[NSE] http-git.nse - false positive

[Tom Sellers <nmap () fadedcode net>]

All,

  http-git.nse will generate false positives against any HTTP service that
returns status code 200 when '.git/HEAD' is requested.  There are quite a
few "broken" web services that will return 200 to any request.

The logic around line 97 should probably be reworked to match valid content
of the .git/HEAD file.  All of the copies of this file that I could find seem to
contain 'ref: refs/heads/master' but I don't know that this is representative
of what the file could contain.

Thoughts?

Thanks much,

Tom
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/