Nmap Development mailing list archives
Re: [RFC] NSE Re-categorization
From: Fyodor <fyodor () insecure org>
Date: Thu, 12 Jun 2008 19:52:46 -0700
On Fri, Jun 13, 2008 at 01:07:10AM +0100, jah wrote:
On 12/06/2008 23:07, Kris Katterjohn wrote: So I think that either intrusive should include scripts that are intended to crash services (all in the name of securing ones own network, of course) or perhaps there should be a category for "exploits" to include scripts that actively exploit vulnerabilities and could crash a service or cause an sysadmin alarm - even if the intention is merely to detect a vulnerability.
Good point. We don't have any scripts intended to crash services now. But if we ever were to add such a script, I'd argue for some sort of "dos" category. A script which performas a SYN scan or tries to crash a certain service goes beyond what I would normally think of even as "intrusive", IMHO. Exploits is another interesting category. If we had actual exploits like you find in Metasploit, they might fit well in such a category. Our brute force authentication scripts sort of fit the bill, but it sounds like we'll probably have a more specific category for them. So I think both of these are good potential categories, but I don't think we should add any categories unless we have at least one script included which will use them. And I don't know of any DoS or exploit scripts right now.
It looks good. Using Informational and adding Exploits, you even get a handy Mnemonic: VICED VIMS (from latin: Grasp with Vigour).
Heh :). Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Tom Sellers (Jun 13)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 12)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Arturo 'Buanzo' Busleiman (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 14)
- Re: [RFC] NSE Re-categorization Fyodor (Jun 14)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 18)
- Re: [RFC] NSE Re-categorization Kris Katterjohn (Jun 12)
- Re: [RFC] NSE Re-categorization jah (Jun 12)