Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: Fyodor <fyodor () insecure org>
Date: Sat, 14 Jun 2008 19:14:02 -0700
On Sat, Jun 14, 2008 at 08:52:08PM -0500, Kris Katterjohn wrote:
That sounds good. This brings us to:
Let's put a brief descrption next to each as well so we're clear on what they meain. Here is a quick draft: Default - Scripts which Nmap should run by default when NSE is requested with -sC, -A, or --script without any arguments. Version - Scripts for detecting service protocol and version information of applications listening on a port. These are run as part of version detection (-sV) even when NSE is not specifically requested. Safe - Scripts which are unlikely to crash or otherwise interfere with target systems. These scripts don't try to exploit vulnerabilities, and even avoid behavior which might appear overtly malicious in target logs. Of couse any communication with a remote system has some risk of crashing it or annoying the administrators. The safe scripts are intended to reduce that risk, but can never remove it. Intrusive - Scripts which cannot be classified in the "Safe" category because risks are too high that they will crash target systems, use up significant target system resources (such as bandwidth or CPU time), or be perceived as malicious by target system administrators. Discovery - Scripts which discovery general information about a target system or service (such as HTML title, SMTP commands, system uptime, or whois contact information) rather than specific goals of other categories such as specific vulnerability detection (vuln). Vuln - Scripts which look for and report presence of specific known vulnerabilities. These scripts normally report nothing if the vulnerability is not present. Malware - Scripts which detect known forms of malware such as Internet works, trojan horse applications, or listening port shells. These scripts are usually in the version category as well. Auth - Scripts which attempt to determine authentication credentials, often through a brute force attack. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] NSE Re-categorization, (continued)
- Re: [RFC] NSE Re-categorization jah (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 13)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Arturo 'Buanzo' Busleiman (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 14)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization jah (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 28)
- Re: [RFC] NSE Re-categorization jah (Jun 12)