diff --git a/docs/refguide.xml b/docs/refguide.xml
index 4a69b9831..3ffc362cf 100644
--- a/docs/refguide.xml
+++ b/docs/refguide.xml
@@ -1939,8 +1939,10 @@ way.
- performs a script scan using the default set of scripts. it is
- equivalent to
+ Performs a script scan using the default set of scripts. It is
+ equivalent to . Some of the
+ scripts in this category are considered intrusive and should
+ not be run against a target network without permission.
@@ -3393,10 +3395,12 @@ overwhelming requests. Specify to only see
traceroute (). More features may be
added in the future. The point is to enable a
comprehensive set of scan options without people having
- to remember a large set of flags. This option only
- enables features, and not timing options (such as ) or
- verbosity options () that you might want as
- well.
+ to remember a large set of flags. However, because script
+ scanning with the default set is considered intrusive, you
+ should not use against target networks
+ without permission. This option only enables features, and
+ not timing options (such as ) or verbosity
+ options () that you might want as well.
diff --git a/docs/scripting.xml b/docs/scripting.xml
index c84d00809..d2bf6e465 100644
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -182,11 +182,10 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds
NSE scripts define a list of categories they belong to.
Currently defined categories are safe,
intrusive, malware,
- version, discovery and
- vulnerability. By default, Nmap runs all
- scripts in either the safe or
- intrusive categories. Categories are not
- case sensitive. The following list describes each category.
+ version, discovery,
+ vulnerability and default.
+ Categories are not case sensitive. The following list
+ describes each category.
@@ -264,6 +263,21 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds
These scripts check for a specific vulnerability and report results only if it is found.
+
+
+
+
+
+
+ These scripts are the default set and are run when
+ using . This category can also be
+ specified like any other with .
+ Don't be fooled into thinking that just because these scripts
+ are run by default that they are all completely unobtrusive:
+ these scripts should not be run against target networks without
+ permission.
+
+
@@ -316,9 +330,10 @@ $ nmap -sC --script-args user=foo,pass=bar,anonFTP={pass=ftp@foobar.com}
- Performs a script scan using the default set of scripts. It is
- equivalent to
- .
+ Performs a script scan using the default set of scripts. It is
+ equivalent to . Some of the
+ scripts in this category are considered intrusive and should
+ not be run against a target network without permission.
@@ -3297,7 +3312,7 @@ also get stored inside the registry.
The next phase of NSE initialization is loading the chosen
scripts, which are the arguments provided to the
- option or safe,intrusive, in
+ option or default, in
case of a default script scan. The string version
is appended, if version detection was enabled.
The arguments afterwards are tried to be
diff --git a/nmap.cc b/nmap.cc
index 052666a87..1035edb38 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -256,7 +256,7 @@ printf("%s %s ( %s )\n"
" --version-trace: Show detailed version scan activity (for debugging)\n"
#ifndef NOLUA
"SCRIPT SCAN:\n"
- " -sC: equivalent to --script=safe,intrusive\n"
+ " -sC: equivalent to --script=default\n"
" --script=: is a comma separated list of \n"
" directories, script-files or script-categories\n"
" --script-args=: provide arguments to scripts\n"
diff --git a/nse_init.cc b/nse_init.cc
index c8a406dac..ab8c5fbae 100644
--- a/nse_init.cc
+++ b/nse_init.cc
@@ -310,9 +310,7 @@ int init_pick_default_categories(std::vector& chosenScripts) {
if( (o.script == 1
&& chosenScripts.size() == 0) )
{
- chosenScripts.push_back(std::string("safe"));
- chosenScripts.push_back(std::string("intrusive"));
- // chosenScripts.push_back(std::string("vulnerabilities"));
+ chosenScripts.push_back(std::string("default"));
}
// we append the implicitely selected categories
diff --git a/scripts/HTTPAuth.nse b/scripts/HTTPAuth.nse
index e5b05d6a7..92161e9b3 100644
--- a/scripts/HTTPAuth.nse
+++ b/scripts/HTTPAuth.nse
@@ -11,7 +11,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-- uncomment the following line to enable safe category
-- categories = {"safe"}
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
require "shortport"
require "http"
diff --git a/scripts/HTTP_open_proxy.nse b/scripts/HTTP_open_proxy.nse
index 5ba418d9f..3b164dd39 100644
--- a/scripts/HTTP_open_proxy.nse
+++ b/scripts/HTTP_open_proxy.nse
@@ -7,7 +7,7 @@
id="Open Proxy Test"
description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: GWS/' header response."
