outcomes
modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb	Add messages for detection/vuln/connection failures
modules/exploits/multi/misc/calibre_exec.rb	Add messages for connection/version detection outcomes
modules/exploits/multi/misc/bmc_server_automation_rscd_nsh_rce.rb	Add messages for detection/unknown/safe outcomes
modules/exploits/multi/misc/arkeia_agent_exec.rb	Add messages for various unexpected/failed response cases and version outcomes
modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb	Add messages for protocol parsing/validation outcomes
modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb	Add messages for console auth/version/process-state outcomes
modules/exploits/multi/local/xorg_x11_suid_server.rb	Add messages for console auth/version/process-state outcomes
modules/exploits/multi/ftp/wuftpd_site_exec_format.rb	Add messages describing banner/version and exploitability checks
modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb	Add messages for service detection and exploit confirmation outcomes
modules/exploits/multi/elasticsearch/search_groovy_script.rb	Add messages for Safe/Vulnerable outcomes
modules/exploits/multi/elasticsearch/script_mvel_rce.rb	Add messages for Safe/Vulnerable outcomes

    if res.include? "V8-Version" and res.include? "Protocol-Version: 1"
      vprint_status("Got debugger handshake:\n#{res}")
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Node.js V8 debugger protocol detected')
    end

-    Exploit::CheckCode::Unknown
+    Exploit::CheckCode::Unknown('Connection failed')


    data = sock.get_once
    if data.include?("msf")
      disconnect
-      return Exploit::CheckCode::Appears
+      return Exploit::CheckCode::Appears('Target appears to be running msfd')
    end
    disconnect
-    return Exploit::CheckCode::Unknown
+    return Exploit::CheckCode::Unknown('Connection failed')
  end


    begin
      res = send_soap_request('')
    rescue ::Rex::ConnectionError
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Connection failed')
    end


    /WebLogic Server Version: (?<version>\d+\.\d+\.\d+\.\d*)/ =~ resp.body
    unless version
      vprint_warning("Oracle WebLogic Server version cannot be found")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('No response received')
    end


    /WebLogic Server Version: (?<version>\d+\.\d+\.\d+\.\d*)/ =~ resp.body
    unless version
      vprint_warning("Oracle WebLogic Server version cannot be found")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('No response received')
    end


    /WebLogic Server Version: (?<version>\d+\.\d+\.\d+\.\d*)/ =~ resp.body
    unless version
      vprint_warning("Oracle WebLogic Server version cannot be found")
-      return CheckCode::Unknown
+      return CheckCode::Unknown('No response received')
    end


    end

-    Exploit::CheckCode::Detected # there is no patch at the time of module writing
+    Exploit::CheckCode::Detected('there is no patch at the time of module writing')


      if !(res and res.length > 0)
        print_status("The remote service did not reply to our request")
-        return Exploit::CheckCode::Safe
+        return Exploit::CheckCode::Safe('The target is not vulnerable')


Copilot

Pull request overview

This PR improves the user-facing output of check methods across a large set of exploit modules by adding human-readable “reason” strings to CheckCode returns, making check results clearer when surfaced in higher-level tooling/UI.

Changes:

Add descriptive reason strings to CheckCode::* returns across many modules’ check methods.
Adjust a few check paths to return more informative statuses/reasons (e.g., connection/no-response cases).
Normalize some CheckCode call sites to use explicit parentheses for arguments.

Reviewed changes

Copilot reviewed 52 out of 52 changed files in this pull request and generated 20 comments.

