Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 13 Jun 2008 00:42:01 -0500

Hash: SHA1

Fyodor wrote:
On Thu, Jun 12, 2008 at 05:07:27PM -0500, Kris Katterjohn wrote:
Along the lines of the NSE Default category, I have a new task of sort of
redefining the NSE categories.  This is a good time for any comments on the
current category system to be discussed.

Hi Kris.  I thinks you have some great ideas here.  Particularly your
main goals.  I have comments on a few of your ideas:

I think "safe" and "intrusive" should be mutually-exclusive, together
all-encompassing categories.

Sounds good.  I'm a little concerned about the name "safe", since even
scripts which should be completely safe can cause problems.  Just like
"safe sex".  But the name is descriptive, and I can't think of
anything better right now.  So it may be fine.  We may just need to be
sure we note in the docs that people shouldn't consider them 100%
safe.  But that we do our best to only include low-risk scripts in the

I don't really like "safe" either, but I was also unable to think of anything

I think "backdoor" should be merged into "malware".  There's no point in
having two basically synonymous categories.

Yeah.  There is a slight risk that people will think that "malware"
means scripts which are malicious, rather than scripts meant to detect
malicious activity.  But good documentation should help there.


I initially thought that the "discovery" category should be dropped.  Is there
an NSE script which isn't really discovering something?  But Brandon pointed
out that it could just be renamed, and that the name could convey something
along the lines of "extra information".  I can't really think of a good name
for it, however.

Maybe.  Though I don't mind the discovery name.  I think it of scripts
which discover general information about the network (e.g. smtp
commands or whois information) rather than those which test for a
specific vulnerability or try brute force login or the like.

That makes sense, but if a better name comes up I'd still like to switch it.

How about a new "credential" (or "login") category?  This can be used for NSE
scripts which attempt a login, such as anonFTP, bruteTelnet, and HTTPAuth.

Or maybe authentication?

Or maybe just "auth"?  I think "authentication" is a bit long, and I don't
think "auth" can get confused with anything else.  But then again,
"vulnerability" is long as well.

Aside from this, I don't have a strong opinion on any of the three.  I think
the category should exist, but I'll be happy with any of them.  I guess we can
just tally any votes, unless you feel particularly strong about one.


Kris Katterjohn
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]