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
-- I found a nice explode() function in lua-users' wiki. I had to fix it, though.
-- http://lua-users.org/wiki/LuaRecipes
diff --git a/scripts/MSSQLm.nse b/scripts/MSSQLm.nse
index 6c72d0e4b..5f6aff1a4 100644
--- a/scripts/MSSQLm.nse
+++ b/scripts/MSSQLm.nse
@@ -9,7 +9,7 @@ author = "Thomas Buchanan "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery", "intrusive"}
+categories = {"default", "discovery", "intrusive"}
require('stdnse')
require "shortport"
diff --git a/scripts/MySQLinfo.nse b/scripts/MySQLinfo.nse
index 4860fd9be..655f707e8 100644
--- a/scripts/MySQLinfo.nse
+++ b/scripts/MySQLinfo.nse
@@ -15,7 +15,7 @@ author = "Kris Katterjohn "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = { "discovery", "safe" }
+categories = { "default", "discovery", "safe" }
require 'bit'
diff --git a/scripts/RealVNC_auth_bypass.nse b/scripts/RealVNC_auth_bypass.nse
index 9def3e608..e79ffa99a 100644
--- a/scripts/RealVNC_auth_bypass.nse
+++ b/scripts/RealVNC_auth_bypass.nse
@@ -3,7 +3,7 @@ description="Checks to see if the VNC Server is vulnerable to the RealVNC authen
author = "Brandon Enright "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"backdoor"}
+categories = {"default", "backdoor"}
require "shortport"
diff --git a/scripts/SMTPcommands.nse b/scripts/SMTPcommands.nse
index 14131967f..aeadec502 100644
--- a/scripts/SMTPcommands.nse
+++ b/scripts/SMTPcommands.nse
@@ -31,7 +31,7 @@ id = "SMTPcommands"
description = "Attempts to use EHLO and HELP to gather the Extended commands an SMTP server supports."
author = "Jason DePriest "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery", "safe"}
+categories = {"default", "discovery", "safe"}
require "shortport"
require "stdnse"
diff --git a/scripts/SNMPsysdesr.nse b/scripts/SNMPsysdesr.nse
index 318e4caa6..a576a5bd5 100644
--- a/scripts/SNMPsysdesr.nse
+++ b/scripts/SNMPsysdesr.nse
@@ -9,7 +9,7 @@ author = "Thomas Buchanan "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery", "safe"}
+categories = {"default", "discovery", "safe"}
require "shortport"
diff --git a/scripts/SSHv1-support.nse b/scripts/SSHv1-support.nse
index c30797b76..489455544 100644
--- a/scripts/SSHv1-support.nse
+++ b/scripts/SSHv1-support.nse
@@ -2,7 +2,7 @@ id="SSH Protocol Version 1"
description="Checks to see if SSH server supports SSH Protocol Version 1."
author = "Brandon Enright "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
require "shortport"
diff --git a/scripts/SSLv2-support.nse b/scripts/SSLv2-support.nse
index 07d3aa8f5..008e5f26b 100644
--- a/scripts/SSLv2-support.nse
+++ b/scripts/SSLv2-support.nse
@@ -3,7 +3,7 @@ description = "determines whether the server (still) supports SSL-v2, and what c
author = "Matt "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
require "shortport"
diff --git a/scripts/UPnP-info.nse b/scripts/UPnP-info.nse
index 1bf9ebdd3..df783bd58 100644
--- a/scripts/UPnP-info.nse
+++ b/scripts/UPnP-info.nse
@@ -9,7 +9,7 @@ author = "Thomas Buchanan "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"safe"}
+categories = {"default", "safe"}
require("stdnse")
require("shortport")
diff --git a/scripts/anonFTP.nse b/scripts/anonFTP.nse
index c2ddd7ec4..ce4b3b1a8 100644
--- a/scripts/anonFTP.nse
+++ b/scripts/anonFTP.nse
@@ -6,7 +6,7 @@ author = "Eddie Bell "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
require "shortport"
diff --git a/scripts/dns-test-open-recursion.nse b/scripts/dns-test-open-recursion.nse
index 86b917ca5..894194e58 100644
--- a/scripts/dns-test-open-recursion.nse
+++ b/scripts/dns-test-open-recursion.nse
@@ -6,7 +6,7 @@ author = "Felix Groebert "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
require "bit"
require "shortport"
diff --git a/scripts/finger.nse b/scripts/finger.nse
index c3635cfc7..5aeca9550 100644
--- a/scripts/finger.nse
+++ b/scripts/finger.nse
@@ -6,7 +6,7 @@ author = "Eddie Bell "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"default", "discovery"}
require "shortport"
diff --git a/scripts/ftpbounce.nse b/scripts/ftpbounce.nse
index 578e3fc76..e5ab6f709 100644
--- a/scripts/ftpbounce.nse
+++ b/scripts/ftpbounce.nse
@@ -3,7 +3,7 @@ description="Checks to see if a FTP server allows port scanning using FTP bounce
author="Marek Majkowski gmail.com>"
license="Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
require "shortport"
diff --git a/scripts/ircServerInfo.nse b/scripts/ircServerInfo.nse
index 9d49068eb..e00fd354f 100644
--- a/scripts/ircServerInfo.nse
+++ b/scripts/ircServerInfo.nse
@@ -6,7 +6,7 @@ author = "Doug Hoyte"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"default", "discovery"}
require("stdnse")
require "shortport"
diff --git a/scripts/nbstat.nse b/scripts/nbstat.nse
index 688034cb4..1dcf95e45 100644
--- a/scripts/nbstat.nse
+++ b/scripts/nbstat.nse
@@ -9,7 +9,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-- protocol dissector. I do not believe this constitutes
-- a derivative work in the GPL sense of the phrase.