Show a summary per file

File	Description
modules/exploits/multi/scada/inductive_ignition_rce.rb	Add version-specific reason strings for Appears/Safe check results.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb	Add Detected/Safe reasons for SOAP RFC SXPG service detection.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb	Add Detected/Safe reasons for SOAP RFC SXPG service detection.
modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb	Add more granular Unknown/Appears/Detected/Safe reasons during SOAP checks.
modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb	Add Safe/Vulnerable reasons around agent-list retrieval and vulnerability reporting.
modules/exploits/multi/realserver/describe.rb	Add Detected/Safe reasons for RTSP service check.
modules/exploits/multi/postgres/postgres_createlang.rb	Add Appears/Safe reason strings for version-based check.
modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb	Add Appears/Safe reason strings for version-based check.
modules/exploits/multi/php/wp_duplicator_code_inject.rb	Add Unknown/Safe/Vulnerable/Detected reasons to HTTP/version checks.
modules/exploits/multi/php/php_unserialize_zval_cookie.rb	Add Unknown/Safe/Appears/Detected reasons for response/version evaluation.
modules/exploits/multi/php/jorani_path_trav.rb	Add more explicit Safe/Detected/Appears reasons during service/version checks.
modules/exploits/multi/php/ignition_laravel_debug_rce.rb	Add Appears/Safe reasons clarifying Laravel/Ignition version evaluation.
modules/exploits/multi/persistence/periodic_script.rb	Normalize CheckCode calls and add explicit Safe/Vulnerable reasons.
modules/exploits/multi/misc/xdh_x_exec.rb	Add Unknown/Vulnerable/Safe reason strings for IRC bot check flow.
modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb	Add Unknown/Appears/Safe reasons for banner/version validation.
modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb	Add Unknown/Appears/Safe reasons for banner/version validation.
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb	Add Unknown/Appears/Safe reasons for banner/version validation.
modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb	Add Appears reason string for vulnerable version match.
modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb	Add Appears reason string for vulnerable version match.
modules/exploits/multi/misc/weblogic_deserialize_asyncresponseservice.rb	Add Vulnerable/Safe/Unknown reasons based on SOAP fault/HTTP response.
modules/exploits/multi/misc/weblogic_deserialize.rb	Add Unknown/Appears/Detected/Unknown reasons for socket/banner detection.
modules/exploits/multi/misc/w3tw0rk_exec.rb	Add Unknown/Vulnerable/Safe reason strings for IRC bot check flow.
modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb	Add Vulnerable/Safe reasons tied to echo execution result.
modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb	Add Appears/Safe reasons for TeamCity agent version check.
modules/exploits/multi/misc/ra1nx_pubcall_exec.rb	Add Unknown/Vulnerable/Safe reason strings for IRC bot check flow.
modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb	Add Detected/Safe reasons for service detection outcome.
modules/exploits/multi/misc/pbot_exec.rb	Add Unknown/Vulnerable/Safe reason strings for IRC bot check flow.
modules/exploits/multi/misc/osgi_console_exec.rb	Add Vulnerable/Safe reasons for OSGi prompt detection.
modules/exploits/multi/misc/openview_omniback_exec.rb	Add Safe/Unknown/Vulnerable reasons for Unix/Windows check branches.
modules/exploits/multi/misc/nomad_exec.rb	Add Unknown/Vulnerable/Appears/Safe reasons for Nomad config-based check.
modules/exploits/multi/misc/nodejs_v8_debugger.rb	Add Unknown guard and Appears/Unknown reasons for V8 debugger detection.
modules/exploits/multi/misc/msfd_rce_remote.rb	Add Unknown reason when no response; add Appears/Unknown reasons for msfd detection.
modules/exploits/multi/misc/legend_bot_exec.rb	Add Unknown/Vulnerable/Safe reason strings for IRC bot check flow.
modules/exploits/multi/misc/jboss_remoting_unified_invoker_rce.rb	Add Appears/Safe/Unknown reasons for handshake/connection outcomes.
modules/exploits/multi/misc/java_jmx_server.rb	Add Safe/Unknown/Detected/Appears reasons across RMI/JMX discovery flow.
modules/exploits/multi/misc/java_jdwp_debugger.rb	Add Unknown/Appears/Safe reasons for JDWP handshake validation.
modules/exploits/multi/misc/indesign_server_soap.rb	Add Vulnerable/Safe reasons for SOAP execution verification.
modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb	Add Unknown/Detected/Safe/Appears reasons for fingerprint/version logic.
modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb	Add Safe/Appears reasons for banner-based vulnerability inference.
modules/exploits/multi/misc/consul_service_exec.rb	Add Unknown/Vulnerable/Safe reasons for Consul config-based check.
modules/exploits/multi/misc/consul_rexec_exec.rb	Add Unknown/Vulnerable/Safe reasons for Consul rexec config-based check.
modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb	Add Safe/Vulnerable/Detected/Unknown reasons for target selection and response handling.
modules/exploits/multi/misc/calibre_exec.rb	Add Unknown/Appears/Safe reasons for connectivity/version parsing outcomes.
modules/exploits/multi/misc/bmc_server_automation_rscd_nsh_rce.rb	Add Detected/Unknown/Safe reasons for agent detection/response validation.
modules/exploits/multi/misc/arkeia_agent_exec.rb	Add Unknown/Appears/Safe reasons for protocol/version checks and failures.
modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb	Add detailed Unknown/Detected reasons for protocol validation and parsing failures.
modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb	Add Safe/Appears/Vulnerable reasons for console auth/version/process checks.
modules/exploits/multi/local/xorg_x11_suid_server.rb	Add Safe/Appears/Vulnerable reasons; remove one vprint_good line during SELinux check path.
modules/exploits/multi/ftp/wuftpd_site_exec_format.rb	Add Safe/Appears reasons for banner/vuln-detection staging logic.
modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb	Add Safe/Vulnerable reasons for Pure-FTPd identification and injection confirmation.
modules/exploits/multi/elasticsearch/search_groovy_script.rb	Add Safe/Vulnerable reasons for Groovy scripting execution confirmation.
modules/exploits/multi/elasticsearch/script_mvel_rce.rb	Add Safe/Vulnerable reasons for MVEL scripting execution confirmation.

