Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] NSE Re-categorization
From: Fyodor <fyodor () insecure org>
Date: Thu, 12 Jun 2008 19:52:46 -0700

On Fri, Jun 13, 2008 at 01:07:10AM +0100, jah wrote:
On 12/06/2008 23:07, Kris Katterjohn wrote:

So I think that either intrusive should include scripts that are
intended to crash services (all in the name of securing ones own
network, of course) or perhaps there should be a category for "exploits"
to include scripts that actively exploit vulnerabilities and could crash
a service or cause an sysadmin alarm - even if the intention is merely
to detect a vulnerability.

Good point.  We don't have any scripts intended to crash services now.
But if we ever were to add such a script, I'd argue for some sort of
"dos" category.  A script which performas a SYN scan or tries to crash
a certain service goes beyond what I would normally think of even as
"intrusive", IMHO.

Exploits is another interesting category.  If we had actual exploits
like you find in Metasploit, they might fit well in such a category.
Our brute force authentication scripts sort of fit the bill, but it
sounds like we'll probably have a more specific category for them.

So I think both of these are good potential categories, but I don't
think we should add any categories unless we have at least one script
included which will use them.  And I don't know of any DoS or exploit
scripts right now.

It looks good.  Using Informational and adding Exploits, you even get a
handy Mnemonic: VICED VIMS (from latin: Grasp with Vigour).

Heh :).


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]