Nmap Development mailing list archives
"external" script category
From: David Fifield <david () bamsoftware com>
Date: Tue, 9 Sep 2008 11:22:32 -0600
On Fri, Sep 05, 2008 at 01:01:51PM -0700, Fyodor wrote:
How about "external" for a category name?Sounds good to me! I also think each "external" script should include at least a line describing what it does (query live.com, query dns-oarc.net, etc.) in its description. After all, there are several good reasons people might be wary of running "external" scripts: o Connectivity -- If you're running a scan on an internal network, you might not have direct access to these Internet hosts. o Privacy -- if they're worried about the 3rd party (or someone sniffing along the way) collecting the data.
I created the "external" category and moved some scripts into it. I'm including the criteria I chose for what scripts are external, as well as the description of what external activities each script does, so you all can comment on my decisions. Here is the description of the "external" category from scripting.xml: Scripts in this category may send data to a third-party database or other network resource. An example of this is whois.nse, which makes a connection to a whois server to learn about the address of the target. There is always the possibility that the operators of the third-party database will record anything you send to them, which in many cases will include your IP address and the address of the target. Most scripts involve traffic strictly between the scanning computer and the client; any that do not are placed in this category. Here are the six scripts I put in the category, along with the pertinent part of the description of each: ASN.nse Be aware that any targets against which this script is run will be sent to and potentially recorded by one or more DNS servers and Team Cymru. In addition your IP address will be sent along with the ASN to a DNS server (your default DNS server, or whichever you specified with the dns script argument). dns-safe-recursion-port.nse Be aware that any targets against which this script is run will be sent to and potentially recorded by one or more DNS servers and the porttest server. In addition your IP address will be sent along with the porttest query to the DNS server running on the target. dns-safe-recursion-txid.nse Be aware that any targets against which this script is run will be sent to and potentially recorded by one or more DNS servers and the txidtest server. In addition your IP address will be sent along with the txidtest query to the DNS server running on the target. HTTP_open_proxy.nse If the target is an open proxy, this script will cause the target to retrieve a web page from www.google.com. ripeQuery.nse This script uses an external database. Your IP address and the IP address of the target will be sent to whois.ripe.net. whois.nse In using this script your IP address will be sent to iana.org. Additionally your address and the address of the target of the scan will be sent to one of the RIRs. Are there any inaccuracies? Any scripts I forgot to include? I'm not an expert at these scripts so I had to figure out what they do by reading through them. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE script] vhosts on the same ip, (continued)
- Re: [NSE script] vhosts on the same ip jah (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues eldraco (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues Arturo 'Buanzo' Busleiman (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues jah (Aug 25)
- Re: [NSE script] vhosts on the same ip : copyright issues eldraco (Aug 25)
- Re: [NSE script] vhosts on the same ip Fyodor (Sep 02)
- Re: [NSE script] vhosts on the same ip David Fifield (Sep 05)
- Re: [NSE script] vhosts on the same ip Kris Katterjohn (Sep 05)
- Re: [NSE script] vhosts on the same ip jah (Sep 05)
- Re: [NSE script] vhosts on the same ip Arturo 'Buanzo' Busleiman (Sep 05)
- Re: [NSE script] vhosts on the same ip David Fifield (Sep 05)
- Re: [NSE script] vhosts on the same ip Fyodor (Sep 05)
- "external" script category David Fifield (Sep 09)
- Re: [NSE script] vhosts on the same ip jah (Aug 25)