Nmap Development mailing list archives

Re: [RFC] NSE Re-categorization

From: Fyodor <fyodor () insecure org>
Date: Sat, 14 Jun 2008 19:14:02 -0700

On Sat, Jun 14, 2008 at 08:52:08PM -0500, Kris Katterjohn wrote:


That sounds good.  This brings us to:


Let's put a brief descrption next to each as well so we're clear on
what they meain.  Here is a quick draft:

Default - Scripts which Nmap should run by default when NSE is
          requested with -sC, -A, or --script without any arguments.

Version - Scripts for detecting service protocol and version
          information of applications listening on a port.  These are run as
          part of version detection (-sV) even when NSE is not specifically
          requested.

Safe - Scripts which are unlikely to crash or otherwise interfere with
       target systems.  These scripts don't try to exploit
       vulnerabilities, and even avoid behavior which might appear
       overtly malicious in target logs.  Of couse any communication
       with a remote system has some risk of crashing it or annoying
       the administrators.  The safe scripts are intended to reduce
       that risk, but can never remove it.

Intrusive - Scripts which cannot be classified in the "Safe" category
            because risks are too high that they will crash target
            systems, use up significant target system resources (such
            as bandwidth or CPU time), or be perceived as malicious by
            target system administrators.

Discovery - Scripts which discovery general information about a target
            system or service (such as HTML title, SMTP commands,
            system uptime, or whois contact information) rather than
            specific goals of other categories such as specific
            vulnerability detection (vuln).

Vuln - Scripts which look for and report presence of specific known
       vulnerabilities.  These scripts normally report nothing if the
       vulnerability is not present.

Malware - Scripts which detect known forms of malware such as Internet
          works, trojan horse applications, or listening port shells.
          These scripts are usually in the version category as well.

Auth - Scripts which attempt to determine authentication credentials,
       often through a brute force attack.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [RFC] NSE Re-categorization, (continued)
- Re: [RFC] NSE Re-categorization jah (Jun 12)
  - Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
    - Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
  - Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
    - Re: [RFC] NSE Re-categorization Tom Sellers (Jun 13)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
  - Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
    - Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
    - Re: [RFC] NSE Re-categorization Arturo 'Buanzo' Busleiman (Jun 14)
    - Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 14)
    - Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
    - Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
    - Re: [RFC] NSE Re-categorization Tom Sellers (Jun 18)
    - Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
    - Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
    - Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
    - Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
    - Re: [RFC] NSE Re-categorization jah (Jun 18)
    - Re: [RFC] NSE Re-categorization Fyodor (Jun 28)
- Re: [RFC] NSE Re-categorization - Vulnerability category Tom Sellers (Jun 13)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)