Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] NSE Re-categorization
From: jah <jah () zadkiel plus com>
Date: Thu, 19 Jun 2008 01:33:44 +0100

On 18/06/2008 23:22, Kris Katterjohn wrote:
I also don't understand the benefit of having a script that is
"intrusive" also be a "discovery" scan.  If it is "intrusive" then I
don't want it running if I am only asking for "discovery."

They should be either "discovery" and relatively benign or "intrusive"
and used with intent.

Explain the logic between having a script in both categories.  Maybe I
just don't "get it."

This is a good point; however, Fyodor mentioned to me that more
could be added to script selection, which will alleviate this.

I personally don't see a problem with a script being in Discovery and
Intrusive.  Take zoneTrans for example: it certainly has the "discovery"
aspect to it, but it's also a bit "intrusive".  The intrusiveness in this
respect isn't saying "this script is malicious", just that "this
script goes a
bit further than some administrators might like."

However, there is currently no way to say "I want a Discovery script
that is
not Intrusive," which, as you mentioned, can pose a problem in situations.

Another threat-level category could be added for scripts that are
"used with
intent," but that could easily get confusing.

Opinions anyone?
Hello folks,

I know I've said this before, but if there was some way to ask for
degrees of certain attributes it could help in this type of
circumstance.  It would probably be quite difficult to get something
like that right and it may be unmanageable with the thousands of scripts
nmap will have in the future.
Perhaps the way to go, at least for now, would be to make "Intrusive" an
exclusive category.  Or perhaps disallow categories on the command line:
--script discovery, auth, -intrusive which I'm sure would be very useful
for people who are working in a production environment and scared of
bringing down the network.

I think that the current proposal for categories is a good one.  I like
the idea of having not-that-many well-defined categories and I think it
will make it slightly easier to decide what to run.  Perhaps it would be
a good idea to see if the current idea works or not and tweak it later
if necessary.



Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]