Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 14:36:08 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, I wrote:
Along the lines of the NSE Default category, I have a new task of sort of redefining the NSE categories. This is a good time for any comments on the current category system to be discussed. This really involves adding and/or removing categories, and then placing scripts in the correct categories afterwards.
My preliminary list is below, containing all of the scripts and their
associated categories (a lot of them I didn't need to touch).
A general description of these categories is here[1].
I've also attached a simple patch to show what has actually been changed,
since the list below just shows the scripts' would-be current categories.
I have moved both SSHv1-support and SSLv2-support from Intrusive to Safe
because after reviewing them I don't think they pose any issue. They are both
run by default, anyway. If you feel this is wrong, please don't hesitate to
let me know.
anonFTP.nse:
{"default", "auth", "intrusive"}
bruteTelnet.nse:
{'auth', 'intrusive'}
chargenTest.nse:
{"demo"}
daytimeTest.nse:
{"demo"}
dns-test-open-recursion.nse:
{"default", "intrusive"}
echoTest.nse:
{"demo"}
finger.nse:
{"default", "discovery"}
ftpbounce.nse:
{"default", "intrusive"}
HTTPAuth.nse:
{"default", "auth", "intrusive"}
HTTP_open_proxy.nse:
{"default", "discovery", "intrusive"}
HTTPpasswd.nse:
{"intrusive", "vuln"}
HTTPtrace.nse:
{"discovery"}
iax2Detect.nse:
{"version"}
ircServerInfo.nse:
{"default", "discovery"}
ircZombieTest.nse:
{"malware"}
MSSQLm.nse:
{"default", "discovery", "intrusive"}
MySQLinfo.nse:
{ "default", "discovery", "safe" }
nbstat.nse:
{"default", "discovery", "safe"}
netbios-smb-os-discovery.nse:
{"version"}
PPTPversion.nse:
{"version"}
promiscuous.nse:
{"discovery"}
RealVNC_auth_bypass.nse:
{"default", "malware", "vuln"}
ripeQuery.nse:
{"discovery"}
robots.nse:
{"default", "safe"}
rpcinfo.nse:
{"default","safe","discovery"}
showHTMLTitle.nse:
{"default", "demo", "safe"}
showHTTPVersion.nse:
{"demo"}
showOwner.nse:
{"default", "safe"}
showSMTPVersion.nse:
{"demo"}
showSSHVersion.nse:
{"demo"}
skype_v2-version.nse:
{"version"}
SMTPcommands.nse:
{"default", "discovery", "safe"}
SMTP_openrelay_test.nse:
{"demo"}
SNMPsysdesr.nse:
{"default", "discovery", "safe"}
SQLInject.nse:
{"intrusive", "vuln"}
SSHv1-support.nse:
{"default", "safe"}
SSLv2-support.nse:
{"default", "safe"}
strangeSMTPport.nse:
{"malware"}
UPnP-info.nse:
{"default", "safe"}
xamppDefaultPass.nse:
{"auth", "vuln"}
zoneTrans.nse:
{'default', 'intrusive', 'discovery'}
Thanks,
Kris Katterjohn
[1] http://seclists.org/nmap-dev/2008/q2/0716.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSFljpv9K37xXYl36AQLciBAAhmJa26edlnlI+1Yf0AB7M4eVNrw+7rzg
5nw3h5+oSWgLD6PohTlFLuUrTGfr9ELj+PgK2KGPmwlJTrBsUULD+yADM7SIc/Hg
DiqWA27hacNTpH0V8CeUua5B09dIPWdkmXwuS7exlTlLBbwi/4OLAwVl/G7ObE6r
IBvSgne66H2aGdOJ5v1wmBuIDU9/WbHO2bHltA9qxo+iDe5pnz6cERVoXcTi1hdJ
LbsJpscruq8wi6bZ8a8rq1qycm1Hgwa5JAGIW0YZFDMdsKmtegZNdOhX5zj6jMSf
I6Ypao1c4jir4T4Ei/SuQj9zUoqum6t95AgiFfhfBPSf1SNATIg7TEO4Uc3kzLYW
ZuCtch00omJ3ds/43tMtvAe9qKlruFG4OwEjHtz2CGA1S9IVi694ot4lMCOtGMRH
0aPmAD9TjYSg2ti67U7PEMvMuAZ0Md6HSKYt+VyOuz0+5ciirFQ3dYptxESMpHCO
lFBGygK7/BtAQIm/GycrhuW1XX/I9y6G6/+RTu3jhEUpcB8e+R9gv4C5cx4zgF8C
6/fe1BQ3yQKiGTKT0t/ip9s620F0nZm/uMRJ4CwVJaW6TTijLsM7RZZCZrZypD7T
VXkV55lllBlN7dDMeZlgzV9YVF7DOBsPAW9eBKM5PjkypV4H0i0UlLBStTcDlp+j
pe5i7HgqWns=
=wqjV
-----END PGP SIGNATURE-----
Index: anonFTP.nse =================================================================== --- anonFTP.nse (revision 8328) +++ anonFTP.nse (working copy) @@ -6,7 +6,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"default", "intrusive"} +categories = {"default", "auth", "intrusive"} require "shortport" Index: bruteTelnet.nse =================================================================== --- bruteTelnet.nse (revision 8328) +++ bruteTelnet.nse (working copy) @@ -2,7 +2,7 @@ author = 'Eddie Bell <ejlbell () gmail com>' description='brute force telnet login credientials' license = 'Same as Nmap--See http://nmap.org/book/man-legal.html' -categories = {'vulnerability'} +categories = {'auth', 'intrusive'} require('shortport') require('stdnse') Index: HTTPAuth.nse =================================================================== --- HTTPAuth.nse (revision 8328) +++ HTTPAuth.nse (working copy) @@ -9,9 +9,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; --- uncomment the following line to enable safe category --- categories = {"safe"} -categories = {"default", "intrusive"} +categories = {"default", "auth", "intrusive"} require "shortport" require "http" Index: HTTP_open_proxy.nse =================================================================== --- HTTP_open_proxy.nse (revision 8328) +++ HTTP_open_proxy.nse (working copy) @@ -7,7 +7,7 @@ id="Open Proxy Test" description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: GWS/' header response." -categories = {"default", "intrusive"} +categories = {"default", "discovery", "intrusive"} require "comm" -- I found a nice explode() function in lua-users' wiki. I had to fix it, though. Index: HTTPpasswd.nse =================================================================== --- HTTPpasswd.nse (revision 8328) +++ HTTPpasswd.nse (working copy) @@ -16,7 +16,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"intrusive"} +categories = {"intrusive", "vuln"} require "shortport" require "http" Index: RealVNC_auth_bypass.nse =================================================================== --- RealVNC_auth_bypass.nse (revision 8328) +++ RealVNC_auth_bypass.nse (working copy) @@ -3,7 +3,7 @@ author = "Brandon Enright <bmenrigh () ucsd edu>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"default", "backdoor"} +categories = {"default", "malware", "vuln"} require "shortport" Index: showHTTPVersion.nse =================================================================== --- showHTTPVersion.nse (revision 8328) +++ showHTTPVersion.nse (working copy) @@ -10,7 +10,7 @@ -- add this script to "version" if you really want to execute it -- keep in mind you can (and should) only execute it with -sV -categories = {""} +categories = {"demo"} -- categories = {"version"} runlevel = 1.0 Index: SQLInject.nse =================================================================== --- SQLInject.nse (revision 8328) +++ SQLInject.nse (working copy) @@ -33,7 +33,7 @@ description = "spiders a http server looking for URLs containing queries \ and tries to determines if they are vulnerable to injection attack" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"vulnerability"} +categories = {"intrusive", "vuln"} runlevel = 1.0 -- Change this to increase depth of crawl Index: SSHv1-support.nse =================================================================== --- SSHv1-support.nse (revision 8328) +++ SSHv1-support.nse (working copy) @@ -2,7 +2,7 @@ description="Checks to see if SSH server supports SSH Protocol Version 1." author = "Brandon Enright <bmenrigh () ucsd edu>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"default", "intrusive"} +categories = {"default", "safe"} require "shortport" Index: SSLv2-support.nse =================================================================== --- SSLv2-support.nse (revision 8328) +++ SSLv2-support.nse (working copy) @@ -3,7 +3,7 @@ author = "Matt <mb2263 () bristol ac uk>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"default", "intrusive"} +categories = {"default", "safe"} require "shortport" Index: strangeSMTPport.nse =================================================================== --- strangeSMTPport.nse (revision 8328) +++ strangeSMTPport.nse (working copy) @@ -9,7 +9,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"backdoor"} +categories = {"malware"} portrule = function(host, port) if Index: xamppDefaultPass.nse =================================================================== --- xamppDefaultPass.nse (revision 8328) +++ xamppDefaultPass.nse (working copy) @@ -8,7 +8,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"; -categories = {"vulnerability"} +categories = {"auth", "vuln"} require "shortport"
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] NSE Re-categorization, (continued)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization DePriest, Jason R. (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization jah (Jun 18)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 28)