Nmap Development mailing list archives
[NSE] http-git.nse - false positive
From: Tom Sellers <nmap () fadedcode net>
Date: Sat, 02 Mar 2013 09:46:03 -0600
All, http-git.nse will generate false positives against any HTTP service that returns status code 200 when '.git/HEAD' is requested. There are quite a few "broken" web services that will return 200 to any request. The logic around line 97 should probably be reworked to match valid content of the .git/HEAD file. All of the copies of this file that I could find seem to contain 'ref: refs/heads/master' but I don't know that this is representative of what the file could contain. Thoughts? Thanks much, Tom _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-git.nse - false positive Tom Sellers (Mar 02)
- Re: [NSE] http-git.nse - false positive David Fifield (Mar 05)
- Re: [NSE] http-git.nse - false positive Tom Sellers (Mar 05)
- Re: [NSE] http-git.nse - false positive David Fifield (Mar 05)
- Re: [NSE] http-git.nse - false positive Tom Sellers (Mar 05)
- Re: [NSE] http-git.nse - false positive David Fifield (Mar 05)