"external" script category

[David Fifield <david () bamsoftware com>]

On Fri, Sep 05, 2008 at 01:01:51PM -0700, Fyodor wrote:
> > How about "external" for a category name?
>
> Sounds good to me!  I also think each "external" script should include
> at least a line describing what it does (query live.com, query
> dns-oarc.net, etc.) in its description.  After all, there are several
> good reasons people might be wary of running "external" scripts:
>
> o Connectivity -- If you're running a scan on an internal network, you
>   might not have direct access to these Internet hosts.
> o Privacy -- if they're worried about the 3rd party (or someone
>   sniffing along the way) collecting the data.

I created the "external" category and moved some scripts into it. I'm
including the criteria I chose for what scripts are external, as well as
the description of what external activities each script does, so you all
can comment on my decisions.

Here is the description of the "external" category from scripting.xml:

        Scripts in this category may send data to a third-party database
        or other network resource. An example of this is whois.nse,
        which makes a connection to a whois server to learn about the
        address of the target. There is always the possibility that the
        operators of the third-party database will record anything you
        send to them, which in many cases will include your IP address
        and the address of the target. Most scripts involve traffic
        strictly between the scanning computer and the client; any that
        do not are placed in this category.

Here are the six scripts I put in the category, along with the pertinent
part of the description of each:

ASN.nse
Be aware that any targets against which this script is run will be sent to and
potentially recorded by one or more DNS servers and Team Cymru. In addition
your IP address will be sent along with the ASN to a DNS server (your default
DNS server, or whichever you specified with the dns script argument).

dns-safe-recursion-port.nse
Be aware that any targets against which this script is run will be sent to and
potentially recorded by one or more DNS servers and the porttest server. In
addition your IP address will be sent along with the porttest query to the DNS
server running on the target.

dns-safe-recursion-txid.nse
Be aware that any targets against which this script is run will be sent to and
potentially recorded by one or more DNS servers and the txidtest server. In
addition your IP address will be sent along with the txidtest query to the DNS
server running on the target.

HTTP_open_proxy.nse
If the target is an open proxy, this script will cause the target to retrieve a
web page from www.google.com.

ripeQuery.nse
This script uses an external database. Your IP address and the IP address of
the target will be sent to whois.ripe.net.

whois.nse
In using this script your IP address will be sent to iana.org. Additionally
your address and the address of the target of the scan will be sent to one of
the RIRs.

Are there any inaccuracies? Any scripts I forgot to include? I'm not an
expert at these scripts so I had to figure out what they do by reading
through them.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org