Nmap Development mailing list archives
[RFC] Default NSE Scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 09 May 2008 17:17:44 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, Instead of NSE running "safe" and "intrusive" scripts by default, I'm creating a "default" category for this purpose. This is important because there are some safe and intrusive scripts that you wouldn't want run by default (e.g. an obscure safe script or a slow intrusive script). My current list is below, but any suggestions are welcome. I'm starting on the code and docs now. Scripts run by default should pretty much satisfy these: 1) Quick 2) Generally Useful 3) Not too intrusive 4) Not in "version" category since those are run with -sV Default: * anonFTP * dns-test-open-recursion - Is this useful enough? * finger * ftpbounce * HTTPAuth - Is this too intrusive? * HTTP_open_proxy * MSSQLm * MySQLinfo * nbstat * ripeQuery * robots * rpcinfo * showHTMLtitle * showOwner * SMTPsysdesr * SSHv1-support Not Default: * bruteTelnet - Too intrusive and slow * chargenTest - Obscure / "demo" * daytimeTest - Obscure / "demo" * echoTest - Obscure / "demo" * HTTPpasswd - A bit too intrusive and probably not useful enough * HTTPtrace - Not default material * iax2Detect - "version" * ircServerInfo - I don't think this is default material (but I'm also not an IRC user) * ircZombieTest - "malware" * kibuvDetection - "malware" * mswindowsShell - "backdoor" * netbios-smb-os-detection - I want this to be default, but it's "version" * PPTPversion - "version" * promiscuous - I don't think it's useful enough * RealVNC_auth_bypass - "backdoor" * showHTTPversion - Obscure / only category is "" * showSMTPVersion - Obscure / "demo" * showSSHVersion - Obscure / "demo" * skype_v2-version - "version" * SMTPcommands - I want this to be default, but it usually has a lot of output * SMTP_openrelay_test - "demo" because of "real hostname" issue * SQLInject - Obvious reasons :) * SSLv2-support - Produces quite a bit of output, and doesn't seem useful enough for default * strangeSMTPport - Obscure / "backdoor" * xamppDefaultPass - "vulnerability" * zoneTrans - Just doesn't seem like default material IMO Any and all comments are appreciated, ranging from thinking the list is perfect to horrible :) Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSCTNhv9K37xXYl36AQJe/xAAkcp5UGRJcWtX/Wu74m7atw/JasHBEr0l XtSssXDmdtiE8RX6rN8iZixbfFyeG06jzLvn1lCWy2HmDFfy0GYLqv3z2E+feSVn jeEBBoGcAuaSKcCi44vid4dbQ4wcTT9b2A0KclxWIsRja6iIdIB/HqKoY4l+KJR7 ejCN+oVJLHFHBFXXvLFDVG8xLdudSSG/dX0tx7/MSqmbCwDKKfCZumU0klbQs5NE 4kPBeX6jHT4dI+6jrEPs+tj7VYnwzeMbo8eNZTQ0Jx7H62qYABSeYgEV3zNNazf3 O37yO2tXnHLJSjA1bdTtwde03x0W0qeOC03rT4sEhnuulkVSaPsMfc69H8SeMZcz Wd7za5jsFES6gciaAO1B4KX5y8XS1yo/0jNy+LwE7ZouEvXPVqoYPl+Sma7AyPXO rdKWJjxGso6Q6l7n1LA49QhYwfIyTXf1OiVXczu8gro85CxoW5T+8KGb/3prez1R gJ+f4a1VXi3sOp+ldYN4Txq5sHO1MuVSVuIYX05k+4/mr9dH6AX9RbZph1ayL04Z H98O1L+JoK/kbrJZZ9ZNfi6aea2bPJLsqgg90D3mSQBYLZWS36UG/5Ljwce9RSPl kGg/KTnmv6JLnZEqYJC22GVKoI9oaPUgUb0EkC3w28Fct7kyD+bfkdSfXrXhV14h bUItrQobKW8= =bKRR -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Default NSE Scripts Kris Katterjohn (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Brandon Enright (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Brandon Enright (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Fyodor (May 10)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)