Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Default NSE Scripts
From: Daniel Roethlisberger <daniel () roe ch>
Date: Mon, 12 May 2008 13:02:24 +0200

Kris Katterjohn <katterjohn () gmail com> 2008-05-10:
jah wrote:
On 09/05/2008 23:17, Kris Katterjohn wrote:
Default:

* ripeQuery
This is a safe script with regard to the target, but RIPE might think it
less so.  Especially as it would query RIPE for every target regardless
of whether the target is in RIPE's allocation.  I think it should stay
in discovery.
This is a script I kept switching between the lists.  I think you may be
right in that it's not be default material.  Anybody else want to chime
in on this one?

I think this script could rightly be perceived as abusive by RIPE.  I
would not include this in the default set.

Not Default:

[...]
* SMTPcommands - I want this to be default, but it usually has a lot of
output
This is currently run by default and I don't think the quantity of
output should be grounds for omission if it's perceived to be useful.

Good point, but I just don't think that a default script should produce
a large amount of output like this one tends to.

Does anyone have an opinion on this?

I'd vote for inclusion.  If you feel it produces too much output, then
maybe it can be changed to be a little less verbose?  I cannot speak for
others, but personally, when I run a scan with NSE scripts, then I am
expecting some verbosity.

* SSLv2-support - Produces quite a bit of output, and doesn't seem
useful enough for default
I think this is quite useful and should remain default, but agree that
the output is often more than required - perhaps it could be improved
with nmap.verbosity().

I think that with an nmap.verbosity() change it may be good for default.

I'd quite like to see this script included by default.  It would be
useful in helping to eradicate SSLv2.

* zoneTrans - Just doesn't seem like default material IMO
I think the argument for this is similar to the one for
dns-test-open-recursion.


I don't know from experience, but looking at Wikipedia makes me think
that it's not frequent enough.

Depends on your usage.  If you do internal scans of large corporate
networks, it is extremely frequent.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault