Nmap Development mailing list archives

Re: [NSE] Update some scripts' categories

From: Fyodor <fyodor () insecure org>
Date: Thu, 7 Jul 2011 01:24:02 -0700

On Wed, Jul 06, 2011 at 05:33:17PM +0100, Djalal Harouni wrote:

Some scripts don't have the right categories especially backdoor
detection scripts. I've attached a diff file to correct this, if you
have any suggestions please let me know.


Thanks Djalal!  This sort of cleanup is extremely useful.  Almost all
of the ones you list in your mail look great to me.  I only have
questions/comments on three of them:

o targets-sniffer.nse
  -categories = {"broadcast", "discovery"}
  +categories = {"broadcast", "discovery", "intrusive"}

  Did not remove the "discovery" but I've added the "intrusive"
  category.


Maybe it is OK to put this in "safe" rather than "intrusive" since by
default it just listens passively and prints the discovered hosts.  If
the user passes the "newtargets" option than it adds discovered hosts
to the scan queue, but any user who knows what "newtargets" means
should expect that.  And if they don't know what "newtargets" does,
they shouldn't specify it.

o db2-discover.nse
  Perhaps we should split this one into two scripts since it uses a
  prerule for broadcast and a portrule:
  * broadcast-db2-discover with "broadcast" and "safe" categories.
  * db2-discover with "discovery", "safe" and "default" ?


Interestingly, NSEDoc only lists it as a hostrule script
(http://nmap.org/nsedoc/scripts/db2-discover.html), but the prerule is
there in the script clear as day.  And yes, splitting them up sounds
like a good idea.

o ssh2-enum-algos.nse
  -categories = {"safe", "discovery"}
  +categories = {"default", "safe", "discovery"}


I think this is way too verbose for "default".  Against Scanme (and
most of the other hosts I tried) it produces dozens of lines of
output.  And while the output can be very useful in certain
circumstances, I don't think most people will find it valuable during
their normal scans.

Actually I tried to use this script and found that it was broken by
one of the silent_require changes.  I just checked in a fix and it is
now working for me.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Update some scripts' categories Djalal Harouni (Jul 06)
- Re: [NSE] Update some scripts' categories Fyodor (Jul 09)
  - Re: [NSE] Update some scripts' categories Patrik Karlsson (Jul 10)
  - Re: [NSE] Update some scripts' categories Djalal Harouni (Jul 11)
    - Re: [NSE] Update some scripts' categories Shinnok (Jul 12)
    - Re: [NSE] Update some scripts' categories Djalal Harouni (Jul 12)
    - Re: [NSE] Update some scripts' categories Patrik Karlsson (Jul 12)
    - Re: [NSE] Update some scripts' categories Patrik Karlsson (Jul 12)
    - Re: [NSE] Round 2: Update some scripts' categories Djalal Harouni (Jul 12)
    - Re: [NSE] Round 2: Update some scripts' categories Patrik Karlsson (Jul 12)
    - Re: [NSE] Round 2: Update some scripts' categories Djalal Harouni (Jul 12)
    - Re: [NSE] Round 2: Update some scripts' categories Patrik Karlsson (Jul 12)

(Thread continues...)