Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] NSE Re-categorization
From: Fyodor <fyodor () insecure org>
Date: Thu, 12 Jun 2008 18:45:08 -0700

On Thu, Jun 12, 2008 at 05:07:27PM -0500, Kris Katterjohn wrote:

Along the lines of the NSE Default category, I have a new task of sort of
redefining the NSE categories.  This is a good time for any comments on the
current category system to be discussed.

Hi Kris.  I thinks you have some great ideas here.  Particularly your
main goals.  I have comments on a few of your ideas:

I think "safe" and "intrusive" should be mutually-exclusive, together
all-encompassing categories.

Sounds good.  I'm a little concerned about the name "safe", since even
scripts which should be completely safe can cause problems.  Just like
"safe sex".  But the name is descriptive, and I can't think of
anything better right now.  So it may be fine.  We may just need to be
sure we note in the docs that people shouldn't consider them 100%
safe.  But that we do our best to only include low-risk scripts in the

I think "backdoor" should be merged into "malware".  There's no point in
having two basically synonymous categories.

Yeah.  There is a slight risk that people will think that "malware"
means scripts which are malicious, rather than scripts meant to detect
malicious activity.  But good documentation should help there.

I initially thought that the "discovery" category should be dropped.  Is there
an NSE script which isn't really discovering something?  But Brandon pointed
out that it could just be renamed, and that the name could convey something
along the lines of "extra information".  I can't really think of a good name
for it, however.

Maybe.  Though I don't mind the discovery name.  I think it of scripts
which discover general information about the network (e.g. smtp
commands or whois information) rather than those which test for a
specific vulnerability or try brute force login or the like.

How about a new "credential" (or "login") category?  This can be used for NSE
scripts which attempt a login, such as anonFTP, bruteTelnet, and HTTPAuth.

Or maybe authentication?


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]