      if (res =~ /V.o.l.u.m.e/) # Unicode
        print_status("The remote service is exploitable")
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
      end

-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')


+    return CheckCode::Appears("WebLogic version #{@version_no} appears vulnerable") if versions.include?(@version_no)

    CheckCode::Detected('Version of WebLogic is not vulnerable')
  ensure


    begin
      agents = make_agents_array
    rescue RuntimeError
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('Could not retrieve agent list from Solution Manager')
    end



    if response =~ /#{confirm_string}/
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')


      agent_info = JSON.parse(res.body)
      if agent_info["Config"]["DisableRemoteExec"] == false || agent_info["DebugConfig"]["DisableRemoteExec"] == false
-        return CheckCode::Vulnerable
+        return CheckCode::Vulnerable('The target is vulnerable')


    end

-    Exploit::CheckCode::Appears
+    Exploit::CheckCode::Appears('The target appears to be vulnerable')


    if res =~ /auth/ && res =~ /logged in/
-      Exploit::CheckCode::Vulnerable
+      Exploit::CheckCode::Vulnerable('The target is vulnerable')
    else
-      Exploit::CheckCode::Safe
+      Exploit::CheckCode::Safe('The target is not vulnerable')


    if response =~ /auth/ and response =~ /logged in/
-      return Exploit::CheckCode::Vulnerable
+      return Exploit::CheckCode::Vulnerable('The target is vulnerable')
    else
-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')


    end

    if agent_info['config']['Client']['Options']['driver.raw_exec.enable'] == 'true' || agent_info['config']['Client']['Options']['driver.raw_exec.enable'] == '1'
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable('The target is vulnerable')
    end



      if (res =~ /passwd|group|resolv/)
        vprint_status("The remote service is exploitable")
-        return Exploit::CheckCode::Vulnerable
+        return Exploit::CheckCode::Vulnerable('The target is vulnerable')
      end

-      return Exploit::CheckCode::Safe
+      return Exploit::CheckCode::Safe('The target is not vulnerable')
    end


Copilot

Pull request overview

This PR improves Metasploit module check results by adding human-readable “reason” strings to CheckCode return values (and in a few places adjusting CheckCode statuses), so that upstream consumers can present clearer check outcomes to users.

Changes:

Add descriptive reason strings to many CheckCode::* returns across exploit modules.
Refine some check outcomes (e.g., returning Unknown for connection/response failures) to better reflect uncertainty.
Minor consistency improvements to check-return formatting (e.g., adding parentheses for CheckCode::* calls).

