Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: jah <jah () zadkiel plus com>
Date: Fri, 13 Jun 2008 01:07:10 +0100
On 12/06/2008 23:07, Kris Katterjohn wrote:
I think "safe" and "intrusive" should be mutually-exclusive, together all-encompassing categories. All scripts should fit into one of these. That's not to say that every script should absolutely have one of these listed in its categories{}, but if a script doesn't fall into a more specific category, it will fit in here. If a script isn't safe, I think it's intrusive, and vice versa. This isn't really changing anything, but it may give a different viewpoint on these categories.
The current definition of safe as per http://nmap.org/book/nse-usage.html#nse-categories is: "Scripts which weren't designed to crash services, use large amounts of network bandwidth or other resources, or exploit security holes..." The definition of intrusive: "These are not intended to crash or damage anything, but are more likely to leave suspicious logs or otherwise arouse sysadmin ire..." So I think that either intrusive should include scripts that are intended to crash services (all in the name of securing ones own network, of course) or perhaps there should be a category for "exploits" to include scripts that actively exploit vulnerabilities and could crash a service or cause an sysadmin alarm - even if the intention is merely to detect a vulnerability.
I think "backdoor" should be merged into "malware". There's no point in having two basically synonymous categories.
Aye to that.
I initially thought that the "discovery" category should be dropped. Is there an NSE script which isn't really discovering something? But Brandon pointed out that it could just be renamed, and that the name could convey something along the lines of "extra information". I can't really think of a good name for it, however.
Perhaps "Informational"?
How about a new "credential" (or "login") category? This can be used for NSE scripts which attempt a login, such as anonFTP, bruteTelnet, and HTTPAuth. So here would be the current list of categories: Default Version Safe Intrusive Vulnerability Malware Credential <renamed Discovery> The first two don't really count because "default" is more of a sub-category, and "version" is a necessity for some scripts. So not counting those, that gives us 6 categories, which is a good place to be. So, how am I doing? Do you have complaints about some of the current categories? Do you have any ideas for other new categories?
It looks good. Using Informational and adding Exploits, you even get a handy Mnemonic: VICED VIMS (from latin: Grasp with Vigour). _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 13)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Arturo 'Buanzo' Busleiman (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 14)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)