Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Wed, 2 Jul 2008 21:41:09 +0100
On Sun, Jun 29, 2008 at 4:44 AM, Fyodor <> wrote:
On Wed, Jun 18, 2008 at 11:03:30PM +0100, DePriest, Jason R. wrote:They should be either "discovery" and relatively benign or "intrusive" and used with intent. Explain the logic between having a script in both categories. Maybe I just don't "get it."Well, there are currently three scripts in both "discovery" and "intrusive" categories: HTTP_open_proxy.nse:categories = {"default", "discovery", "intrusive"} MSSQLm.nse:categories = {"default", "discovery", "intrusive"} zoneTrans.nse:categories = {'default', 'intrusive', 'discovery'} What do you think would be a better way to categorize them? Cheers, -F
MSSQLm.nse actually tries to login to the SQL server using 'sa' and a blank password. That *part* of the script is intrusive. The rest of it is discovery and is very useful for version detection. Break it in to two scripts maybe? HTTP_open_proxy.nse could probably be just discovery. It sends a single request that is a normal looking, non-malformed request. I don't know enough about DNS to read through zoneTrans. Since zone transfers are a popular recon technique, if that is actually what the script does, perform a full zone transfer, it is definitely intrusive. It it just determines whether or not a zone transfer is possible but doesn't actually do it, it would be discovery. These are just my opinions and I'd be eager to hear what others think. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jul 02)