NSE now has a "default" category for scripts. This category holds the set

of scripts chosen from when using -sC (but it's still just another category
and so can be chosen with --script like any other).

On top of updating the docs with information about this new category, I've
also updated sections to emphasize that the "default" category, -sC and -A
are considered intrusive and should not be run against target networks
without permission.

The new list is very similar to the previous "safe,intrusive" list:

Added: finger, ircServerInfo, RealVNC_auth_bypass
Removed: HTTPpasswd

Here are the 21 scripts in this new category:

anonFTP
dns-test-open-recursion
finger
ftpbounce
HTTPAuth
HTTP_open_proxy
ircServerInfo
MSSQLm
MySQLinfo
nbstat
RealVNC_auth_bypass
robots
rpcinfo
showHTMLTitle
showOwner
SMTPcommands
SNMPsysdesr
SSHv1-support
SSLv2-support
UPnP-info
zoneTrans

scripts/HTTPAuth.nse

@@ -11,7 +11,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
 -- uncomment the following line to enable safe category
 -- categories = {"safe"}
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
 
 require "shortport"
 require "http"

scripts/HTTP_open_proxy.nse

@@ -7,7 +7,7 @@
 
 id="Open Proxy Test"
 description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: GWS/' header response."
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
 
 -- I found a nice explode() function in lua-users' wiki. I had to fix it, though.
 -- http://lua-users.org/wiki/LuaRecipes

scripts/MSSQLm.nse

@@ -9,7 +9,7 @@ author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"discovery", "intrusive"}
+categories = {"default", "discovery", "intrusive"}
 
 require('stdnse')
 require "shortport"

scripts/MySQLinfo.nse

@@ -15,7 +15,7 @@ author = "Kris Katterjohn <katterjohn@gmail.com>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = { "discovery", "safe" }
+categories = { "default", "discovery", "safe" }
 
 require 'bit'
 

scripts/RealVNC_auth_bypass.nse

@@ -3,7 +3,7 @@ description="Checks to see if the VNC Server is vulnerable to the RealVNC authen
 author = "Brandon Enright <bmenrigh@ucsd.edu>" 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"backdoor"}
+categories = {"default", "backdoor"}
 
 require "shortport"
 

scripts/SMTPcommands.nse

@@ -31,7 +31,7 @@ id = "SMTPcommands"
 description = "Attempts to use EHLO and HELP to gather the Extended commands an SMTP server supports."
 author = "Jason DePriest <jrdepriest@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery", "safe"}
+categories = {"default", "discovery", "safe"}
 
 require "shortport"
 require "stdnse"

scripts/SNMPsysdesr.nse

@@ -9,7 +9,7 @@ author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"discovery", "safe"}
+categories = {"default", "discovery", "safe"}
 
 require "shortport"
 

scripts/SSHv1-support.nse

@@ -2,7 +2,7 @@ id="SSH Protocol Version 1"
 description="Checks to see if SSH server supports SSH Protocol Version 1."
 author = "Brandon Enright <bmenrigh@ucsd.edu>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
 
 require "shortport"
 

scripts/SSLv2-support.nse

@@ -3,7 +3,7 @@ description = "determines whether the server (still) supports SSL-v2, and what c
 author = "Matt <mb2263@bristol.ac.uk>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
 
 require "shortport"
 

scripts/UPnP-info.nse

@@ -9,7 +9,7 @@ author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"safe"}
+categories = {"default", "safe"}
 
 require("stdnse")
 require("shortport")

scripts/anonFTP.nse

@@ -6,7 +6,7 @@ author = "Eddie Bell <ejlbell@gmail.com>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
 
 require "shortport"
 

scripts/dns-test-open-recursion.nse

@@ -6,7 +6,7 @@ author = "Felix Groebert <felix@groebert.org>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
 
 require "bit"
 require "shortport"

scripts/finger.nse

@@ -6,7 +6,7 @@ author = "Eddie Bell <ejlbell@gmail.com>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"discovery"}
+categories = {"default", "discovery"}
 
