[RFC] NSE Re-categorization

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

Along the lines of the NSE Default category, I have a new task of sort of
redefining the NSE categories.  This is a good time for any comments on the
current category system to be discussed.

This really involves adding and/or removing categories, and then placing
scripts in the correct categories afterwards.

I have had an initial discussion with Fyodor about this, and I've also talked
with Brandon, who has already shaped some of my ideas below.

So, some main points or goals for this are:

1) Categories should be practical, straightforward and useful.  This means
that there are good reasons for selecting or not selecting a specific category.

2) If there are common tasks where a separate category would be useful, that
category should exist.

3) There should NOT be a whole bunch of categories.  This would make it hard
for script authors to deal with and will probably lead to scripts being in the
wrong category, which defeats the whole purpose.  Somewhere between 5-10 is
probably best, maybe closer to 5.

Unless there is a really good reason, I don't think the above list should
change.  My ideas below, however, are subject to change with discussion.

I think "safe" and "intrusive" should be mutually-exclusive, together
all-encompassing categories.  All scripts should fit into one of these.
That's not to say that every script should absolutely have one of these listed
in its categories{}, but if a script doesn't fall into a more specific
category, it will fit in here.  If a script isn't safe, I think it's
intrusive, and vice versa.  This isn't really changing anything, but it may
give a different viewpoint on these categories.

I think "backdoor" should be merged into "malware".  There's no point in
having two basically synonymous categories.

I initially thought that the "discovery" category should be dropped.  Is there
an NSE script which isn't really discovering something?  But Brandon pointed
out that it could just be renamed, and that the name could convey something
along the lines of "extra information".  I can't really think of a good name
for it, however.

How about a new "credential" (or "login") category?  This can be used for NSE
scripts which attempt a login, such as anonFTP, bruteTelnet, and HTTPAuth.

So here would be the current list of categories:

Default
Version
Safe
Intrusive
Vulnerability
Malware
Credential
<renamed Discovery>

The first two don't really count because "default" is more of a sub-category,
and "version" is a necessity for some scripts.  So not counting those, that
gives us 6 categories, which is a good place to be.

So, how am I doing?  Do you have complaints about some of the current
categories?  Do you have any ideas for other new categories?

For other ideas, you may want to check out Nessus' plugin list[1].

Thanks,
Kris Katterjohn

[1] http://nessus.org/plugins/index.php?view=all

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFGeHP9K37xXYl36AQLeIw/+O7As+5F6mo9N74gWEen17yp4IyGx1jN+
xCp02zaNdsHE0RWGfZyZTLxpkxUOpjAsVzNHFvSxhM6S3wOudHdTnXLATvDBBzZV
nb8CANyRyIgRwfWh/paI84SCL8xnSpEqYmKVFMLkJJzY9iE3JEouEX5aODGnYAbU
MhJZ811h7QI1tfaV75T1ESTCeiSJm6HybmLmYTSlgWFZCSeZZLQM4BcidNmKHV8g
dIRFUdxIlnv4WzknEWheOh8VE5rDkBROUc9pEjtp3CMDnbNhWBo3iuAi+QTKW95u
r9fskJmaTLjmYLm9GSrOL2NGtsN8Hsw10ZL+jhrFeOeVtmnNUqaJ4IzpG43/1quR
i6U9pSa4Hm0FVNdn1K/q2oQ/vgmP8ZH1Losz2ZqVV3P4P75PeAeahSgIAhLCALBq
vXzXqgS8eH/nYEmY8ttLUwlpusYYxdBOyas6f45Lvz5SiBBKj5eV8FOHLYr+tfCF
5FZ4UhfXl0XIVJOCe/VBo4ZazfOINAUbrjOf2R41U+YGiHD2Ux8uwBRqs1LXUMNN
PlBnpy8sZx2F4cb94qDrC9D+bDj5P51by9talHKVlVcuDuL9NASzIk5qtpXk+bOg
m2esSz//mn7yTAsMWJjaf5eUzMt4ohl6jsa1sm4y9RPoA+SQw3HR5oCjTst0X9g7
+TyMmJD/uyE=
=LFQZ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org