-categories = {"discovery", "safe"}
+categories = {"default", "discovery", "safe"}
-- I have excluded the port function param because it doesn't make much sense
-- for a hostrule. It works without warning. The NSE documentation is
diff --git a/scripts/robots.nse b/scripts/robots.nse
index 9fa0df8e3..e5d34931c 100644
--- a/scripts/robots.nse
+++ b/scripts/robots.nse
@@ -7,7 +7,7 @@ id = "robots.txt"
author = "Eddie Bell "
description = "Download a http servers robots.txt file and display all disallowed entries"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"safe"}
+categories = {"default", "safe"}
runlevel = 1.0
portrule = shortport.port_or_service({80,443}, {"http","https"})
diff --git a/scripts/rpcinfo.nse b/scripts/rpcinfo.nse
index 2d8f017b1..3a5ba6607 100644
--- a/scripts/rpcinfo.nse
+++ b/scripts/rpcinfo.nse
@@ -3,7 +3,7 @@ id = "rpcinfo"
description = "connects to portmapper and prints a list of all registered programs"
author = "Sven Klemm "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"safe","discovery"}
+categories = {"default","safe","discovery"}
require "shortport"
require "packet"
diff --git a/scripts/script.db b/scripts/script.db
index a9e615261..7cf040735 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -1,49 +1,70 @@
+Entry{ category = "default", filename = "HTTPAuth.nse" }
Entry{ category = "intrusive", filename = "HTTPAuth.nse" }
+Entry{ category = "default", filename = "HTTP_open_proxy.nse" }
Entry{ category = "intrusive", filename = "HTTP_open_proxy.nse" }
Entry{ category = "intrusive", filename = "HTTPpasswd.nse" }
Entry{ category = "discovery", filename = "HTTPtrace.nse" }
+Entry{ category = "default", filename = "MSSQLm.nse" }
Entry{ category = "discovery", filename = "MSSQLm.nse" }
Entry{ category = "intrusive", filename = "MSSQLm.nse" }
+Entry{ category = "default", filename = "MySQLinfo.nse" }
Entry{ category = "discovery", filename = "MySQLinfo.nse" }
Entry{ category = "safe", filename = "MySQLinfo.nse" }
Entry{ category = "version", filename = "PPTPversion.nse" }
+Entry{ category = "default", filename = "RealVNC_auth_bypass.nse" }
Entry{ category = "backdoor", filename = "RealVNC_auth_bypass.nse" }
Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" }
+Entry{ category = "default", filename = "SMTPcommands.nse" }
Entry{ category = "discovery", filename = "SMTPcommands.nse" }
Entry{ category = "safe", filename = "SMTPcommands.nse" }
+Entry{ category = "default", filename = "SNMPsysdesr.nse" }
Entry{ category = "discovery", filename = "SNMPsysdesr.nse" }
Entry{ category = "safe", filename = "SNMPsysdesr.nse" }
Entry{ category = "vulnerability", filename = "SQLInject.nse" }
+Entry{ category = "default", filename = "SSHv1-support.nse" }
Entry{ category = "intrusive", filename = "SSHv1-support.nse" }
+Entry{ category = "default", filename = "SSLv2-support.nse" }
Entry{ category = "intrusive", filename = "SSLv2-support.nse" }
+Entry{ category = "default", filename = "UPnP-info.nse" }
Entry{ category = "safe", filename = "UPnP-info.nse" }
+Entry{ category = "default", filename = "anonFTP.nse" }
Entry{ category = "intrusive", filename = "anonFTP.nse" }
Entry{ category = "vulnerability", filename = "bruteTelnet.nse" }
Entry{ category = "demo", filename = "chargenTest.nse" }
Entry{ category = "demo", filename = "daytimeTest.nse" }