Reviewed changes

Copilot reviewed 52 out of 52 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
modules/exploits/multi/scada/inductive_ignition_rce.rb	Adds version-specific reasons to `Appears`/`Safe` check results.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb	Adds explicit detected/not-detected reasons for SAP SOAP RFC SXPG check.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb	Adds explicit detected/not-detected reasons for SAP SOAP RFC SXPG check.
modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb	Adds reasons for multiple check branches and uses `Unknown` for connection failure.
modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb	Adds `Unknown` reason when agent list retrieval fails; adds `Vulnerable` reason.
modules/exploits/multi/realserver/describe.rb	Adds reasons for RealServer RTSP service detection check.
modules/exploits/multi/postgres/postgres_createlang.rb	Adds reasons to version-based `Appears`/`Safe` checks.
modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb	Adds reasons to version-based `Appears`/`Safe` checks.
modules/exploits/multi/php/wp_duplicator_code_inject.rb	Adds check reasons for connection/HTTP status and version-based outcomes.
modules/exploits/multi/php/php_unserialize_zval_cookie.rb	Adds reasons for response/HTTP/version evaluation outcomes.
modules/exploits/multi/php/jorani_path_trav.rb	Adds reasons for service/version detection and vulnerable/safe outcomes.
modules/exploits/multi/php/ignition_laravel_debug_rce.rb	Adds reasons for `Appears` and `Safe` outcomes.
modules/exploits/multi/persistence/periodic_script.rb	Adds/normalizes reasons for writable directory check results.
modules/exploits/multi/misc/xdh_x_exec.rb	Adds reasons to IRC-bot check outcomes.
modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb	Adds reasons for response validation, version parsing, and version safety outcomes.
modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb	Adds reasons for response validation, version parsing, and version safety outcomes.
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb	Adds reasons for response validation, version parsing, and version safety outcomes.
modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb	Adds reason to `Appears` and changes non-vulnerable outcome to `Safe` with reason.
modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb	Adds reason to `Appears` and changes non-vulnerable outcome to `Safe` with reason.
modules/exploits/multi/misc/weblogic_deserialize_asyncresponseservice.rb	Adds reasons for SOAP fault/HTTP response-based vulnerability assessment.
modules/exploits/multi/misc/weblogic_deserialize.rb	Adds reasons for nil response, vulnerable version inference, detection, and non-WebLogic outcomes.
modules/exploits/multi/misc/w3tw0rk_exec.rb	Adds reasons to IRC-bot check outcomes.
modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb	Adds reasons to echo-based vulnerable/safe check outcomes.
modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb	Adds reasons to version-based `Appears`/`Safe` outcomes.
modules/exploits/multi/misc/ra1nx_pubcall_exec.rb	Adds reasons to IRC bot echo-confirmation check outcomes.
modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb	Adds reasons to service detected/safe outcomes.
modules/exploits/multi/misc/pbot_exec.rb	Adds reasons to IRC-bot check outcomes.
modules/exploits/multi/misc/osgi_console_exec.rb	Adds reasons to OSGi prompt-based vulnerable/safe outcomes.
modules/exploits/multi/misc/openview_omniback_exec.rb	Adds reasons and uses `Unknown` for no-reply scenarios.
modules/exploits/multi/misc/nomad_exec.rb	Adds reasons and uses `Unknown` for unexpected HTTP/parse failures; adds branch reasons for config checks.
modules/exploits/multi/misc/nodejs_v8_debugger.rb	Adds reasons for protocol detection/not-detected outcomes (including nil response).
modules/exploits/multi/misc/msfd_rce_remote.rb	Adds nil-response handling with reason, plus reasons for appears/unknown outcomes.
modules/exploits/multi/misc/legend_bot_exec.rb	Adds reasons to IRC-bot check outcomes.
modules/exploits/multi/misc/jboss_remoting_unified_invoker_rce.rb	Adds reasons for handshake match/mismatch and connection error outcomes.
modules/exploits/multi/misc/java_jmx_server.rb	Adds reasons for RMI/JMX endpoint detection and vulnerability inference.
modules/exploits/multi/misc/java_jdwp_debugger.rb	Adds reasons for nil handshake, successful handshake, and safe outcomes.
modules/exploits/multi/misc/indesign_server_soap.rb	Adds reasons for SOAP execution confirmation vs unexpected response.
modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb	Adds reasons for fingerprinting, detection, version-based appears, and “no patch” detected outcome.
modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb	Adds reasons for ACL denial, non-vulnerable detection, and appears outcome.
modules/exploits/multi/misc/consul_service_exec.rb	Adds reasons and uses `Unknown` for unexpected HTTP/parse failures; adds config-based vulnerability reason.
modules/exploits/multi/misc/consul_rexec_exec.rb	Adds reasons to connection/parse outcomes and config-based vulnerable/safe outcome.
modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb	Adds reasons for detection failure, vulnerable/detected outcomes, and connection failure.
modules/exploits/multi/misc/calibre_exec.rb	Adds reasons for connection/version parsing and version-range evaluation outcomes.
modules/exploits/multi/misc/bmc_server_automation_rscd_nsh_rce.rb	Adds reasons for detected, unknown (unexpected response), and safe outcomes.
modules/exploits/multi/misc/arkeia_agent_exec.rb	Adds reasons for unexpected response vs connection failures and version-based outcomes.
modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb	Adds detailed reasons for length/response validation and detection/version parsing outcomes.
modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb	Adds reasons for console-lock/auth/version/process checks and vulnerable outcome.
modules/exploits/multi/local/xorg_x11_suid_server.rb	Adds reasons for console-lock/auth/version/process checks and vulnerable outcome.
modules/exploits/multi/ftp/wuftpd_site_exec_format.rb	Adds reasons to default status and to version/vuln/exploitability checks.
modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb	Adds reasons for service mismatch, confirmed vulnerability, and safe outcome.
modules/exploits/multi/elasticsearch/search_groovy_script.rb	Adds reasons for safe default and confirmed code-exec vulnerability outcome.
modules/exploits/multi/elasticsearch/script_mvel_rce.rb	Adds reasons for safe default and confirmed code-exec vulnerability outcome.

