Nmap Development mailing list archives
Re: Safe and Intrusive Category confusion
From: Fyodor <fyodor () insecure org>
Date: Thu, 1 Oct 2009 12:19:23 -0700
On Wed, Sep 30, 2009 at 08:53:50PM -0600, David Fifield wrote:
I with you on the special handling of the version scripts and smtp-open-relay.nse. I agree with the "not safe" ones too. There are a couple, as you said, under "Safe" that could go either way, but the list above looks good to me.
OK, I just made the changes. I had a change of heart on a couple issues though: o I kept dhcp-discover out of the "safe" category, since it does reserve an IP address from the server. I think "default" scripts should generally be in the "safe" category, but I guess they don't always have to be. If someone wants only safe default scripts, they can specify "--script default and safe". That is even one of the examples given in the Nmap man page. o I kept the intrusive category. My current thought is that it can be useful for two reasons: 1) It helps us find improperly classified scripts. A simple grep for scripts which aren't in safe, intrusive, or version does the trick. 2) It reminds people who are looking at the script (e.g. in nsedoc or reading the source file) that the script has been classified as intrusive, so they should be particularly careful in running it. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Safe and Intrusive Category confusion Fyodor (Oct 01)