Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] NSE Re-categorization
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 14:36:08 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

I wrote:
Along the lines of the NSE Default category, I have a new task of sort of
redefining the NSE categories.  This is a good time for any comments on the
current category system to be discussed.

This really involves adding and/or removing categories, and then placing
scripts in the correct categories afterwards.

My preliminary list is below, containing all of the scripts and their
associated categories (a lot of them I didn't need to touch).

A general description of these categories is here[1].

I've also attached a simple patch to show what has actually been changed,
since the list below just shows the scripts' would-be current categories.

I have moved both SSHv1-support and SSLv2-support from Intrusive to Safe
because after reviewing them I don't think they pose any issue.  They are both
run by default, anyway.  If you feel this is wrong, please don't hesitate to
let me know.

anonFTP.nse:
        {"default", "auth", "intrusive"}
bruteTelnet.nse:
        {'auth', 'intrusive'}
chargenTest.nse:
        {"demo"}
daytimeTest.nse:
        {"demo"}
dns-test-open-recursion.nse:
        {"default", "intrusive"}
echoTest.nse:
        {"demo"}
finger.nse:
        {"default", "discovery"}
ftpbounce.nse:
        {"default", "intrusive"}
HTTPAuth.nse:
        {"default", "auth", "intrusive"}
HTTP_open_proxy.nse:
        {"default", "discovery", "intrusive"}
HTTPpasswd.nse:
        {"intrusive", "vuln"}
HTTPtrace.nse:
        {"discovery"}
iax2Detect.nse:
        {"version"}
ircServerInfo.nse:
        {"default", "discovery"}
ircZombieTest.nse:
        {"malware"}
MSSQLm.nse:
        {"default", "discovery", "intrusive"}
MySQLinfo.nse:
        { "default", "discovery", "safe" }
nbstat.nse:
        {"default", "discovery", "safe"}
netbios-smb-os-discovery.nse:
        {"version"}
PPTPversion.nse:
        {"version"}
promiscuous.nse:
        {"discovery"}
RealVNC_auth_bypass.nse:
        {"default", "malware", "vuln"}
ripeQuery.nse:
        {"discovery"}
robots.nse:
        {"default", "safe"}
rpcinfo.nse:
        {"default","safe","discovery"}
showHTMLTitle.nse:
        {"default", "demo", "safe"}
showHTTPVersion.nse:
        {"demo"}
showOwner.nse:
        {"default", "safe"}
showSMTPVersion.nse:
        {"demo"}
showSSHVersion.nse:
        {"demo"}
skype_v2-version.nse:
        {"version"}
SMTPcommands.nse:
        {"default", "discovery", "safe"}
SMTP_openrelay_test.nse:
        {"demo"}
SNMPsysdesr.nse:
        {"default", "discovery", "safe"}
SQLInject.nse:
        {"intrusive", "vuln"}
SSHv1-support.nse:
        {"default", "safe"}
SSLv2-support.nse:
        {"default", "safe"}
strangeSMTPport.nse:
        {"malware"}
UPnP-info.nse:
        {"default", "safe"}
xamppDefaultPass.nse:
        {"auth", "vuln"}
zoneTrans.nse:
        {'default', 'intrusive', 'discovery'}

Thanks,
Kris Katterjohn

[1] http://seclists.org/nmap-dev/2008/q2/0716.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFljpv9K37xXYl36AQLciBAAhmJa26edlnlI+1Yf0AB7M4eVNrw+7rzg
5nw3h5+oSWgLD6PohTlFLuUrTGfr9ELj+PgK2KGPmwlJTrBsUULD+yADM7SIc/Hg
DiqWA27hacNTpH0V8CeUua5B09dIPWdkmXwuS7exlTlLBbwi/4OLAwVl/G7ObE6r
IBvSgne66H2aGdOJ5v1wmBuIDU9/WbHO2bHltA9qxo+iDe5pnz6cERVoXcTi1hdJ
LbsJpscruq8wi6bZ8a8rq1qycm1Hgwa5JAGIW0YZFDMdsKmtegZNdOhX5zj6jMSf
I6Ypao1c4jir4T4Ei/SuQj9zUoqum6t95AgiFfhfBPSf1SNATIg7TEO4Uc3kzLYW
ZuCtch00omJ3ds/43tMtvAe9qKlruFG4OwEjHtz2CGA1S9IVi694ot4lMCOtGMRH
0aPmAD9TjYSg2ti67U7PEMvMuAZ0Md6HSKYt+VyOuz0+5ciirFQ3dYptxESMpHCO
lFBGygK7/BtAQIm/GycrhuW1XX/I9y6G6/+RTu3jhEUpcB8e+R9gv4C5cx4zgF8C
6/fe1BQ3yQKiGTKT0t/ip9s620F0nZm/uMRJ4CwVJaW6TTijLsM7RZZCZrZypD7T
VXkV55lllBlN7dDMeZlgzV9YVF7DOBsPAW9eBKM5PjkypV4H0i0UlLBStTcDlp+j
pe5i7HgqWns=
=wqjV
-----END PGP SIGNATURE-----
Index: anonFTP.nse
===================================================================
--- anonFTP.nse (revision 8328)
+++ anonFTP.nse (working copy)
@@ -6,7 +6,7 @@
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
 