    end

    res = join(sock)
    if !res =~ /353/ && !res =~ /366/


      if version[1].nil?
-        return CheckCode::Unknown
+        return CheckCode::Unknown('Could not determine the Calibre version')
      else


    connect(true, { 'RHOST' => mbean_server[:address], 'RPORT' => mbean_server[:port] })
    unless is_rmi?
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection failed')


    # check_plugin_version_from_readme('duplicator', '1.2.42')
    version = response.body.to_s.scan(/version: ([^<]*)</).last.first
    if Rex::Version.new(version) <= Rex::Version.new("1.2.40")
-      return CheckCode::Vulnerable
+      return CheckCode::Vulnerable("Duplicator version #{version} is vulnerable")


    res = join(sock)
    if !res =~ /353/ && !res =~ /366/
      vprint_error("#{rhost}:#{rport} - Error joining the #{datastore['CHANNEL']} channel")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection failed')


    res = join(sock)
    if !res =~ /353/ && !res =~ /366/
      vprint_error("#{rhost}:#{rport} - Error joining the #{datastore['CHANNEL']} channel")
-      return Exploit::CheckCode::Unknown
+      return Exploit::CheckCode::Unknown('Connection failed')


Copilot

Pull request overview

This PR improves Metasploit module check output by attaching human-readable descriptions to Exploit::CheckCode return values, helping results “bubble up” to users more clearly (continuing #21304).

Changes:

Add descriptive messages to Exploit::CheckCode::{Safe,Detected,Appears,Vulnerable,Unknown} returns across many modules.
Improve a few check implementations to avoid errors when expected version/banner markers are missing (e.g., Calibre/Duplicator).
Fix several IRC modules’ join-response checks by correcting if !res =~ /.../ to if res !~ /.../.

