search

sullo / nikto

Nikto web server scanner
Other
8.6k stars 1.24k forks source link

false positive on composer #430

Closed digininja closed 7 years ago

digininja commented 7 years ago

Same as issue #429 

-----------------------------------------------------------------------
              Information
-----------------------------------------------------------------------
Test ID:    007094
OSVDB ID:   0
Message:    /composer.json: PHP Composer configuration file reveals configuration information - https://getcomposer.org/
Reason:     Content Match
-----------------------------------------------------------------------
              Request
-----------------------------------------------------------------------
GET /composer.json HTTP/1.1
User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007094)
Host: abc.com
Connection: Keep-Alive

-----------------------------------------------------------------------
              Response
-----------------------------------------------------------------------
HTTP/1.1 404 Not Found
-----------------------------------------------------------------------
              Information
-----------------------------------------------------------------------
Test ID:    007095
OSVDB ID:   0
Message:    /composer.lock: PHP Composer configuration file reveals configuration information - https://getcomposer.org/
Reason:     Content Match
-----------------------------------------------------------------------
              Request
-----------------------------------------------------------------------
GET /composer.lock HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007095)
Host: abc.com

-----------------------------------------------------------------------
              Response
-----------------------------------------------------------------------
HTTP/1.1 404 Not Found
-----------------------------------------------------------------------
              Information
-----------------------------------------------------------------------
Test ID:    007117
OSVDB ID:   0
Message:    /composer.json: Composer Dependency Manager for PHP information found. See https://getcomposer.org/.
Reason:     Content Match
-----------------------------------------------------------------------
              Request
-----------------------------------------------------------------------
GET /composer.json HTTP/1.1
Host: abc.com
User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:007117)
Connection: Keep-Alive

-----------------------------------------------------------------------
              Response
-----------------------------------------------------------------------
HTTP/1.1 404 Not Found
ghost commented 7 years ago

Not directly related but we should de-duplicate the doubled check for the /composer.{json,lock} to save a few requests.

digininja commented 7 years ago

I was thinking that as well