Nmap Development mailing list archives
RE: NSE Categorization Question(s)
From: King Thorin <kingthorin () hotmail com>
Date: Thu, 14 Jun 2012 10:39:35 -0400
Thanks Dave. I was comparing the two script simply based on their descriptions. Thanks for the --script-help idea, it's close but a little too verbose. I was thinking more along the lines of: http-wordpress-brute Categories: intrusive brute http-wordpress-enum Categories: auth intrusive vuln http-wordpress-plugins Categories: discovery intrusive I suppose I can probably get there with some kind of grep/awk/sed kung'fu
Date: Thu, 14 Jun 2012 07:19:03 -0700 From: david () bamsoftware com To: kingthorin () hotmail com CC: nmap-dev () insecure org Subject: Re: NSE Categorization Question(s) On Thu, Jun 14, 2012 at 09:22:56AM -0400, King Thorin wrote:So looking at ssl-enum-ciphers got me thinking. This script is in the discovery, and intrusive categories. Why isn't it "safe"? Which lead to "how do we (the list, Fyodor, etc) describe the categories?" http://nmap.org/book/nse-usage.html#nse-categories "intrusive These are scripts that cannot be classified in the safe category because the risks are too high that they will crash the target system, use up significant resources on the target host (such as bandwidth or CPU time), or otherwise be perceived as malicious by the target's system administrators." How was it determined that ssl-enum-ciphers is going to down a system or load it too heavily while ssh2-enum-algos won't? Though ssh2-enum-algos isn't safe, it's also not listed as intrusive. They're both listed as discovery.It's because ssh2-enum-algos gets its entire output from the server in one connection, which ssl-enum-ciphers must make a few hundred connections, one for each possible algorithm. Although their output is similar, they work differently. Just try them yourself and you'll see that one is much faster than the other.Also this just occurred to me while writing this up. Is there currently a mechanism (switch/option, similar to -sL -n) to have nmap lists scripts and categories which will be run? i.e. if you do some complicated type of script selection (http://nmap.org/book/nse-usage.html#nse-script-selection), such as the "nmap --script "(default or safe or intrusive) and not http-*"" example could nmap list what scripts will be run and their categorization details without actually running?Use the --script-help option. nmap --script-help "(default or safe or intrusive) and not http-*" David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE Categorization Question(s) King Thorin (Jun 14)
- Re: NSE Categorization Question(s) David Fifield (Jun 14)
- RE: NSE Categorization Question(s) King Thorin (Jun 14)
- Re: NSE Categorization Question(s) David Fifield (Jun 14)