On Sun, Jun 29, 2008 at 4:44 AM, Fyodor <> wrote:
> On Wed, Jun 18, 2008 at 11:03:30PM +0100, DePriest, Jason R. wrote:
>> They should be either "discovery" and relatively benign or "intrusive"
>> and used with intent.
>>
>> Explain the logic between having a script in both categories. Maybe I
>> just don't "get it."
>
> Well, there are currently three scripts in both "discovery" and
> "intrusive" categories:
>
> HTTP_open_proxy.nse:categories = {"default", "discovery", "intrusive"}
> MSSQLm.nse:categories = {"default", "discovery", "intrusive"}
> zoneTrans.nse:categories = {'default', 'intrusive', 'discovery'}
>
> What do you think would be a better way to categorize them?
>
> Cheers,
> -F
>
MSSQLm.nse actually tries to login to the SQL server using 'sa' and a
blank password. That *part* of the script is intrusive. The rest of
it is discovery and is very useful for version detection. Break it in
to two scripts maybe?
HTTP_open_proxy.nse could probably be just discovery. It sends a
single request that is a normal looking, non-malformed request.
I don't know enough about DNS to read through zoneTrans. Since zone
transfers are a popular recon technique, if that is actually what the
script does, perform a full zone transfer, it is definitely intrusive.
It it just determines whether or not a zone transfer is possible but
doesn't actually do it, it would be discovery.
These are just my opinions and I'd be eager to hear what others think.
-Jason
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jul 02 2008
Intro