 require "shortport"
 

scripts/ftpbounce.nse

@@ -3,7 +3,7 @@ description="Checks to see if a FTP server allows port scanning using FTP bounce
 author="Marek Majkowski <majek04<at>gmail.com>"
 license="Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"intrusive"}
+categories = {"default", "intrusive"}
 
 require "shortport"
 

scripts/ircServerInfo.nse

@@ -6,7 +6,7 @@ author = "Doug Hoyte"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"discovery"}
+categories = {"default", "discovery"}
 
 require("stdnse")
 require "shortport"

scripts/nbstat.nse

@@ -9,7 +9,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 -- protocol dissector.  I do not believe this constitutes
 -- a derivative work in the GPL sense of the phrase.
 
-categories = {"discovery", "safe"}
+categories = {"default", "discovery", "safe"}
 
 -- I have excluded the port function param because it doesn't make much sense
 -- for a hostrule.  It works without warning.  The NSE documentation is

scripts/robots.nse

@@ -7,7 +7,7 @@ id = "robots.txt"
 author = "Eddie Bell <ejlbell@gmail.com>"
 description = "Download a http servers robots.txt file and display all disallowed entries"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"safe"}
+categories = {"default", "safe"}
 runlevel = 1.0
 
 portrule = shortport.port_or_service({80,443}, {"http","https"})

scripts/rpcinfo.nse

@@ -3,7 +3,7 @@ id = "rpcinfo"
 description = "connects to portmapper and prints a list of all registered programs"
 author = "Sven Klemm <sven@c3d2.de>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"safe","discovery"}
+categories = {"default","safe","discovery"}
 
 require "shortport"
 require "packet"

scripts/script.db

@@ -1,49 +1,70 @@
+Entry{ category = "default", filename = "HTTPAuth.nse" }
 Entry{ category = "intrusive", filename = "HTTPAuth.nse" }
+Entry{ category = "default", filename = "HTTP_open_proxy.nse" }
 Entry{ category = "intrusive", filename = "HTTP_open_proxy.nse" }
 Entry{ category = "intrusive", filename = "HTTPpasswd.nse" }
 Entry{ category = "discovery", filename = "HTTPtrace.nse" }
+Entry{ category = "default", filename = "MSSQLm.nse" }
 Entry{ category = "discovery", filename = "MSSQLm.nse" }
 Entry{ category = "intrusive", filename = "MSSQLm.nse" }
+Entry{ category = "default", filename = "MySQLinfo.nse" }
 Entry{ category = "discovery", filename = "MySQLinfo.nse" }
 Entry{ category = "safe", filename = "MySQLinfo.nse" }
 Entry{ category = "version", filename = "PPTPversion.nse" }
+Entry{ category = "default", filename = "RealVNC_auth_bypass.nse" }
 Entry{ category = "backdoor", filename = "RealVNC_auth_bypass.nse" }
 Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" }
+Entry{ category = "default", filename = "SMTPcommands.nse" }
 Entry{ category = "discovery", filename = "SMTPcommands.nse" }
 Entry{ category = "safe", filename = "SMTPcommands.nse" }
+Entry{ category = "default", filename = "SNMPsysdesr.nse" }
 Entry{ category = "discovery", filename = "SNMPsysdesr.nse" }
 Entry{ category = "safe", filename = "SNMPsysdesr.nse" }
 Entry{ category = "vulnerability", filename = "SQLInject.nse" }
+Entry{ category = "default", filename = "SSHv1-support.nse" }
 Entry{ category = "intrusive", filename = "SSHv1-support.nse" }
+Entry{ category = "default", filename = "SSLv2-support.nse" }
 Entry{ category = "intrusive", filename = "SSLv2-support.nse" }
+Entry{ category = "default", filename = "UPnP-info.nse" }
 Entry{ category = "safe", filename = "UPnP-info.nse" }
+Entry{ category = "default", filename = "anonFTP.nse" }
 Entry{ category = "intrusive", filename = "anonFTP.nse" }
 Entry{ category = "vulnerability", filename = "bruteTelnet.nse" }
 Entry{ category = "demo", filename = "chargenTest.nse" }
 Entry{ category = "demo", filename = "daytimeTest.nse" }
+Entry{ category = "default", filename = "dns-test-open-recursion.nse" }
 Entry{ category = "intrusive", filename = "dns-test-open-recursion.nse" }
 Entry{ category = "demo", filename = "echoTest.nse" }
+Entry{ category = "default", filename = "finger.nse" }
 Entry{ category = "discovery", filename = "finger.nse" }
+Entry{ category = "default", filename = "ftpbounce.nse" }
 Entry{ category = "intrusive", filename = "ftpbounce.nse" }
 Entry{ category = "version", filename = "iax2Detect.nse" }
+Entry{ category = "default", filename = "ircServerInfo.nse" }
 Entry{ category = "discovery", filename = "ircServerInfo.nse" }
 Entry{ category = "malware", filename = "ircZombieTest.nse" }
+Entry{ category = "default", filename = "nbstat.nse" }
 Entry{ category = "discovery", filename = "nbstat.nse" }
 Entry{ category = "safe", filename = "nbstat.nse" }
 Entry{ category = "version", filename = "netbios-smb-os-discovery.nse" }
 Entry{ category = "discovery", filename = "promiscuous.nse" }
 Entry{ category = "discovery", filename = "ripeQuery.nse" }
+Entry{ category = "default", filename = "robots.nse" }
 Entry{ category = "safe", filename = "robots.nse" }
+Entry{ category = "default", filename = "rpcinfo.nse" }
 Entry{ category = "safe", filename = "rpcinfo.nse" }
 Entry{ category = "discovery", filename = "rpcinfo.nse" }
+Entry{ category = "default", filename = "showHTMLTitle.nse" }
 Entry{ category = "demo", filename = "showHTMLTitle.nse" }
 Entry{ category = "safe", filename = "showHTMLTitle.nse" }
 Entry{ category = "", filename = "showHTTPVersion.nse" }
+Entry{ category = "default", filename = "showOwner.nse" }
 Entry{ category = "safe", filename = "showOwner.nse" }
 Entry{ category = "demo", filename = "showSMTPVersion.nse" }
 Entry{ category = "demo", filename = "showSSHVersion.nse" }
 Entry{ category = "version", filename = "skype_v2-version.nse" }
 Entry{ category = "backdoor", filename = "strangeSMTPport.nse" }
 Entry{ category = "vulnerability", filename = "xamppDefaultPass.nse" }
+Entry{ category = "default", filename = "zoneTrans.nse" }
 Entry{ category = "intrusive", filename = "zoneTrans.nse" }
 Entry{ category = "discovery", filename = "zoneTrans.nse" }

scripts/showHTMLTitle.nse

@@ -9,7 +9,7 @@ author = "Diman Todorov <diman.todorov@gmail.com>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"demo", "safe"}
+categories = {"default", "demo", "safe"}
 
 require 'http'
 

scripts/showOwner.nse

@@ -7,7 +7,7 @@ author = "Diman Todorov <diman.todorov@gmail.com>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"safe"}
+categories = {"default", "safe"}
 
 portrule = function(host, port)
 	local identd, decision

scripts/zoneTrans.nse

@@ -28,7 +28,7 @@ id = 'zone-transfer'
 author = 'Eddie Bell <ejlbell@gmail.com>'
 description = 'Request a zone transfer (AXFR) from a DNS server'
 license = 'Same as Nmap--See http://nmap.org/book/man-legal.html'
-categories = {'intrusive', 'discovery'}
+categories = {'default', 'intrusive', 'discovery'}
 runlevel = 1.0
 
 portrule = shortport.portnumber(53, 'tcp')