PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity

Address an false positive issue caused http-git interacting with HTTP servers that report 200 OK to all requests.

Browse Source
This commit is contained in:
tomsellers
2013-03-07 02:05:23 +00:00
parent 7a7bd78468
commit 6efffce8a9
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/http-git.nse
View File

@@ -91,10 +91,12 @@ function action(host, port)
root = "/" .. root
end
-- If we can't get /.git/HEAD, don't even bother continuing
-- If we can't get a valid /.git/HEAD, don't even bother continuing
-- We could try for /.git/, but we will not get a 200 if directory
-- listings are disallowed.
if http.get(host, port, root .. ".git/HEAD").status == STATUS_OK then
local resp = http.get(host, port, root .. ".git/HEAD")
local sha1_pattern = "^%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x"
if resp.status == STATUS_OK and ( resp.body:match("^ref: ") or resp.body:match(sha1_pattern) ) then
out = out or {}
local replies = {}
-- This function returns true if we got a 200 OK when