Reviewed changes

Copilot reviewed 52 out of 52 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
modules/exploits/multi/scada/inductive_ignition_rce.rb	Add version-based vulnerable/non-vulnerable `check` messages.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb	Add detected/safe descriptions for SAP SOAP RFC SXPG service.
modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb	Add detected/safe descriptions for SAP SOAP RFC SXPG service.
modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb	Add clearer `check` outcomes/messages and adjust some statuses.
modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb	Add Unknown/Vulnerable descriptions for agent discovery/vuln.
modules/exploits/multi/realserver/describe.rb	Add detected/safe messages for RealServer RTSP discovery.
modules/exploits/multi/postgres/postgres_createlang.rb	Add Appears/Safe descriptions based on version check.
modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb	Add Appears/Safe descriptions based on version check.
modules/exploits/multi/php/wp_duplicator_code_inject.rb	Add connection/HTTP/version parsing messages; improve version extraction robustness.
modules/exploits/multi/php/php_unserialize_zval_cookie.rb	Add descriptive Unknown/Safe/Appears/Detected return messages.
modules/exploits/multi/php/jorani_path_trav.rb	Add descriptive Safe/Detected/Appears messages during version checks.
modules/exploits/multi/php/ignition_laravel_debug_rce.rb	Add descriptive Appears/Safe messages around Laravel/Ignition detection.
modules/exploits/multi/persistence/periodic_script.rb	Add descriptive Safe/Vulnerable messages and consistent invocation syntax.
modules/exploits/multi/misc/xdh_x_exec.rb	Add descriptive `check` returns and fix join-response regex logic.
modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb	Add descriptive Unknown/Appears/Safe messages with version context.
modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb	Add descriptive Unknown/Appears/Safe messages with version context.
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb	Add descriptive Unknown/Appears/Safe messages with version context.
modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb	Add descriptive Appears message and switch non-vulnerable result to Safe.
modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb	Add descriptive Appears message and switch non-vulnerable result to Safe.
modules/exploits/multi/misc/weblogic_deserialize_asyncresponseservice.rb	Add descriptive Vulnerable/Safe/Unknown messages for SOAP response handling.
modules/exploits/multi/misc/weblogic_deserialize.rb	Add descriptive Unknown/Appears/Detected messages with version/banner context.
modules/exploits/multi/misc/w3tw0rk_exec.rb	Add descriptive `check` returns and fix join-response regex logic.
modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb	Add descriptive Vulnerable/Safe messages for echo-test result.
modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb	Add descriptive Appears/Safe messages for version-based check.
modules/exploits/multi/misc/ra1nx_pubcall_exec.rb	Add descriptive Unknown/Vulnerable/Safe messages.
modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb	Add descriptive Detected/Safe messages.
modules/exploits/multi/misc/pbot_exec.rb	Add descriptive Unknown/Vulnerable/Safe messages.
modules/exploits/multi/misc/osgi_console_exec.rb	Add descriptive Vulnerable/Safe messages for console prompt detection.
modules/exploits/multi/misc/openview_omniback_exec.rb	Add descriptive Unknown/Vulnerable/Safe messages for response markers.
modules/exploits/multi/misc/nomad_exec.rb	Add descriptive Unknown/Vulnerable/Appears/Safe messages for config checks.
modules/exploits/multi/misc/nodejs_v8_debugger.rb	Add descriptive Unknown/Appears messages for protocol detection.
modules/exploits/multi/misc/msfd_rce_remote.rb	Add descriptive Appears/Unknown messages and handle nil banner.
modules/exploits/multi/misc/legend_bot_exec.rb	Add descriptive `check` messages; includes an unintended debug breakpoint.
modules/exploits/multi/misc/jboss_remoting_unified_invoker_rce.rb	Add descriptive Appears/Safe/Unknown messages for handshake/connection errors.
modules/exploits/multi/misc/java_jmx_server.rb	Add descriptive CheckCode messages for RMI/JMX discovery paths.
modules/exploits/multi/misc/java_jdwp_debugger.rb	Add descriptive Unknown/Appears/Safe messages for handshake outcomes.
modules/exploits/multi/misc/indesign_server_soap.rb	Add descriptive Vulnerable/Safe messages for SOAP test script behavior.
modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb	Add descriptive Unknown/Detected/Safe/Appears messages with version context.
modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb	Add descriptive Safe/Appears messages for ACL/auth request detection.
modules/exploits/multi/misc/consul_service_exec.rb	Add descriptive Unknown/Vulnerable/Safe messages for script-check settings.
modules/exploits/multi/misc/consul_rexec_exec.rb	Add descriptive Unknown/Vulnerable/Safe messages for DisableRemoteExec.
modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb	Add descriptive Safe/Vulnerable/Detected/Unknown messages.
modules/exploits/multi/misc/calibre_exec.rb	Improve version parsing robustness and add descriptive Appears/Safe/Unknown messages.
modules/exploits/multi/misc/bmc_server_automation_rscd_nsh_rce.rb	Add descriptive Detected/Unknown/Safe messages for agent detection.
modules/exploits/multi/misc/arkeia_agent_exec.rb	Add descriptive Unknown/Appears/Safe messages across protocol steps.
modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb	Add descriptive Unknown/Detected messages for protocol/version validation.
modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb	Add descriptive Safe/Appears/Vulnerable messages during Xorg checks.
modules/exploits/multi/local/xorg_x11_suid_server.rb	Add descriptive Safe/Appears/Vulnerable messages and adjust output.
modules/exploits/multi/ftp/wuftpd_site_exec_format.rb	Add descriptive Safe/Appears messages for banner and vuln/exploitability tests.
modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb	Add descriptive Safe/Vulnerable messages for Pure-FTPd detection and confirmation.
modules/exploits/multi/elasticsearch/search_groovy_script.rb	Add descriptive Safe/Vulnerable messages for Groovy scripting RCE check.
modules/exploits/multi/elasticsearch/script_mvel_rce.rb	Add descriptive Safe/Vulnerable messages for MVEL scripting RCE check.

  def check
    connect

+require 'pry-byebug'; binding.pry


@@ -114,27 +114,28 @@ def check
    connect

    unless is_rmi?


    Exploit::CheckCode::Safe("Apache ActiveMQ #{version}")
  rescue ::Timeout::Error
-    CheckCode::Unknown
+    CheckCode::Unknown('Could not determine vulnerability status')


…ti exploit modules

Copilot

Pull request overview

This PR improves Metasploit module check results by attaching human-readable descriptions (and in a few places, refining check logic) so that upstream reporting surfaces clearer user-facing status details.

