Nmap Development mailing list archives
[RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 12 Jun 2008 17:07:27 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, Along the lines of the NSE Default category, I have a new task of sort of redefining the NSE categories. This is a good time for any comments on the current category system to be discussed. This really involves adding and/or removing categories, and then placing scripts in the correct categories afterwards. I have had an initial discussion with Fyodor about this, and I've also talked with Brandon, who has already shaped some of my ideas below. So, some main points or goals for this are: 1) Categories should be practical, straightforward and useful. This means that there are good reasons for selecting or not selecting a specific category. 2) If there are common tasks where a separate category would be useful, that category should exist. 3) There should NOT be a whole bunch of categories. This would make it hard for script authors to deal with and will probably lead to scripts being in the wrong category, which defeats the whole purpose. Somewhere between 5-10 is probably best, maybe closer to 5. Unless there is a really good reason, I don't think the above list should change. My ideas below, however, are subject to change with discussion. I think "safe" and "intrusive" should be mutually-exclusive, together all-encompassing categories. All scripts should fit into one of these. That's not to say that every script should absolutely have one of these listed in its categories{}, but if a script doesn't fall into a more specific category, it will fit in here. If a script isn't safe, I think it's intrusive, and vice versa. This isn't really changing anything, but it may give a different viewpoint on these categories. I think "backdoor" should be merged into "malware". There's no point in having two basically synonymous categories. I initially thought that the "discovery" category should be dropped. Is there an NSE script which isn't really discovering something? But Brandon pointed out that it could just be renamed, and that the name could convey something along the lines of "extra information". I can't really think of a good name for it, however. How about a new "credential" (or "login") category? This can be used for NSE scripts which attempt a login, such as anonFTP, bruteTelnet, and HTTPAuth. So here would be the current list of categories: Default Version Safe Intrusive Vulnerability Malware Credential <renamed Discovery> The first two don't really count because "default" is more of a sub-category, and "version" is a necessity for some scripts. So not counting those, that gives us 6 categories, which is a good place to be. So, how am I doing? Do you have complaints about some of the current categories? Do you have any ideas for other new categories? For other ideas, you may want to check out Nessus' plugin list[1]. Thanks, Kris Katterjohn [1] http://nessus.org/plugins/index.php?view=all -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFGeHP9K37xXYl36AQLeIw/+O7As+5F6mo9N74gWEen17yp4IyGx1jN+ xCp02zaNdsHE0RWGfZyZTLxpkxUOpjAsVzNHFvSxhM6S3wOudHdTnXLATvDBBzZV nb8CANyRyIgRwfWh/paI84SCL8xnSpEqYmKVFMLkJJzY9iE3JEouEX5aODGnYAbU MhJZ811h7QI1tfaV75T1ESTCeiSJm6HybmLmYTSlgWFZCSeZZLQM4BcidNmKHV8g dIRFUdxIlnv4WzknEWheOh8VE5rDkBROUc9pEjtp3CMDnbNhWBo3iuAi+QTKW95u r9fskJmaTLjmYLm9GSrOL2NGtsN8Hsw10ZL+jhrFeOeVtmnNUqaJ4IzpG43/1quR i6U9pSa4Hm0FVNdn1K/q2oQ/vgmP8ZH1Losz2ZqVV3P4P75PeAeahSgIAhLCALBq vXzXqgS8eH/nYEmY8ttLUwlpusYYxdBOyas6f45Lvz5SiBBKj5eV8FOHLYr+tfCF 5FZ4UhfXl0XIVJOCe/VBo4ZazfOINAUbrjOf2R41U+YGiHD2Ux8uwBRqs1LXUMNN PlBnpy8sZx2F4cb94qDrC9D+bDj5P51by9talHKVlVcuDuL9NASzIk5qtpXk+bOg m2esSz//mn7yTAsMWJjaf5eUzMt4ohl6jsa1sm4y9RPoA+SQw3HR5oCjTst0X9g7 +TyMmJD/uyE= =LFQZ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 13)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Arturo 'Buanzo' Busleiman (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)