Nmap Development mailing list archives
Re: [NSE] http-git.nse - false positive
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 05 Mar 2013 20:13:39 -0600
On 3/5/2013 3:38 PM, David Fifield wrote:
On Sat, Mar 02, 2013 at 09:46:03AM -0600, Tom Sellers wrote:http-git.nse will generate false positives against any HTTP service that returns status code 200 when '.git/HEAD' is requested. There are quite a few "broken" web services that will return 200 to any request. The logic around line 97 should probably be reworked to match valid content of the .git/HEAD file. All of the copies of this file that I could find seem to contain 'ref: refs/heads/master' but I don't know that this is representative of what the file could contain.I was able to get contents of the file looking like any of these, depending on what branch I have checked out: ref: refs/heads/master ref: refs/heads/tmp 5b050a66d39b746a7ddcc0a2fb6272b99eb0018c Here are some docs: http://git-scm.com/book/ch9-3.html#The-HEAD https://www.kernel.org/pub/software/scm/git/docs/git-symbolic-ref.html How about checking that the first line begins with "ref: " or else is a 160-bit hex string? Can you do it?
The attached patch has been tested against valid HEAD files (as specified above), non-hosting sites and sites that report 200 to everything. Tom
Attachment:
http-git.diff
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-git.nse - false positive Tom Sellers (Mar 02)
- Re: [NSE] http-git.nse - false positive David Fifield (Mar 05)
- Re: [NSE] http-git.nse - false positive Tom Sellers (Mar 05)
- Re: [NSE] http-git.nse - false positive David Fifield (Mar 05)
- Re: [NSE] http-git.nse - false positive Tom Sellers (Mar 05)
- Re: [NSE] http-git.nse - false positive David Fifield (Mar 05)