|
Nmap Development
mailing list archives
Re: [RFC] Default NSE Scripts
From: Diman Todorov <diman.todorov () univie ac at>
Date: Sun, 11 May 2008 10:36:37 +0200
Hello,
1) Quick
How to measure this? ...
2) Generally Useful
I reckon this is pretty subjective ...
3) Not too intrusive
How to measure this? ...
Any objective measure for these characteristics will be ridiculous in
20% of the cases. I suggest following the current process and decide
for each script wether we want it in default or not based on common
sense and discussion.
4) Not in "version" category since those are run with -sV
Agreed. But wouldn't it be nice to run some of these version scripts
without version scanning.
No. Version scripts were built as an extension to -sV. If the version
category was specified on the command line but -sV was not given, the
category is removed again. The reason is that version scripts put
their output in the version column of the Nmap output table.
* mswindowsShell - "backdoor"
My vote is to ditch it too.
I vote for ditching too. I wrote the script way back in 2006 along
with some other obscure scripts (kibuv, xampp, ircZombie). I ported
these scripts from the Nessus database to get a feeling of how
expressive NSE is and to find out wether it is comparable in
expressiveness with NASL.
cheers,
Diman
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
- Re: [RFC] Default NSE Scripts, (continued)
- Re: [RFC] Default NSE Scripts Diman Todorov (May 11)
Re: [RFC] Default NSE Scripts Fyodor (May 12)
| 
Intro