-categories = {"default", "intrusive"}
+categories = {"default", "auth", "intrusive"}
 
 require "shortport"
 
Index: bruteTelnet.nse
===================================================================
--- bruteTelnet.nse     (revision 8328)
+++ bruteTelnet.nse     (working copy)
@@ -2,7 +2,7 @@
 author = 'Eddie Bell <ejlbell () gmail com>'
 description='brute force telnet login credientials'
 license = 'Same as Nmap--See http://nmap.org/book/man-legal.html&apos;
-categories = {'vulnerability'}
+categories = {'auth', 'intrusive'}
 
 require('shortport')
 require('stdnse')
Index: HTTPAuth.nse
===================================================================
--- HTTPAuth.nse        (revision 8328)
+++ HTTPAuth.nse        (working copy)
@@ -9,9 +9,7 @@
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
 
--- uncomment the following line to enable safe category
--- categories = {"safe"}
-categories = {"default", "intrusive"}
+categories = {"default", "auth", "intrusive"}
 
 require "shortport"
 require "http"
Index: HTTP_open_proxy.nse
===================================================================
--- HTTP_open_proxy.nse (revision 8328)
+++ HTTP_open_proxy.nse (working copy)
@@ -7,7 +7,7 @@
 
 id="Open Proxy Test"
 description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: 
GWS/' header response."
-categories = {"default", "intrusive"}
+categories = {"default", "discovery", "intrusive"}
 require "comm"
 
 -- I found a nice explode() function in lua-users' wiki. I had to fix it, though.
Index: HTTPpasswd.nse
===================================================================
--- HTTPpasswd.nse      (revision 8328)
+++ HTTPpasswd.nse      (working copy)
@@ -16,7 +16,7 @@
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
 
-categories = {"intrusive"}
+categories = {"intrusive", "vuln"}
 
 require "shortport"
 require "http"
Index: RealVNC_auth_bypass.nse
===================================================================
--- RealVNC_auth_bypass.nse     (revision 8328)
+++ RealVNC_auth_bypass.nse     (working copy)
@@ -3,7 +3,7 @@
 author = "Brandon Enright <bmenrigh () ucsd edu>" 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
 
-categories = {"default", "backdoor"}
+categories = {"default", "malware", "vuln"}
 
 require "shortport"
 
Index: showHTTPVersion.nse
===================================================================
--- showHTTPVersion.nse (revision 8328)
+++ showHTTPVersion.nse (working copy)
@@ -10,7 +10,7 @@
 
 -- add this script to "version" if you really want to execute it
 -- keep in mind you can (and should) only execute it with -sV
-categories = {""}
+categories = {"demo"}
 -- categories = {"version"}
 
 runlevel = 1.0
Index: SQLInject.nse
===================================================================
--- SQLInject.nse       (revision 8328)
+++ SQLInject.nse       (working copy)
@@ -33,7 +33,7 @@
 description = "spiders a http server looking for URLs containing queries \
                and tries to determines if they are vulnerable to injection attack"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
-categories = {"vulnerability"}
+categories = {"intrusive", "vuln"}
 runlevel = 1.0
 
 -- Change this to increase depth of crawl
Index: SSHv1-support.nse
===================================================================
--- SSHv1-support.nse   (revision 8328)
+++ SSHv1-support.nse   (working copy)
@@ -2,7 +2,7 @@
 description="Checks to see if SSH server supports SSH Protocol Version 1."
 author = "Brandon Enright <bmenrigh () ucsd edu>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
-categories = {"default", "intrusive"}
+categories = {"default", "safe"}
 
 require "shortport"
 
Index: SSLv2-support.nse
===================================================================
--- SSLv2-support.nse   (revision 8328)
+++ SSLv2-support.nse   (working copy)
@@ -3,7 +3,7 @@
 author = "Matt <mb2263 () bristol ac uk>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
 
-categories = {"default", "intrusive"}
+categories = {"default", "safe"}
 
 require "shortport"
 
Index: strangeSMTPport.nse
===================================================================
--- strangeSMTPport.nse (revision 8328)
+++ strangeSMTPport.nse (working copy)
@@ -9,7 +9,7 @@
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
 
-categories = {"backdoor"}
+categories = {"malware"}
 
 portrule = function(host, port) 
        if 
Index: xamppDefaultPass.nse
===================================================================
--- xamppDefaultPass.nse        (revision 8328)
+++ xamppDefaultPass.nse        (working copy)
@@ -8,7 +8,7 @@
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
 
-categories = {"vulnerability"}
+categories = {"auth", "vuln"}
 
 require "shortport"
 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]