Re: [RFC] Default NSE Scripts

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jah wrote:
> On 14/05/2008 17:06, Kris Katterjohn wrote:
> > I've committed the patch for this and added to Default.  Aside from
> > SMTPcommands being changed (which can wait and be moved over later), are
> > there any other outstanding issues with the current list below?
> >
> > What about dns-test-open-recusion as Jah mentioned?
> I did a little test and from 5000 hosts, 7 had udp 53 open and of those,
> 3 resulted in "Recursion seems enabled".  So, er, that's conclusive then.
> Of course, this means I got 4997 "Recursion not enabled" which gives a
> very poor signal to noise ratio!
> Perhaps it would be best to leave this one out.

I've removed the "Recursion not enabled" line from the script, and have
also removed it from Default list.  Sorry that one took so long :)

The new list is below.  Jason says he'll fix up the SMTPcommands script,
so that can be switched later.

Are there any issues or concerns at all with the following list?  If
not, I'll try to commit it this weekend.

Default:

* anonFTP
* finger
* ftpbounce
* HTTPAuth
* HTTP_open_proxy
* MSSQLm
* MySQLinfo
* nbstat
* RealVNC_auth_bypass
* robots
* rpcinfo
* showHTMLtitle
* showOwner
* SNMPsysdesr
* SSHv1-support
* SSLv2-support
* UPnP-info

Non-Default:

* bruteTelnet - Too intrusive and slow
* chargenTest - Obscure / "demo"
* daytimeTest - Obscure / "demo"
* dns-test-open-recursion - Should only be done if port is open
* echoTest - Obscure / "demo"
* HTTPpasswd - A bit too intrusive and probably not useful enough
* HTTPtrace - Not default material
* iax2Detect - "version"
* ircServerInfo - I don't think this is default material (but I'm also
not an IRC user)
* ircZombieTest - "malware"
* kibuvDetection - "malware"
* netbios-smb-os-detection - I want this to be default, but it's "version"
* PPTPversion - "version"
* promiscuous - I don't think it's useful enough
* ripeQuery - Abusive to RIPE
* showHTTPversion - Obscure / only category is ""
* showSMTPVersion - Obscure / "demo"
* showSSHVersion - Obscure / "demo"
* skype_v2-version - "version"
* SMTPcommands - Jason says he'll change it with nmap.verbosity()
* SMTP_openrelay_test - "demo" because of "real hostname" issue
* SQLInject - Obvious reasons  :)
* strangeSMTPport - Obscure / "backdoor"
* xamppDefaultPass - "vulnerability"
* zoneTrans - Just doesn't seem like default material IMO

> jah

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSC4EE/9K37xXYl36AQLP7Q//U0dAqUgbxHcj7bW1o/+CKQboCS0uSLll
7hZu+WtuB7MAn42SDkAdh8b68OGfKpjpc5fmLg1CAryGxQSEJr6kUps6VJomdQ00
7H3PlRyecQPnjn49DnZZSKxXN092wVlRTlSGQlnpWyTXPkiuyYluRlX4SIjnYRVR
NgrtIGM95ShO5ImRZ38JaVUqMXjbJD9i/jN1jMAsvYvRuqI+v/5sbhNFCazNS99/
9cQVVFwzkjLdc5mOUEwlqJSrJArSO/2ZBb7tyzPH22BKZdlE4Yate4wHcReMsB6N
WYRwdpQA4uTltDZdjZO4eLgkbwpK9DC3AXJsYC1Nk6ew4i1v8cSgSauHFfmWkbey
WlFO1UZh+FUiMdF7nm+Ifh1OXJo+AL9nEfziLKim102iS1qoQSZt2hkg0vZbhImZ
9raJ0XK+/PdvELozvEvEuGvoNBpgW7XJbbFffb1RLB7eI0+OAgI+smvSS/57zrj6
SyrBG/qUAZfFHMzi4ka/JKsp1PCYcQf0nSOayk+a0MH2bv4UK3Ul0BCb1Sk2pqrm
0x/0YZkpd/2u2KhAY/LOpQ7WsSuabYFpjdira5FQSfU+w3tWb7Ycsz3vTnqbcQNG
xUCswx5D5v1QfNrxth83EKKfBKBMJqGHil3TnjZNk/759OFNOmEcUJyzsDymC2v7
HV+2o1Rqgho=
=Pul9
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org