Changes:

Add descriptive strings to many Exploit::CheckCode::* / CheckCode::* returns across modules.
Improve a few check paths for robustness (e.g., missing-version handling, nil-response handling).
Fix several Ruby regex-negation conditionals (!res =~ /.../ → res !~ /.../) while updating check messages.

Reviewed changes

Copilot reviewed 52 out of 52 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
modules/exploits/multi/scada/inductive_ignition_rce.rb	Add detailed `CheckCode` messages for vulnerable/non-vulnerable versions
modules/exploits/multi/sap/sap_soap_rfc_sxpg_command_exec.rb	Add detected/safe descriptions to check results
modules/exploits/multi/sap/sap_soap_rfc_sxpg_call_system_exec.rb	Add detected/safe descriptions to check results
modules/exploits/multi/sap/sap_mgmt_con_osexec_payload.rb	Add descriptive `CheckCode` strings and refine connection-failure status
modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb	Add `Unknown`/`Vulnerable` descriptions for clearer reporting
modules/exploits/multi/realserver/describe.rb	Add detected/safe descriptions to check results
modules/exploits/multi/postgres/postgres_createlang.rb	Add descriptive messages to version-based check
modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb	Add descriptive messages to version-based check
modules/exploits/multi/php/wp_duplicator_code_inject.rb	Add messages + handle missing version parsing explicitly
modules/exploits/multi/php/php_unserialize_zval_cookie.rb	Add descriptive messages to multiple check outcomes
modules/exploits/multi/php/jorani_path_trav.rb	Add messages for service/version detection and vulnerability result
modules/exploits/multi/php/ignition_laravel_debug_rce.rb	Add descriptive appears/safe messages
modules/exploits/multi/persistence/periodic_script.rb	Add messages and normalize `CheckCode` call style
modules/exploits/multi/misc/xdh_x_exec.rb	Add messages + correct regex-negation conditionals
modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb	Add messages to unknown/appears/safe outcomes
modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb	Add messages to unknown/appears/safe outcomes
modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb	Add messages to unknown/appears/safe outcomes
modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb	Add messages; adjust safe/appears messaging
modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb	Add messages; adjust safe/appears messaging
modules/exploits/multi/misc/weblogic_deserialize_asyncresponseservice.rb	Add messages for vulnerable/safe/unknown branches
modules/exploits/multi/misc/weblogic_deserialize.rb	Add messages for unknown/appears/detected outcomes
modules/exploits/multi/misc/w3tw0rk_exec.rb	Add messages + correct regex-negation conditionals
modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb	Add vulnerable/safe descriptions
modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb	Add appears/safe descriptions
modules/exploits/multi/misc/ra1nx_pubcall_exec.rb	Add messages for IRC connection/vulnerability checks
modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb	Add detected/safe descriptions
modules/exploits/multi/misc/pbot_exec.rb	Add messages for IRC connection/vulnerability checks
modules/exploits/multi/misc/osgi_console_exec.rb	Add vulnerable/safe descriptions
modules/exploits/multi/misc/openview_omniback_exec.rb	Add messages + refine no-response handling
modules/exploits/multi/misc/nomad_exec.rb	Add messages and refine unknown/safe outcomes
modules/exploits/multi/misc/nodejs_v8_debugger.rb	Add explicit nil-response handling + messages
modules/exploits/multi/misc/msfd_rce_remote.rb	Add nil-response handling and messages
modules/exploits/multi/misc/legend_bot_exec.rb	Add messages + correct regex-negation conditionals
modules/exploits/multi/misc/jboss_remoting_unified_invoker_rce.rb	Add messages and improve connection-error messaging
modules/exploits/multi/misc/java_jmx_server.rb	Add messages and refine branch handling in `check`
modules/exploits/multi/misc/java_jdwp_debugger.rb	Add messages for nil/appears/safe outcomes
modules/exploits/multi/misc/indesign_server_soap.rb	Add vulnerable/safe descriptions
modules/exploits/multi/misc/hp_data_protector_exec_integutil.rb	Add messages for fingerprint/version and patch-status paths
modules/exploits/multi/misc/freeswitch_event_socket_cmd_exec.rb	Add safe/appears descriptions
modules/exploits/multi/misc/consul_service_exec.rb	Add messages and refine unknown/safe outcomes
modules/exploits/multi/misc/consul_rexec_exec.rb	Add messages and refine parse-failure/connection outcomes
modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb	Add messages for detection/version/connection outcomes
modules/exploits/multi/misc/calibre_exec.rb	Add messages + improve version extraction robustness
modules/exploits/multi/misc/bmc_server_automation_rscd_nsh_rce.rb	Add detected/unknown/safe descriptions
modules/exploits/multi/misc/arkeia_agent_exec.rb	Add richer `Unknown` messages across protocol steps
modules/exploits/multi/misc/apache_activemq_rce_cve_2023_46604.rb	Add messages for each check decision point
modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb	Add messages to check outcomes
modules/exploits/multi/local/xorg_x11_suid_server.rb	Add messages and adjust some check-path reporting
modules/exploits/multi/ftp/wuftpd_site_exec_format.rb	Add messages for banner/version/vuln checks
modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb	Add messages clarifying detection and exploit confirmation
modules/exploits/multi/elasticsearch/search_groovy_script.rb	Add safe/vulnerable descriptions
modules/exploits/multi/elasticsearch/script_mvel_rce.rb	Add safe/vulnerable descriptions

