Nmap Development mailing list archives
Re: Safe and Intrusive Category confusion
From: David Fifield <david () bamsoftware com>
Date: Wed, 30 Sep 2009 20:53:50 -0600
On Mon, Sep 28, 2009 at 09:17:32PM -0700, Fyodor wrote:
On Sun, Sep 27, 2009 at 12:39:52PM -0600, David Fifield wrote:On Wed, Sep 23, 2009 at 03:28:11AM -0700, Fyodor wrote:Right now we have 20 scripts which aren't in "safe" or "intrusive". Does anyone want to go through this list (reading the nsedoc and/or script source) and add a short comment for each as to whether you think it should be "safe" or not (and why) and then send the commented list back to nmap-dev for discussion?I guess I will kick this off then. Anyone should feel free to send comments if you disagree or just want to further discuss certain scripts. I'm using the definition from http://nmap.org/book/nse-usage.html#nse-categories: Scripts which weren't designed to crash services, use large amounts of network bandwidth or other resources, or exploit security holes are categorized as safe. These are less likely to offend remote administrators, though (as with all other Nmap features) we cannot guarantee that they won't ever cause adverse reactions. Most of these perform general network discovery. Examples are ssh-hostkey (retrieves an SSH host key) and html-title (grabs the title from a web page). Here are my thoughts about each of the 20 scripts which currently aren't in either "safe" or "intrusive":
Here's a summary of your list, without the rationales: == Safe asn-query.nse auth-spoof.nse daytime.nse dhcp-discover.nse finger.nse http-favicon.nse http-headers.nse http-malware-host.nse http-trace.nse imap-capabilities.nse irc-info.nse pop3-capabilities.nse realvnc-auth-bypass.nse smtp-strangeport.nse == Not safe http-userdir-enum.nse sniffer-detect.nse == Version iax2-version.nse pptp-version.nse skypev2-version.nse == Demo smtp-open-relay.nse I with you on the special handling of the version scripts and smtp-open-relay.nse. I agree with the "not safe" ones too. There are a couple, as you said, under "Safe" that could go either way, but the list above looks good to me. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Safe and Intrusive Category confusion, (continued)
- Re: Safe and Intrusive Category confusion Ron (Sep 18)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 22)
- Re: Safe and Intrusive Category confusion Ron (Sep 22)
- Re: Safe and Intrusive Category confusion Kris Katterjohn (Sep 22)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 22)
- Re: Safe and Intrusive Category confusion Kris Katterjohn (Sep 22)
- Re: Safe and Intrusive Category confusion Fyodor (Sep 23)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 27)
- Re: Safe and Intrusive Category confusion Patrick Donnelly (Sep 28)
- Re: Safe and Intrusive Category confusion Fyodor (Sep 28)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 30)