Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Default NSE Scripts
From: Diman Todorov <diman.todorov () univie ac at>
Date: Sun, 11 May 2008 10:36:37 +0200


1) Quick
How to measure this?  ...
2) Generally Useful
I reckon this is pretty subjective ...
3) Not too intrusive
How to measure this?  ...

Any objective measure for these characteristics will be ridiculous in  
20% of the cases. I suggest following the current process and decide  
for each script wether we want it in default or not based on common  
sense and discussion.

4) Not in "version" category since those are run with -sV
Agreed.  But wouldn't it be nice to run some of these version scripts
without version scanning.

No. Version scripts were built as an extension to -sV. If the version  
category was specified on the command line but -sV was not given, the  
category is removed again. The reason is that version scripts put  
their output in the version column of the Nmap output table.

* mswindowsShell - "backdoor"
My vote is to ditch it too.

I vote for ditching too. I wrote the script way back in 2006 along  
with some other obscure scripts (kibuv, xampp, ircZombie). I ported  
these scripts from the Nessus database to get a feeling of how  
expressive NSE is and to find out wether it is comparable in  
expressiveness with NASL.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]