Re: [RFC] NSE Re-categorization

["DePriest, Jason R." <jrdepriest () gmail com>]

On Sun, Jun 29, 2008 at 4:44 AM, Fyodor <> wrote:
> On Wed, Jun 18, 2008 at 11:03:30PM +0100, DePriest, Jason R. wrote:
> > They should be either "discovery" and relatively benign or "intrusive"
> > and used with intent.
> >
> > Explain the logic between having a script in both categories.  Maybe I
> > just don't "get it."
>
> Well, there are currently three scripts in both "discovery" and
> "intrusive" categories:
>
> HTTP_open_proxy.nse:categories = {"default", "discovery", "intrusive"}
> MSSQLm.nse:categories = {"default", "discovery", "intrusive"}
> zoneTrans.nse:categories = {'default', 'intrusive', 'discovery'}
>
> What do you think would be a better way to categorize them?
>
> Cheers,
> -F

MSSQLm.nse actually tries to login to the SQL server using 'sa' and a
blank password.  That *part* of the script is intrusive.  The rest of
it is discovery and is very useful for version detection.  Break it in
to two scripts maybe?

HTTP_open_proxy.nse could probably be just discovery.  It sends a
single request that is a normal looking, non-malformed request.

I don't know enough about DNS to read through zoneTrans.  Since zone
transfers are a popular recon technique, if that is actually what the
script does, perform a full zone transfer, it is definitely intrusive.
 It it just determines whether or not a zone transfer is possible but
doesn't actually do it, it would be discovery.

These are just my opinions and I'd be eager to hear what others think.

-Jason

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org