Re: Safe and Intrusive Category confusion

[David Fifield <david () bamsoftware com>]

On Wed, Sep 23, 2009 at 03:28:11AM -0700, Fyodor wrote:
> Right now we have 20 scripts which aren't in "safe" or "intrusive".
> Does anyone want to go through this list (reading the nsedoc and/or
> script source) and add a short comment for each as to whether you
> think it should be "safe" or not (and why) and then send the commented
> list back to nmap-dev for discussion?
>
> asn-query.nse
> auth-spoof.nse
> daytime.nse
> dhcp-discover.nse
> finger.nse
> http-favicon.nse
> http-headers.nse
> http-malware-host.nse
> http-trace.nse
> http-userdir-enum.nse
> iax2-version.nse
> imap-capabilities.nse
> irc-info.nse
> pop3-capabilities.nse
> pptp-version.nse
> realvnc-auth-bypass.nse
> skypev2-version.nse
> smtp-open-relay.nse
> smtp-strangeport.nse
> sniffer-detect.nse

Patrick, how were you planning to break these down? We got sidetracked
on the issue of the "intrusive" category but that doesn't have to
prevent the identification of safe scripts from the list above.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org