From 4564ed750313b96e5a1587dc9f7f44d7741c3c80 Mon Sep 17 00:00:00 2001
From: ron <ron@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 1 Sep 2009 19:23:17 +0000
Subject: [PATCH] Added '400' as a potential 404 page. Ran into this while
 scanning a Fortigate device.

---
 nselib/data/yokoso-fingerprints | 2 ++
 nselib/http.lua                 | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/nselib/data/yokoso-fingerprints b/nselib/data/yokoso-fingerprints
index d7ef2f188..9f2b7afe8 100644
--- a/nselib/data/yokoso-fingerprints
+++ b/nselib/data/yokoso-fingerprints
@@ -243,4 +243,6 @@
 # BeEF Browser Exploitation Framework
 /beef/images/beef.gif
 
+# Raritan Remote Client
+/rrc.htm
 
diff --git a/nselib/http.lua b/nselib/http.lua
index ab471167b..7a366b91f 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -1278,7 +1278,7 @@ end
 --        body is the cleaned-up body (or a hash of the cleaned-up body). 
 function identify_404(host, port)
 	local data
-	local bad_responses = { 301, 302, 401, 403, 499, 501 }
+	local bad_responses = { 301, 302, 400, 401, 403, 499, 501 }
 
 	-- The URLs used to check 404s
 	local URL_404_1 = '/nmaplowercheck' .. os.time(os.date('*t'))