mailing list archives
Re: [RFC] Default NSE Scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 16 May 2008 17:00:53 -0500
-----BEGIN PGP SIGNED MESSAGE-----
On 14/05/2008 17:06, Kris Katterjohn wrote:
I've committed the patch for this and added to Default. Aside from
SMTPcommands being changed (which can wait and be moved over later), are
there any other outstanding issues with the current list below?
What about dns-test-open-recusion as Jah mentioned?
I did a little test and from 5000 hosts, 7 had udp 53 open and of those,
3 resulted in "Recursion seems enabled". So, er, that's conclusive then.
Of course, this means I got 4997 "Recursion not enabled" which gives a
very poor signal to noise ratio!
Perhaps it would be best to leave this one out.
I've removed the "Recursion not enabled" line from the script, and have
also removed it from Default list. Sorry that one took so long :)
The new list is below. Jason says he'll fix up the SMTPcommands script,
so that can be switched later.
Are there any issues or concerns at all with the following list? If
not, I'll try to commit it this weekend.
* bruteTelnet - Too intrusive and slow
* chargenTest - Obscure / "demo"
* daytimeTest - Obscure / "demo"
* dns-test-open-recursion - Should only be done if port is open
* echoTest - Obscure / "demo"
* HTTPpasswd - A bit too intrusive and probably not useful enough
* HTTPtrace - Not default material
* iax2Detect - "version"
* ircServerInfo - I don't think this is default material (but I'm also
not an IRC user)
* ircZombieTest - "malware"
* kibuvDetection - "malware"
* netbios-smb-os-detection - I want this to be default, but it's "version"
* PPTPversion - "version"
* promiscuous - I don't think it's useful enough
* ripeQuery - Abusive to RIPE
* showHTTPversion - Obscure / only category is ""
* showSMTPVersion - Obscure / "demo"
* showSSHVersion - Obscure / "demo"
* skype_v2-version - "version"
* SMTPcommands - Jason says he'll change it with nmap.verbosity()
* SMTP_openrelay_test - "demo" because of "real hostname" issue
* SQLInject - Obvious reasons :)
* strangeSMTPport - Obscure / "backdoor"
* xamppDefaultPass - "vulnerability"
* zoneTrans - Just doesn't seem like default material IMO
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org