Module: Msf::Exploit::CheckCode

Defined in:
lib/msf/core/exploit.rb

Overview

The various check codes that can be returned from the “check'' routine. Please read the following wiki to learn how these codes are used: github.com/rapid7/metasploit-framework/wiki/How-to-write-a-check()-method

Constant Summary collapse

Unknown =

Can't tell if the target is exploitable or not. This is recommended if the module fails to retrieve enough information from the target machine, such as due to a timeout.

[ 'unknown', "Cannot reliably check exploitability."]
Safe =

The target is safe and is therefore not exploitable. This is recommended after the check fails to trigger the vulnerability, or even detect the service.

[ 'safe', "The target is not exploitable." ]
Detected =

The target is running the service in question, but the check fails to determine whether the target is vulnerable or not.

[ 'detected', "The target service is running, but could not be validated." ]
Appears =

The target appears to be vulnerable. This is recommended if the vulnerability is determined based on passive reconnaissance. For example: version, banner grabbing, or having the resource that's known to be vulnerable.

[ 'appears', "The target appears to be vulnerable." ]
Vulnerable =

The target is vulnerable. Only used if the check is able to actually take advantage of the bug, and obtain hard evidence. For example: executing a command on the target machine, and retrieve the output.

[ 'vulnerable', "The target is vulnerable." ]
Unsupported =

The module does not support the check method.

[ 'unsupported', "This module does not support check." ]