Home page logo

nmap-dev logo Nmap Development mailing list archives

NSE Categorization Question(s)
From: King Thorin <kingthorin () hotmail com>
Date: Thu, 14 Jun 2012 09:22:56 -0400

So looking at ssl-enum-ciphers got me thinking. This script is in the discovery, and intrusive categories. Why isn't it 
"safe"? Which lead to "how do we (the list, Fyodor, etc) describe the categories?"  

          These are scripts that cannot be classified in the
            safe category because the risks are too
            high that they will crash the target system, use up
            significant resources on the target host (such as
            bandwidth or CPU time), or otherwise be perceived as
            malicious by the target's system administrators."How was it determined that ssl-enum-ciphers is going to 
down a system or load it too heavily while ssh2-enum-algos won't? Though ssh2-enum-algos isn't safe, it's also not 
listed as intrusive. They're both listed as discovery. 

While I understand that there is no quantitative way to accomplish the categorization, I'm just looking for some 
further insight into how the choices are made.
Also this just occurred to me while writing this up. Is there currently a mechanism (switch/option, similar to -sL -n) 
to have nmap lists scripts and categories which will be run? i.e. if you do some complicated type of script selection 
(http://nmap.org/book/nse-usage.html#nse-script-selection), such as the "nmap --script "(default or safe or intrusive) 
and not http-*"" example could nmap list what scripts will be run and their categorization details without actually 

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]