Re: Safe and Intrusive Category confusion

[Fyodor <fyodor () insecure org>]

On Tue, Sep 22, 2009 at 07:12:30PM -0600, David Fifield wrote:
> If this is the case, what do you think about deprecating intrusive and
> using "not safe" instead?

That sounds good to me.  I like keeping "safe" and removing
"intrusive" for two reasons:

1) I can think of many cases where you want to run just "safe"
   scripts, but very few where you only want intrusive scripts.  So
   I'd rather keep "safe" and let people use the "not safe" expression
   for the odd case where they want ONLY intrusive scripts.

2) I like the idea that a script has to be explicitly labelled safe in
   order to be treated as so.  They shouldn't be considered safe just
   because the author forgot to put them in an "intrusive" category.

Right now we have 20 scripts which aren't in "safe" or "intrusive".
Does anyone want to go through this list (reading the nsedoc and/or
script source) and add a short comment for each as to whether you
think it should be "safe" or not (and why) and then send the commented
list back to nmap-dev for discussion?

asn-query.nse
auth-spoof.nse
daytime.nse
dhcp-discover.nse
finger.nse
http-favicon.nse
http-headers.nse
http-malware-host.nse
http-trace.nse
http-userdir-enum.nse
iax2-version.nse
imap-capabilities.nse
irc-info.nse
pop3-capabilities.nse
pptp-version.nse
realvnc-auth-bypass.nse
skypev2-version.nse
smtp-open-relay.nse
smtp-strangeport.nse
sniffer-detect.nse

> I was trying to think of a reason not to have the safe XOR intrusive
> rule, but I couldn't think of any scripts that would be considered both
> safe and intrusive, or both not safe and not intrusive.

I can't think of any either.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org