[RFC] Default NSE Scripts

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

Instead of NSE running "safe" and "intrusive" scripts by default, I'm
creating a "default" category for this purpose.  This is important
because there are some safe and intrusive scripts that you wouldn't want
run by default (e.g. an obscure safe script or a slow intrusive script).

My current list is below, but any suggestions are welcome.  I'm starting
on the code and docs now.

Scripts run by default should pretty much satisfy these:

1) Quick
2) Generally Useful
3) Not too intrusive
4) Not in "version" category since those are run with -sV


Default:

* anonFTP
* dns-test-open-recursion - Is this useful enough?
* finger
* ftpbounce
* HTTPAuth - Is this too intrusive?
* HTTP_open_proxy
* MSSQLm
* MySQLinfo
* nbstat
* ripeQuery
* robots
* rpcinfo
* showHTMLtitle
* showOwner
* SMTPsysdesr
* SSHv1-support

Not Default:

* bruteTelnet - Too intrusive and slow
* chargenTest - Obscure / "demo"
* daytimeTest - Obscure / "demo"
* echoTest - Obscure / "demo"
* HTTPpasswd - A bit too intrusive and probably not useful enough
* HTTPtrace - Not default material
* iax2Detect - "version"
* ircServerInfo - I don't think this is default material (but I'm also
not an IRC user)
* ircZombieTest - "malware"
* kibuvDetection - "malware"
* mswindowsShell - "backdoor"
* netbios-smb-os-detection - I want this to be default, but it's "version"
* PPTPversion - "version"
* promiscuous - I don't think it's useful enough
* RealVNC_auth_bypass - "backdoor"
* showHTTPversion - Obscure / only category is ""
* showSMTPVersion - Obscure / "demo"
* showSSHVersion - Obscure / "demo"
* skype_v2-version - "version"
* SMTPcommands - I want this to be default, but it usually has a lot of
output
* SMTP_openrelay_test - "demo" because of "real hostname" issue
* SQLInject - Obvious reasons :)
* SSLv2-support - Produces quite a bit of output, and doesn't seem
useful enough for default
* strangeSMTPport - Obscure / "backdoor"
* xamppDefaultPass - "vulnerability"
* zoneTrans - Just doesn't seem like default material IMO


Any and all comments are appreciated, ranging from thinking the list is
perfect to horrible :)

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSCTNhv9K37xXYl36AQJe/xAAkcp5UGRJcWtX/Wu74m7atw/JasHBEr0l
XtSssXDmdtiE8RX6rN8iZixbfFyeG06jzLvn1lCWy2HmDFfy0GYLqv3z2E+feSVn
jeEBBoGcAuaSKcCi44vid4dbQ4wcTT9b2A0KclxWIsRja6iIdIB/HqKoY4l+KJR7
ejCN+oVJLHFHBFXXvLFDVG8xLdudSSG/dX0tx7/MSqmbCwDKKfCZumU0klbQs5NE
4kPBeX6jHT4dI+6jrEPs+tj7VYnwzeMbo8eNZTQ0Jx7H62qYABSeYgEV3zNNazf3
O37yO2tXnHLJSjA1bdTtwde03x0W0qeOC03rT4sEhnuulkVSaPsMfc69H8SeMZcz
Wd7za5jsFES6gciaAO1B4KX5y8XS1yo/0jNy+LwE7ZouEvXPVqoYPl+Sma7AyPXO
rdKWJjxGso6Q6l7n1LA49QhYwfIyTXf1OiVXczu8gro85CxoW5T+8KGb/3prez1R
gJ+f4a1VXi3sOp+ldYN4Txq5sHO1MuVSVuIYX05k+4/mr9dH6AX9RbZph1ayL04Z
H98O1L+JoK/kbrJZZ9ZNfi6aea2bPJLsqgg90D3mSQBYLZWS36UG/5Ljwce9RSPl
kGg/KTnmv6JLnZEqYJC22GVKoI9oaPUgUb0EkC3w28Fct7kyD+bfkdSfXrXhV14h
bUItrQobKW8=
=bKRR
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org