@@ -114,27 +114,28 @@ def check
    connect

    unless is_rmi?


cgranleese-r7 · 2026-04-30T09:45:46Z

Release Notes

Improves multiple module check code messages and statuses.

smcintyre-r7 added this to Metasploit Kanban Apr 22, 2026

github-project-automation Bot moved this to Todo in Metasploit Kanban Apr 22, 2026

adfoster-r7 requested a review from Copilot April 22, 2026 11:02

Copilot started reviewing on behalf of adfoster-r7 April 22, 2026 11:03 View session

Copilot AI reviewed Apr 22, 2026

View reviewed changes

adfoster-r7 requested a review from Copilot April 22, 2026 14:33

Copilot started reviewing on behalf of adfoster-r7 April 22, 2026 14:34 View session

Copilot AI reviewed Apr 22, 2026

View reviewed changes

adfoster-r7 force-pushed the improve-checkcode-messages-8 branch 2 times, most recently from 01ec5b6 to 33e7dae Compare April 22, 2026 17:11

adfoster-r7 requested a review from Copilot April 22, 2026 17:17

Copilot AI reviewed Apr 22, 2026

View reviewed changes

adfoster-r7 force-pushed the improve-checkcode-messages-8 branch from 33e7dae to 76d29f5 Compare April 22, 2026 18:23

adfoster-r7 requested a review from Copilot April 23, 2026 12:11

Copilot started reviewing on behalf of adfoster-r7 April 23, 2026 12:12 View session

Copilot AI reviewed Apr 23, 2026

View reviewed changes

adfoster-r7 force-pushed the improve-checkcode-messages-8 branch from 76d29f5 to 3e771f4 Compare April 25, 2026 09:44

adfoster-r7 requested a review from Copilot April 25, 2026 09:44

Copilot started reviewing on behalf of adfoster-r7 April 25, 2026 09:44 View session

Copilot AI reviewed Apr 25, 2026

View reviewed changes

Add human-readable descriptions to CheckCode returns in remaining mul…

1e3727b

…ti exploit modules

adfoster-r7 force-pushed the improve-checkcode-messages-8 branch from 3e771f4 to 1e3727b Compare April 25, 2026 09:52

adfoster-r7 requested a review from Copilot April 25, 2026 10:27

Copilot started reviewing on behalf of adfoster-r7 April 25, 2026 10:28 View session

Copilot AI reviewed Apr 25, 2026

View reviewed changes

Comment thread modules/exploits/multi/misc/java_jmx_server.rb

@@ -114,27 +114,28 @@ def check

connect

unless is_rmi?

cgranleese-r7 self-assigned this Apr 30, 2026

cgranleese-r7 approved these changes Apr 30, 2026

View reviewed changes

github-project-automation Bot moved this from Todo to In Progress in Metasploit Kanban Apr 30, 2026

cgranleese-r7 merged commit b3fbece into rapid7:master Apr 30, 2026
24 of 25 checks passed

github-project-automation Bot moved this from In Progress to Done in Metasploit Kanban Apr 30, 2026

cgranleese-r7 added the rn-enhancement release notes enhancement label Apr 30, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add human-readable descriptions to CheckCode returns in modules#21355

Add human-readable descriptions to CheckCode returns in modules#21355
cgranleese-r7 merged 1 commit intorapid7:masterfrom
adfoster-r7:improve-checkcode-messages-8

adfoster-r7 commented Apr 22, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

cgranleese-r7 commented Apr 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

adfoster-r7 commented Apr 22, 2026

Verification

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

cgranleese-r7 commented Apr 30, 2026

Release Notes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants