Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 14:36:08 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, I wrote:
Along the lines of the NSE Default category, I have a new task of sort of redefining the NSE categories. This is a good time for any comments on the current category system to be discussed. This really involves adding and/or removing categories, and then placing scripts in the correct categories afterwards.
My preliminary list is below, containing all of the scripts and their associated categories (a lot of them I didn't need to touch). A general description of these categories is here[1]. I've also attached a simple patch to show what has actually been changed, since the list below just shows the scripts' would-be current categories. I have moved both SSHv1-support and SSLv2-support from Intrusive to Safe because after reviewing them I don't think they pose any issue. They are both run by default, anyway. If you feel this is wrong, please don't hesitate to let me know. anonFTP.nse: {"default", "auth", "intrusive"} bruteTelnet.nse: {'auth', 'intrusive'} chargenTest.nse: {"demo"} daytimeTest.nse: {"demo"} dns-test-open-recursion.nse: {"default", "intrusive"} echoTest.nse: {"demo"} finger.nse: {"default", "discovery"} ftpbounce.nse: {"default", "intrusive"} HTTPAuth.nse: {"default", "auth", "intrusive"} HTTP_open_proxy.nse: {"default", "discovery", "intrusive"} HTTPpasswd.nse: {"intrusive", "vuln"} HTTPtrace.nse: {"discovery"} iax2Detect.nse: {"version"} ircServerInfo.nse: {"default", "discovery"} ircZombieTest.nse: {"malware"} MSSQLm.nse: {"default", "discovery", "intrusive"} MySQLinfo.nse: { "default", "discovery", "safe" } nbstat.nse: {"default", "discovery", "safe"} netbios-smb-os-discovery.nse: {"version"} PPTPversion.nse: {"version"} promiscuous.nse: {"discovery"} RealVNC_auth_bypass.nse: {"default", "malware", "vuln"} ripeQuery.nse: {"discovery"} robots.nse: {"default", "safe"} rpcinfo.nse: {"default","safe","discovery"} showHTMLTitle.nse: {"default", "demo", "safe"} showHTTPVersion.nse: {"demo"} showOwner.nse: {"default", "safe"} showSMTPVersion.nse: {"demo"} showSSHVersion.nse: {"demo"} skype_v2-version.nse: {"version"} SMTPcommands.nse: {"default", "discovery", "safe"} SMTP_openrelay_test.nse: {"demo"} SNMPsysdesr.nse: {"default", "discovery", "safe"} SQLInject.nse: {"intrusive", "vuln"} SSHv1-support.nse: {"default", "safe"} SSLv2-support.nse: {"default", "safe"} strangeSMTPport.nse: {"malware"} UPnP-info.nse: {"default", "safe"} xamppDefaultPass.nse: {"auth", "vuln"} zoneTrans.nse: {'default', 'intrusive', 'discovery'} Thanks, Kris Katterjohn [1] http://seclists.org/nmap-dev/2008/q2/0716.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFljpv9K37xXYl36AQLciBAAhmJa26edlnlI+1Yf0AB7M4eVNrw+7rzg 5nw3h5+oSWgLD6PohTlFLuUrTGfr9ELj+PgK2KGPmwlJTrBsUULD+yADM7SIc/Hg DiqWA27hacNTpH0V8CeUua5B09dIPWdkmXwuS7exlTlLBbwi/4OLAwVl/G7ObE6r IBvSgne66H2aGdOJ5v1wmBuIDU9/WbHO2bHltA9qxo+iDe5pnz6cERVoXcTi1hdJ LbsJpscruq8wi6bZ8a8rq1qycm1Hgwa5JAGIW0YZFDMdsKmtegZNdOhX5zj6jMSf I6Ypao1c4jir4T4Ei/SuQj9zUoqum6t95AgiFfhfBPSf1SNATIg7TEO4Uc3kzLYW ZuCtch00omJ3ds/43tMtvAe9qKlruFG4OwEjHtz2CGA1S9IVi694ot4lMCOtGMRH 0aPmAD9TjYSg2ti67U7PEMvMuAZ0Md6HSKYt+VyOuz0+5ciirFQ3dYptxESMpHCO lFBGygK7/BtAQIm/GycrhuW1XX/I9y6G6/+RTu3jhEUpcB8e+R9gv4C5cx4zgF8C 6/fe1BQ3yQKiGTKT0t/ip9s620F0nZm/uMRJ4CwVJaW6TTijLsM7RZZCZrZypD7T VXkV55lllBlN7dDMeZlgzV9YVF7DOBsPAW9eBKM5PjkypV4H0i0UlLBStTcDlp+j pe5i7HgqWns= =wqjV -----END PGP SIGNATURE-----
Index: anonFTP.nse =================================================================== --- anonFTP.nse (revision 8328) +++ anonFTP.nse (working copy) @@ -6,7 +6,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"default", "intrusive"} +categories = {"default", "auth", "intrusive"} require "shortport" Index: bruteTelnet.nse =================================================================== --- bruteTelnet.nse (revision 8328) +++ bruteTelnet.nse (working copy) @@ -2,7 +2,7 @@ author = 'Eddie Bell <ejlbell () gmail com>' description='brute force telnet login credientials' license = 'Same as Nmap--See http://nmap.org/book/man-legal.html' -categories = {'vulnerability'} +categories = {'auth', 'intrusive'} require('shortport') require('stdnse') Index: HTTPAuth.nse =================================================================== --- HTTPAuth.nse (revision 8328) +++ HTTPAuth.nse (working copy) @@ -9,9 +9,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" --- uncomment the following line to enable safe category --- categories = {"safe"} -categories = {"default", "intrusive"} +categories = {"default", "auth", "intrusive"} require "shortport" require "http" Index: HTTP_open_proxy.nse =================================================================== --- HTTP_open_proxy.nse (revision 8328) +++ HTTP_open_proxy.nse (working copy) @@ -7,7 +7,7 @@ id="Open Proxy Test" description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: GWS/' header response." -categories = {"default", "intrusive"} +categories = {"default", "discovery", "intrusive"} require "comm" -- I found a nice explode() function in lua-users' wiki. I had to fix it, though. Index: HTTPpasswd.nse =================================================================== --- HTTPpasswd.nse (revision 8328) +++ HTTPpasswd.nse (working copy) @@ -16,7 +16,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"intrusive"} +categories = {"intrusive", "vuln"} require "shortport" require "http" Index: RealVNC_auth_bypass.nse =================================================================== --- RealVNC_auth_bypass.nse (revision 8328) +++ RealVNC_auth_bypass.nse (working copy) @@ -3,7 +3,7 @@ author = "Brandon Enright <bmenrigh () ucsd edu>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"default", "backdoor"} +categories = {"default", "malware", "vuln"} require "shortport" Index: showHTTPVersion.nse =================================================================== --- showHTTPVersion.nse (revision 8328) +++ showHTTPVersion.nse (working copy) @@ -10,7 +10,7 @@ -- add this script to "version" if you really want to execute it -- keep in mind you can (and should) only execute it with -sV -categories = {""} +categories = {"demo"} -- categories = {"version"} runlevel = 1.0 Index: SQLInject.nse =================================================================== --- SQLInject.nse (revision 8328) +++ SQLInject.nse (working copy) @@ -33,7 +33,7 @@ description = "spiders a http server looking for URLs containing queries \ and tries to determines if they are vulnerable to injection attack" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"vulnerability"} +categories = {"intrusive", "vuln"} runlevel = 1.0 -- Change this to increase depth of crawl Index: SSHv1-support.nse =================================================================== --- SSHv1-support.nse (revision 8328) +++ SSHv1-support.nse (working copy) @@ -2,7 +2,7 @@ description="Checks to see if SSH server supports SSH Protocol Version 1." author = "Brandon Enright <bmenrigh () ucsd edu>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"default", "intrusive"} +categories = {"default", "safe"} require "shortport" Index: SSLv2-support.nse =================================================================== --- SSLv2-support.nse (revision 8328) +++ SSLv2-support.nse (working copy) @@ -3,7 +3,7 @@ author = "Matt <mb2263 () bristol ac uk>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"default", "intrusive"} +categories = {"default", "safe"} require "shortport" Index: strangeSMTPport.nse =================================================================== --- strangeSMTPport.nse (revision 8328) +++ strangeSMTPport.nse (working copy) @@ -9,7 +9,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"backdoor"} +categories = {"malware"} portrule = function(host, port) if Index: xamppDefaultPass.nse =================================================================== --- xamppDefaultPass.nse (revision 8328) +++ xamppDefaultPass.nse (working copy) @@ -8,7 +8,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"vulnerability"} +categories = {"auth", "vuln"} require "shortport"
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] NSE Re-categorization, (continued)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization jah (Jun 18)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 28)