Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Default NSE Scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 27 May 2008 20:50:26 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yeah, I'm talking to myself again :)

Kris Katterjohn wrote:
Kris Katterjohn wrote:
Running against irc.efnet.org gives me:

6666/tcp open  irc     syn-ack
|  IRC Server Info: Server: irc.blessed.net
|  Version: ircd-ratbox-3.0.0beta3(20080423_3-25265). irc.blessed.net
|  Servers/Ops/Chans/Users: 61/406/27994/59199
|  Lservers/Lusers: 1/1360
|  Uptime: 13 days, 6:41:47
|  Source host: adsl-074-182-015-130.sip.jan.bellsouth.net
|_ Source ident: NONE or BLOCKED

Which is quite verbose.  It too could be fixed up with nmap.verbosity(),
but I don't want to mess with it because I don't know what would be
interesting enough for IRC users :)


Does anybody else have an opinion on this one, or care to redo it with
nmap.verbosity()?

IIRC this script and SMTPcommands are the only outstanding scripts, and
Jason is already working on the latter.


Since Fyodor committed Jason's new SMTPcommands, the only script
remaining is ircServerInfo.  Nobody has said anything on it in a week,
so I'll keep it off the Default list.

I'd really like to commit this stuff soon, so if there are any
objections to the lists below (aside from switching SMTPcommands),
please let me know now.

Again, nobody has said anything in a while on this so I'm assuming the
list is agreeable.

Default:

* anonFTP
* dns-test-open-recursion
* finger
* ftpbounce
* HTTPAuth
* HTTP_open_proxy
* MSSQLm
* MySQLinfo
* nbstat
* RealVNC_auth_bypass
* robots
* rpcinfo
* showHTMLtitle
* showOwner
* SNMPsysdesr
* SSHv1-support
* SSLv2-support
* UPnP-info
* zoneTrans

Non-Default:

* bruteTelnet - Too intrusive and slow
* chargenTest - Obscure / "demo"
* daytimeTest - Obscure / "demo"
* echoTest - Obscure / "demo"
* HTTPpasswd - A bit too intrusive and probably not useful enough
* HTTPtrace - Not default material
* iax2Detect - "version"
* ircServerInfo - Should be redone with nmap.verbosity() ?
* ircZombieTest - "malware"
* kibuvDetection - "malware"
* netbios-smb-os-detection - I want this to be default, but it's "version"
* PPTPversion - "version"
* promiscuous - I don't think it's useful enough
* ripeQuery - Abusive to RIPE
* showHTTPversion - Obscure / only category is ""
* showSMTPVersion - Obscure / "demo"
* showSSHVersion - Obscure / "demo"
* skype_v2-version - "version"
* SMTPcommands - Jason is handling it with nmap.verbosity()
* SMTP_openrelay_test - "demo" because of "real hostname" issue
* SQLInject - Obvious reasons  :)
* strangeSMTPport - Obscure / "backdoor"
* xamppDefaultPass - "vulnerability"


Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSDy6X/9K37xXYl36AQItyw/8CSGgCs7/7bm86cpORydJC8u0c7rFgS9v
COMvB/q2pmf3YgrKNKqTjU3bEgke9p9/kXLhJkDjNy2S7T6iJ07KRKc8qcX5zHpj
z2RALjg5h+4x+TUHtumu3Q2yJISDGl5ud43N4547zMdES/3drK/ugfeXtcrIhem7
av9cWBTYmcJymh85KRQMaP34BZSeM9rZx6fB4Mhs9cPSpDQCtadQ3QBThRhjDxxx
8Ub2Gz98A348DRIMqK64/ieoxvZzotyrCVbfBQdfoljGGmKO7exrgOlEMWWzEVZL
oGqiuXa9p2Ygj0lmuHKX2YecdTlGzfVfbMYBsgRY2K9yuuPLZ6InrtTbyzmLCn1V
pr7GRyNx+uvzYxqP+3f1Tz+J9T+owPMlz2nJEXx2vCU3za3ob1ECavwAuk8+hF0k
JLYuasYs7EWxGWGdIulEcWARwMB3LzJDF3Aoy6jQ6EnZIS4eJ6KRBVBDMSx8QPI2
4I907F8AUgBBSIfmKfWqXlCFmbz9fxId49f1WuPaeHMOn77o7/3ZSFekf3WuIBAo
f9S1Dxpm/gFKodIQj0FdyEkqKhTWJkpMfRmGD0Jaw+8H06RALJTfjCiu+e3liJff
DCMxbiALUWi/QL09jdIlwTh9oBCHFYAD9nenV9LoUSwSQUBWB/Gc/td7LNFoXCGO
J+QTiNt/bLM=
=cQQQ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]