Nmap Development mailing list archives
NSE Categorization Question(s)
From: King Thorin <kingthorin () hotmail com>
Date: Thu, 14 Jun 2012 09:22:56 -0400
So looking at ssl-enum-ciphers got me thinking. This script is in the discovery, and intrusive categories. Why isn't it "safe"? Which lead to "how do we (the list, Fyodor, etc) describe the categories?" http://nmap.org/book/nse-usage.html#nse-categories "intrusive These are scripts that cannot be classified in the safe category because the risks are too high that they will crash the target system, use up significant resources on the target host (such as bandwidth or CPU time), or otherwise be perceived as malicious by the target's system administrators."How was it determined that ssl-enum-ciphers is going to down a system or load it too heavily while ssh2-enum-algos won't? Though ssh2-enum-algos isn't safe, it's also not listed as intrusive. They're both listed as discovery. While I understand that there is no quantitative way to accomplish the categorization, I'm just looking for some further insight into how the choices are made. Also this just occurred to me while writing this up. Is there currently a mechanism (switch/option, similar to -sL -n) to have nmap lists scripts and categories which will be run? i.e. if you do some complicated type of script selection (http://nmap.org/book/nse-usage.html#nse-script-selection), such as the "nmap --script "(default or safe or intrusive) and not http-*"" example could nmap list what scripts will be run and their categorization details without actually running? _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE Categorization Question(s) King Thorin (Jun 14)
- Re: NSE Categorization Question(s) David Fifield (Jun 14)
- RE: NSE Categorization Question(s) King Thorin (Jun 14)
- Re: NSE Categorization Question(s) David Fifield (Jun 14)