http-backup-finder.nse generates false positives if the target doesn't have the HEAD verb implemented.
local response = http.head(host, port, escaped_link)
if http.page_exists(response, res404, known404, escaped_link, true) then
if ( not(parsed.port) ) then
If the HEAD verb isn't implemented ..
HTTP: Page didn't match the 404 response (501 Not Implemented) (/cgi-bin/dynamic/printer/style_dell.css.~1~)
.. the code detects this as a valid response and adds it to the table.
I can think of three changes that might improve this:
I think option 2 is best. There's a function that can help with this, http.can_use_head.
I am about to commit a fix for this that will address three issues, each of which contributed to false positives:
NSE: http-backup-finder.nse Address 3 sources of false positives. Clo…