mailing list archives
NSE Categorization Question(s)
From: King Thorin <kingthorin () hotmail com>
Date: Thu, 14 Jun 2012 09:22:56 -0400
So looking at ssl-enum-ciphers got me thinking. This script is in the discovery, and intrusive categories. Why isn't it
"safe"? Which lead to "how do we (the list, Fyodor, etc) describe the categories?"
These are scripts that cannot be classified in the
safe category because the risks are too
high that they will crash the target system, use up
significant resources on the target host (such as
bandwidth or CPU time), or otherwise be perceived as
malicious by the target's system administrators."How was it determined that ssl-enum-ciphers is going to
down a system or load it too heavily while ssh2-enum-algos won't? Though ssh2-enum-algos isn't safe, it's also not
listed as intrusive. They're both listed as discovery.
While I understand that there is no quantitative way to accomplish the categorization, I'm just looking for some
further insight into how the choices are made.
Also this just occurred to me while writing this up. Is there currently a mechanism (switch/option, similar to -sL -n)
to have nmap lists scripts and categories which will be run? i.e. if you do some complicated type of script selection
(http://nmap.org/book/nse-usage.html#nse-script-selection), such as the "nmap --script "(default or safe or intrusive)
and not http-*"" example could nmap list what scripts will be run and their categorization details without actually
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- NSE Categorization Question(s) King Thorin (Jun 14)