Re: [RFC] NSE Re-categorization

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> On Sat, Jun 14, 2008 at 08:52:08PM -0500, Kris Katterjohn wrote:
> > That sounds good.  This brings us to:
>
> Let's put a brief descrption next to each as well so we're clear on
> what they meain.  Here is a quick draft:
>
> Default - Scripts which Nmap should run by default when NSE is
>           requested with -sC, -A, or --script without any arguments.
>
> Version - Scripts for detecting service protocol and version
>           information of applications listening on a port.  These are run as
>           part of version detection (-sV) even when NSE is not specifically
>           requested.
>
> Safe - Scripts which are unlikely to crash or otherwise interfere with
>        target systems.  These scripts don't try to exploit
>        vulnerabilities, and even avoid behavior which might appear
>        overtly malicious in target logs.  Of couse any communication
>        with a remote system has some risk of crashing it or annoying
>        the administrators.  The safe scripts are intended to reduce
>        that risk, but can never remove it.
>
> Intrusive - Scripts which cannot be classified in the "Safe" category
>             because risks are too high that they will crash target
>             systems, use up significant target system resources (such
>             as bandwidth or CPU time), or be perceived as malicious by
>             target system administrators.
>
> Discovery - Scripts which discovery general information about a target
>             system or service (such as HTML title, SMTP commands,
>             system uptime, or whois contact information) rather than
>             specific goals of other categories such as specific
>             vulnerability detection (vuln).
>
> Vuln - Scripts which look for and report presence of specific known
>        vulnerabilities.  These scripts normally report nothing if the
>        vulnerability is not present.
>
> Malware - Scripts which detect known forms of malware such as Internet
>           works, trojan horse applications, or listening port shells.
>           These scripts are usually in the version category as well.
>
> Auth - Scripts which attempt to determine authentication credentials,
>        often through a brute force attack.

Thanks, Fyodor.

I've been holding out replying in hopes there would be more discussion, but it
seems to have died out now.

Does nobody have any other ideas for new categories, or anything else
pertaining to the current/new category system?

We have a good number of categories, don't get me wrong, but if you have other
good ideas for another category, we still have room to add it.

> Cheers,
> -F

Thanks,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFlNT/9K37xXYl36AQLTLg//awI1YSn+vcx3UFwhzPow9Cx/9dus+PIb
EMNFZa5ulU8TGfVeooimiB6In+tFubBWjLwt0GW/9oWu5rhBL8SRJINkQ97rutq3
xlPrldr1Nk0KV4GJsNQ8kCZZuD6ZQikPd/G+ad9o1bpim/E3QzLnkNXW8rsn+h6c
FWsNhIklk1tU4/gYP4xbmtOImyP5igE885Vw8Iargzeo7xIAnxMHZzRKNcg20Fr1
ZDvwIk1mvArUY1K8rGfVJr0/68SIq7GLrSO97UGpvGMnMfF4ZNVHRAO+X1uOG8q5
HSwzYkwzhXQ1V6j2cZynIRK6w2XfiqFSEaBlKMPgHdnQdd6A0l8D8ZXYlNustvN7
J3yJt2UQsBvgNAFtKb6vL3gyurOU2iA3QRH4oy6rHM91aYckx6ecSbZZaoDq+7aa
gv2oUzxzaLOGutHFVyT5+XlarMwqrC4twBhmW7EDV3B/bV7OC/b0ohe1vYf6UZB0
4IrVSR+JGiU2BLUQE46deIPnvQSfO1YhIIPTxEmzMvgcb/3LX2C1UYQr/T8kQufU
pRLQoGX/cvTPM8JA8Kk1NLxNKHqqqyNtM0R4i1qkHuN1YMTNqZcHFMQDWFcRmFGK
lI8xewB0pad7vuNS+IUdCM2wh3XasomEYrZTpLH4YajkMnSyWmAHi8Db6XwNddjj
Foric6eUTDU=
=VSb7
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org