Nmap Development mailing list archives
Re: [RFC] Default NSE Scripts
From: Fyodor <fyodor () insecure org>
Date: Fri, 9 May 2008 22:01:43 -0700
On Sat, May 10, 2008 at 04:43:15AM +0000, Brandon Enright wrote:
Who knows if any of this crap would actually hold up in court. I really don't think any scripts in the default category though should also fall into the "askalayer" category. A user of Nmap takes responsibility for their actions into their own hands. Lets not have the proverbial gun pointing at their foot by default though, lets make them aim it there on their own.
I see your point, but I think that many/most scripts have the potential to annoy the sorts of people would would put out a public FTP server with anonymous access enabled, and then complain when people log in. Also, these scripts won't run with a deafult scan like "nmap <target>". Only if you specify scripting with an option such as -sC or -A. And anonFTP has run by default (if you're ask for scripting) since it was added in 2006 and I haven't heard any complaints about it being default. So this isn't a change in behavior. Maybe what we need to do is document better that -sC/-A are particularly intrusive and really shouldn't be run without permission of the target network. While I don't think I'd want exploits running by default with -sC, I'd like to have vulnerability checks included so that Nmap can tell you if it sees a gaping hole. And many admins don't like folks vuln-checking their servers without permission. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Default NSE Scripts Kris Katterjohn (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Brandon Enright (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Brandon Enright (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Fyodor (May 10)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Daniel Roethlisberger (May 12)
- Re: [RFC] Default NSE Scripts Arturo 'Buanzo' Busleiman (May 12)
- Re: [RFC] Default NSE Scripts Fyodor (May 12)
- Re: [RFC] Default NSE Scripts Fyodor (May 12)