While troubleshooting a false negative detection of a webmin miniserv service, I noticed that the webmin.nasl script is likely unable to generate a correct report when run in conjunction with no404.nasl.
The issue is that no404.nasl specifically uses the MiniServ banner to mark that port as broken:
# WebMin's miniserv and CompaqDiag behave strangely
if( egrep( pattern:"^Server\s*:\s*MiniServ", string:banner, icase:TRUE ) ) {
reason = "The 'MiniServ' embedded server was found which is fragile when getting scanned. HTTP scanning will be disabled for this host.";
http_set_no404_string( port:port, host:host, string:"HTTP" );
http_set_is_marked_broken( port:port, host:host, reason:reason );
log_message( port:port, data:reason );
exit( 0 );
}
Once webmin.nasl runs, it calls http_get_ports without the ignore_broken option:
ports = http_get_ports(default_port_list: make_list(10000, 20000));
But checking http_func.inc shows that this means webmin.nasl will never see the webmin ports as active.
if( ! ignore_broken ) {
if( http_get_is_marked_broken( port:_port, host:host ) )
continue;
}