Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: Fyodor <fyodor () insecure org>
Date: Thu, 12 Jun 2008 18:45:08 -0700
On Thu, Jun 12, 2008 at 05:07:27PM -0500, Kris Katterjohn wrote:
Along the lines of the NSE Default category, I have a new task of sort of redefining the NSE categories. This is a good time for any comments on the current category system to be discussed.
Hi Kris. I thinks you have some great ideas here. Particularly your main goals. I have comments on a few of your ideas:
I think "safe" and "intrusive" should be mutually-exclusive, together all-encompassing categories.
Sounds good. I'm a little concerned about the name "safe", since even scripts which should be completely safe can cause problems. Just like "safe sex". But the name is descriptive, and I can't think of anything better right now. So it may be fine. We may just need to be sure we note in the docs that people shouldn't consider them 100% safe. But that we do our best to only include low-risk scripts in the category.
I think "backdoor" should be merged into "malware". There's no point in having two basically synonymous categories.
Yeah. There is a slight risk that people will think that "malware" means scripts which are malicious, rather than scripts meant to detect malicious activity. But good documentation should help there.
I initially thought that the "discovery" category should be dropped. Is there an NSE script which isn't really discovering something? But Brandon pointed out that it could just be renamed, and that the name could convey something along the lines of "extra information". I can't really think of a good name for it, however.
Maybe. Though I don't mind the discovery name. I think it of scripts which discover general information about the network (e.g. smtp commands or whois information) rather than those which test for a specific vulnerability or try brute force login or the like.
How about a new "credential" (or "login") category? This can be used for NSE scripts which attempt a login, such as anonFTP, bruteTelnet, and HTTPAuth.
Or maybe authentication? Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 13)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Arturo 'Buanzo' Busleiman (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 14)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)