Nmap Development mailing list archives
Re: Adding "dangerous" checks?
From: Ron <ron () skullsecurity net>
Date: Mon, 03 Nov 2008 17:50:17 -0600
Michael Pattrick wrote:
I cant comment on the legallity, but from [0]:intrusive These are scripts that cannot be classified in the safe category because the risks are too high that they will crash the target system, use up significant resources on the target host (such as bandwidth or CPU time), or otherwise be perceived as malicious by the target's system administrators....vuln These scripts check for specific known vulnerabilities and generally only report results if they are found.Since these categories pretty much state that they will cause damage to the target, I think it is ok to create a script that crashes a host as long as it is labeled properly. Cheers, Michael [0] http://nmap.org/book/nse-usage.html#nse-categories
You're right, it's reasonable in that sense. On the other hand, if somebody is going to run something that has a reasonable (>10%? >5%?) chance of crashing a system hard, there should be a little more warning. For example, dangerous checks won't run unless they specify a special parameter enabling them (--scripts-args=unsafe=true). Or do you guys think doing that's redundant with the safe/intrusive categories? Legally, I'm not really worried. People can use whatever I write for good or for bad, that's their call. I'm more worried about people accidentally breaking stuff. Ron -- Ron Bowes http://www.skullsecurity.org/ http://www.javaop.com/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Richard Sammet (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Michael Pattrick (Nov 03)
- Re: Adding "dangerous" checks? Brandon Enright (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Kris Katterjohn (Nov 03)
- Re: Adding "dangerous" checks? Fyodor (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Richard Sammet (Nov 03)