Join GitHub today
False positive: http-backup-finder #242
http-backup-finder.nse generates false positives if the target doesn't have the HEAD verb implemented.
If the HEAD verb isn't implemented ..
.. the code detects this as a valid response and adds it to the table.
I can think of three changes that might improve this:
I am about to commit a fix for this that will address three issues, each of which contributed to false positives: