mailing list archives
Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 13:00:49 -0500
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, Jun 14, 2008 at 08:52:08PM -0500, Kris Katterjohn wrote:
That sounds good. This brings us to:
Let's put a brief descrption next to each as well so we're clear on
what they meain. Here is a quick draft:
Default - Scripts which Nmap should run by default when NSE is
requested with -sC, -A, or --script without any arguments.
Version - Scripts for detecting service protocol and version
information of applications listening on a port. These are run as
part of version detection (-sV) even when NSE is not specifically
Safe - Scripts which are unlikely to crash or otherwise interfere with
target systems. These scripts don't try to exploit
vulnerabilities, and even avoid behavior which might appear
overtly malicious in target logs. Of couse any communication
with a remote system has some risk of crashing it or annoying
the administrators. The safe scripts are intended to reduce
that risk, but can never remove it.
Intrusive - Scripts which cannot be classified in the "Safe" category
because risks are too high that they will crash target
systems, use up significant target system resources (such
as bandwidth or CPU time), or be perceived as malicious by
target system administrators.
Discovery - Scripts which discovery general information about a target
system or service (such as HTML title, SMTP commands,
system uptime, or whois contact information) rather than
specific goals of other categories such as specific
vulnerability detection (vuln).
Vuln - Scripts which look for and report presence of specific known
vulnerabilities. These scripts normally report nothing if the
vulnerability is not present.
Malware - Scripts which detect known forms of malware such as Internet
works, trojan horse applications, or listening port shells.
These scripts are usually in the version category as well.
Auth - Scripts which attempt to determine authentication credentials,
often through a brute force attack.
I've been holding out replying in hopes there would be more discussion, but it
seems to have died out now.
Does nobody have any other ideas for new categories, or anything else
pertaining to the current/new category system?
We have a good number of categories, don't get me wrong, but if you have other
good ideas for another category, we still have room to add it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
Re: [RFC] NSE Re-categorization - Vulnerability category Tom Sellers (Jun 13)
Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization, (continued)