+Entry{ category = "default", filename = "dns-test-open-recursion.nse" }
Entry{ category = "intrusive", filename = "dns-test-open-recursion.nse" }
Entry{ category = "demo", filename = "echoTest.nse" }
+Entry{ category = "default", filename = "finger.nse" }
Entry{ category = "discovery", filename = "finger.nse" }
+Entry{ category = "default", filename = "ftpbounce.nse" }
Entry{ category = "intrusive", filename = "ftpbounce.nse" }
Entry{ category = "version", filename = "iax2Detect.nse" }
+Entry{ category = "default", filename = "ircServerInfo.nse" }
Entry{ category = "discovery", filename = "ircServerInfo.nse" }
Entry{ category = "malware", filename = "ircZombieTest.nse" }
+Entry{ category = "default", filename = "nbstat.nse" }
Entry{ category = "discovery", filename = "nbstat.nse" }
Entry{ category = "safe", filename = "nbstat.nse" }
Entry{ category = "version", filename = "netbios-smb-os-discovery.nse" }
Entry{ category = "discovery", filename = "promiscuous.nse" }
Entry{ category = "discovery", filename = "ripeQuery.nse" }
+Entry{ category = "default", filename = "robots.nse" }
Entry{ category = "safe", filename = "robots.nse" }
+Entry{ category = "default", filename = "rpcinfo.nse" }
Entry{ category = "safe", filename = "rpcinfo.nse" }
Entry{ category = "discovery", filename = "rpcinfo.nse" }
+Entry{ category = "default", filename = "showHTMLTitle.nse" }
Entry{ category = "demo", filename = "showHTMLTitle.nse" }
Entry{ category = "safe", filename = "showHTMLTitle.nse" }
Entry{ category = "", filename = "showHTTPVersion.nse" }
+Entry{ category = "default", filename = "showOwner.nse" }
Entry{ category = "safe", filename = "showOwner.nse" }
Entry{ category = "demo", filename = "showSMTPVersion.nse" }
Entry{ category = "demo", filename = "showSSHVersion.nse" }
Entry{ category = "version", filename = "skype_v2-version.nse" }
Entry{ category = "backdoor", filename = "strangeSMTPport.nse" }
Entry{ category = "vulnerability", filename = "xamppDefaultPass.nse" }
+Entry{ category = "default", filename = "zoneTrans.nse" }
Entry{ category = "intrusive", filename = "zoneTrans.nse" }
Entry{ category = "discovery", filename = "zoneTrans.nse" }
diff --git a/scripts/showHTMLTitle.nse b/scripts/showHTMLTitle.nse
index 9e4af027d..bcc2ac03c 100644
--- a/scripts/showHTMLTitle.nse
+++ b/scripts/showHTMLTitle.nse
@@ -9,7 +9,7 @@ author = "Diman Todorov "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"demo", "safe"}
+categories = {"default", "demo", "safe"}
require 'http'
diff --git a/scripts/showOwner.nse b/scripts/showOwner.nse
index 815d6ceef..3bb79ec33 100644
--- a/scripts/showOwner.nse
+++ b/scripts/showOwner.nse
@@ -7,7 +7,7 @@ author = "Diman Todorov "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"safe"}
+categories = {"default", "safe"}
portrule = function(host, port)
local identd, decision
diff --git a/scripts/zoneTrans.nse b/scripts/zoneTrans.nse
index 3dcd22fa0..8e7a15d64 100644
--- a/scripts/zoneTrans.nse
+++ b/scripts/zoneTrans.nse
@@ -28,7 +28,7 @@ id = 'zone-transfer'
author = 'Eddie Bell '
description = 'Request a zone transfer (AXFR) from a DNS server'
license = 'Same as Nmap--See http://nmap.org/book/man-legal.html'
-categories = {'intrusive', 'discovery'}
+categories = {'default', 'intrusive', 'discovery'}
runlevel = 1.0
portrule = shortport.portnumber(53, 'tcp')