reduce false positives

pursuet · Oct 30, 2014 · b908546 · b908546
1 parent 98fd06d
commit b908546
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/program/plugins/nikto_sitefiles.plugin b/program/plugins/nikto_sitefiles.plugin
@@ -78,14 +78,16 @@ sub nikto_sitefiles {
         my ($res, $content, $error, $request, $response) =
           nfetch($mark, "/$file", "HEAD", "", "", "", "sitefiles");
 
-        if (($res == 200) && (!is_404("/$file", $content, $res, $response->{'location'}))) {
+        if (($res == 200) && (!is_404("/$file", $content, $res, $response->{'location'})) && 
+		($content !~ /<html/i) && ($response->{'content-type'} ne 'text/html')) {
             add_vulnerability($mark, "/$file: Potentially interesting archive/cert file found.", 740001, 0, "HEAD", "/$file", $request, $response);
         }
 
         # request by ip
         my ($res, $content, $error, $request, $response) =
           nfetch($mark, "/$file", "HEAD", "", "", \%flags, "sitefiles");
-        if (($res == 200) && (!is_404("/$file", $content, $res, $response->{'location'}))) {
+        if (($res == 200) && (!is_404("/$file", $content, $res, $response->{'location'})) && 
+		($content !~ /<html/i) && ($response->{'content-type'} ne 'text/html')) {
             add_vulnerability($mark, "/$file: Potentially interesting archive/cert file found. (NOTE: requested by IP address).", 740002, 0, "HEAD", "/file", $request, $response);
         }
     }