Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 13:00:49 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
On Sat, Jun 14, 2008 at 08:52:08PM -0500, Kris Katterjohn wrote:
That sounds good.  This brings us to:

Let's put a brief descrption next to each as well so we're clear on
what they meain.  Here is a quick draft:

Default - Scripts which Nmap should run by default when NSE is
          requested with -sC, -A, or --script without any arguments.

Version - Scripts for detecting service protocol and version
          information of applications listening on a port.  These are run as
          part of version detection (-sV) even when NSE is not specifically
          requested.

Safe - Scripts which are unlikely to crash or otherwise interfere with
       target systems.  These scripts don't try to exploit
       vulnerabilities, and even avoid behavior which might appear
       overtly malicious in target logs.  Of couse any communication
       with a remote system has some risk of crashing it or annoying
       the administrators.  The safe scripts are intended to reduce
       that risk, but can never remove it.

Intrusive - Scripts which cannot be classified in the "Safe" category
            because risks are too high that they will crash target
            systems, use up significant target system resources (such
            as bandwidth or CPU time), or be perceived as malicious by
            target system administrators.

Discovery - Scripts which discovery general information about a target
            system or service (such as HTML title, SMTP commands,
            system uptime, or whois contact information) rather than
            specific goals of other categories such as specific
            vulnerability detection (vuln).

Vuln - Scripts which look for and report presence of specific known
       vulnerabilities.  These scripts normally report nothing if the
       vulnerability is not present.

Malware - Scripts which detect known forms of malware such as Internet
          works, trojan horse applications, or listening port shells.
          These scripts are usually in the version category as well.

Auth - Scripts which attempt to determine authentication credentials,
       often through a brute force attack.


Thanks, Fyodor.

I've been holding out replying in hopes there would be more discussion, but it
seems to have died out now.

Does nobody have any other ideas for new categories, or anything else
pertaining to the current/new category system?

We have a good number of categories, don't get me wrong, but if you have other
good ideas for another category, we still have room to add it.

Cheers,
-F

Thanks,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFlNT/9K37xXYl36AQLTLg//awI1YSn+vcx3UFwhzPow9Cx/9dus+PIb
EMNFZa5ulU8TGfVeooimiB6In+tFubBWjLwt0GW/9oWu5rhBL8SRJINkQ97rutq3
xlPrldr1Nk0KV4GJsNQ8kCZZuD6ZQikPd/G+ad9o1bpim/E3QzLnkNXW8rsn+h6c
FWsNhIklk1tU4/gYP4xbmtOImyP5igE885Vw8Iargzeo7xIAnxMHZzRKNcg20Fr1
ZDvwIk1mvArUY1K8rGfVJr0/68SIq7GLrSO97UGpvGMnMfF4ZNVHRAO+X1uOG8q5
HSwzYkwzhXQ1V6j2cZynIRK6w2XfiqFSEaBlKMPgHdnQdd6A0l8D8ZXYlNustvN7
J3yJt2UQsBvgNAFtKb6vL3gyurOU2iA3QRH4oy6rHM91aYckx6ecSbZZaoDq+7aa
gv2oUzxzaLOGutHFVyT5+XlarMwqrC4twBhmW7EDV3B/bV7OC/b0ohe1vYf6UZB0
4IrVSR+JGiU2BLUQE46deIPnvQSfO1YhIIPTxEmzMvgcb/3LX2C1UYQr/T8kQufU
pRLQoGX/cvTPM8JA8Kk1NLxNKHqqqyNtM0R4i1qkHuN1YMTNqZcHFMQDWFcRmFGK
lI8xewB0pad7vuNS+IUdCM2wh3XasomEYrZTpLH4YajkMnSyWmAHi8Db6XwNddjj
Foric6eUTDU=
=VSb7
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]