diff --git a/lib/metasploit/framework/login_scanner/glassfish.rb b/lib/metasploit/framework/login_scanner/glassfish.rb
index dabd3fd92f..5f6c56584f 100644
--- a/lib/metasploit/framework/login_scanner/glassfish.rb
+++ b/lib/metasploit/framework/login_scanner/glassfish.rb
@@ -5,6 +5,10 @@ module Metasploit
   module Framework
     module LoginScanner
 
+      # I don't want to raise RuntimeError to be able to abort login
+      class GlassfishError < StandardError
+      end
+
       class Glassfish < HTTP
 
         DEFAULT_PORT  = 4848
@@ -24,9 +28,9 @@ module Metasploit
 
 
         def set_sane_defaults
+          super
           self.ssl = false
           self.ssl_version = 'TLS1'
-          super
         end
 
 
@@ -50,12 +54,12 @@ module Metasploit
 
 
         #
-        # Starting Glassfish 4, by default bruteforce doesn't work because Secure Admin is enabled,
+        # Starting Glassfish 4, by default bruteforce doesn't work because Secure Admin is disabled,
         # which means nobody can login remotely. You will only find out about this when you try to
         # login, so this should be called during the login process
         #
         def is_secure_admin_disabled?(res)
-          return (res.body =~ /Secure Admin must be enabled/) ? true : false
+          return (res.body =~ /Secure Admin must be enabled/i) ? true : false
         end
 
 
@@ -81,7 +85,9 @@ module Metasploit
           res = send_request(opts)
 
           if is_secure_admin_disabled?(res)
-            raise RuntimeError, "Secure Admin is enabled. Cannot brute force this."
+            # Using the exact error message Glassfish says, that way the user can google what
+            # it's about.
+            raise GlassfishError, "Secure Admin must be enabled to access the DAS remotely."
           end
 
           res
@@ -152,7 +158,7 @@ module Metasploit
               status = try_glassfish_3(credential)
               result_opts.merge!(status: status[:status], proof:status[:proof])
            else
-              raise RuntimeError, "Glassfish version '#{self.version}' not supported"
+              raise GlassfishError, "Glassfish version '#{self.version}' not supported"
             end
           rescue ::EOFError, Rex::ConnectionError, ::Timeout::Error
             result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)
diff --git a/modules/auxiliary/scanner/http/glassfish_login.rb b/modules/auxiliary/scanner/http/glassfish_login.rb
index 22a07601b0..fd9bdb198b 100644
--- a/modules/auxiliary/scanner/http/glassfish_login.rb
+++ b/modules/auxiliary/scanner/http/glassfish_login.rb
@@ -3,8 +3,6 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
-#load "~/rapid7/msf/lib/metasploit/framework/login_scanner/glassfish.rb"
-
 require 'msf/core'
 require 'metasploit/framework/login_scanner/glassfish'
 
@@ -150,10 +148,67 @@ class Metasploit3 < Msf::Auxiliary
     @scanner.ssl_version = datastore['SSLVERSION']
   end
 
+  def do_report(ip, port, result)
+    service_data = {
+      address: ip,
+      port: port,
+      service_name: 'http',
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
 
-  def bruteforce
+    credential_data = {
+      module_fullname: self.fullname,
+      origin_type: :service,
+      private_data: result.credential.private,
+      private_type: :password,
+      username: result.credential.public,
+    }.merge(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+      core: credential_core,
+      last_attempted_at: DateTime.now,
+      status: result.status
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+
+  def bruteforce(ip)
     @scanner.scan! do |result|
-      print_debug(result.inspect)
+      case result.status
+      when Metasploit::Model::Login::Status::SUCCESSFUL
+        print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}'"
+        do_report(ip, rport, result)
+        :next_user
+      when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
+        print_brute :level => :verror, :ip => ip, :msg => "Could not connect"
+        invalidate_login(
+            address: ip,
+            port: rport,
+            protocol: 'tcp',
+            public: result.credential.public,
+            private: result.credential.private,
+            realm_key: result.credential.realm_key,
+            realm_value: result.credential.realm,
+            status: result.status
+        )
+        :abort
+      when Metasploit::Model::Login::Status::INCORRECT
+        print_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"
+        invalidate_login(
+            address: ip,
+            port: rport,
+            protocol: 'tcp',
+            public: result.credential.public,
+            private: result.credential.private,
+            realm_key: result.credential.realm_key,
+            realm_value: result.credential.realm,
+            status: result.status
+        )
+      end
     end
   end
 
@@ -221,7 +276,11 @@ class Metasploit3 < Msf::Auxiliary
       try_glassfish_auth_bypass(version)
     end
 
-    bruteforce unless version.blank?
+    begin
+      bruteforce(ip) unless version.blank?
+    rescue ::Metasploit::Framework::LoginScanner::GlassfishError => e
+      print_error(e.message)
+    end
   end
 
 end