diff --git a/docs/scripting.xml b/docs/scripting.xml
index f2ed65bd6..bc857ee86 100644
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -286,7 +286,7 @@ and vuln. Category names are not case sensitive. The follow
Intrusiveness
- Some scripts are very intrusive because they use significant resources on the remote system, are likely to crash the system or service, or are likely to be perceived as an attack by the remote administrators. The more intrusive a script is, the less suitable it is for the default category.
+ Some scripts are very intrusive because they use significant resources on the remote system, are likely to crash the system or service, or are likely to be perceived as an attack by the remote administrators. The more intrusive a script is, the less suitable it is for the default category. Default scripts are almost always in the safe category too, though we occasionally allow intrusive scripts by default when they are only mildly intrusive and score well in the other factors.
@@ -354,7 +354,7 @@ and vuln. Category names are not case sensitive. The follow
device's SNMP community string by sending common values
such
as public, private,
- and cisco).
+ and cisco). Unless a script is in the special version category, it should be categorized as either safe or intrusive.
@@ -387,7 +387,7 @@ and vuln. Category names are not case sensitive. The follow
network discovery. Examples are
ssh-hostkey (retrieves an SSH host key) and
html-title (grabs the title from a
- web page).
+ web page). Scripts in the version category are not categorized by safety, but any other scripts which aren't in safe should be placed in intrusive.
diff --git a/scripts/asn-query.nse b/scripts/asn-query.nse
index 0d3b8ecab..f9f03587a 100644
--- a/scripts/asn-query.nse
+++ b/scripts/asn-query.nse
@@ -36,7 +36,7 @@ server (your default DNS server, or whichever one you specified with the
author = "jah, Michael"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery", "external"}
+categories = {"discovery", "external", "safe"}
runlevel = 1
diff --git a/scripts/auth-spoof.nse b/scripts/auth-spoof.nse
index 92db8fb66..53e32ca6a 100644
--- a/scripts/auth-spoof.nse
+++ b/scripts/auth-spoof.nse
@@ -11,7 +11,7 @@ author = "Diman Todorov "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"malware"}
+categories = {"malware", "safe"}
require "comm"
require "shortport"
diff --git a/scripts/daytime.nse b/scripts/daytime.nse
index 623f7df55..af923aaf4 100644
--- a/scripts/daytime.nse
+++ b/scripts/daytime.nse
@@ -6,7 +6,7 @@ author = "Diman Todorov "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "safe"}
require "comm"
require "shortport"
diff --git a/scripts/dhcp-discover.nse b/scripts/dhcp-discover.nse
index cbc603041..bec4eb827 100644
--- a/scripts/dhcp-discover.nse
+++ b/scripts/dhcp-discover.nse
@@ -64,7 +64,7 @@ author = "Ron Bowes "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "intrusive"}
require 'bin'
require 'bit'
diff --git a/scripts/finger.nse b/scripts/finger.nse
index daa5e6ede..6fc77da51 100644
--- a/scripts/finger.nse
+++ b/scripts/finger.nse
@@ -6,7 +6,7 @@ author = "Eddie Bell "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "safe"}
require "comm"
require "shortport"
diff --git a/scripts/http-favicon.nse b/scripts/http-favicon.nse
index fff92597f..5d0bc43bc 100644
--- a/scripts/http-favicon.nse
+++ b/scripts/http-favicon.nse
@@ -20,7 +20,7 @@ author = "Vlatko Kosturjak "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "safe"}
require "shortport"
require "http"
diff --git a/scripts/http-headers.nse b/scripts/http-headers.nse
index b4bb63014..06630a10c 100644
--- a/scripts/http-headers.nse
+++ b/scripts/http-headers.nse
@@ -22,7 +22,7 @@ author = "Ron Bowes "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "safe"}
require "shortport"
require "http"
diff --git a/scripts/http-malware-host.nse b/scripts/http-malware-host.nse
index 8567eafbe..0b5b61861 100644
--- a/scripts/http-malware-host.nse
+++ b/scripts/http-malware-host.nse
@@ -24,7 +24,7 @@ author = "Ron Bowes "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"malware"}
+categories = {"malware", "safe"}
require 'stdnse'
require 'http'
diff --git a/scripts/http-trace.nse b/scripts/http-trace.nse
index fd410ef8e..932b569cf 100644
--- a/scripts/http-trace.nse
+++ b/scripts/http-trace.nse
@@ -19,7 +19,7 @@ author = "Kris Katterjohn "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "safe"}
require "comm"
require "shortport"
diff --git a/scripts/http-userdir-enum.nse b/scripts/http-userdir-enum.nse
index b97dbb847..cb62e5f35 100644
--- a/scripts/http-userdir-enum.nse
+++ b/scripts/http-userdir-enum.nse
@@ -1,6 +1,6 @@
author = "jah "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "intrusive"}
description = [[
Attempts to enumerate valid usernames on webservers running with the mod_userdir
module or similar enabled.
diff --git a/scripts/imap-capabilities.nse b/scripts/imap-capabilities.nse
index 51ee600fb..1a0e93dc5 100644
--- a/scripts/imap-capabilities.nse
+++ b/scripts/imap-capabilities.nse
@@ -15,7 +15,7 @@ any site-specific policy.
author = "Brandon Enright "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default"}
+categories = {"default", "safe"}
require 'imap'
require 'shortport'
diff --git a/scripts/irc-info.nse b/scripts/irc-info.nse
index cf5a6dfe8..87b14b227 100644
--- a/scripts/irc-info.nse
+++ b/scripts/irc-info.nse
@@ -18,7 +18,7 @@ author = "Doug Hoyte"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "safe"}
require("stdnse")
require "shortport"
diff --git a/scripts/pop3-capabilities.nse b/scripts/pop3-capabilities.nse
index 89b2a51d5..175a859ee 100644
--- a/scripts/pop3-capabilities.nse
+++ b/scripts/pop3-capabilities.nse
@@ -15,7 +15,7 @@ server version may be available.
author = "Philip Pickering "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default","discovery"}
+categories = {"default","discovery","safe"}
require 'pop3'
require 'shortport'
diff --git a/scripts/realvnc-auth-bypass.nse b/scripts/realvnc-auth-bypass.nse
index 1c982622b..bddd65f75 100644
--- a/scripts/realvnc-auth-bypass.nse
+++ b/scripts/realvnc-auth-bypass.nse
@@ -5,7 +5,7 @@ Checks if a VNC server is vulnerable to the RealVNC authentication bypass
author = "Brandon Enright "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "vuln"}
+categories = {"default", "vuln", "safe"}
require "shortport"
diff --git a/scripts/smtp-strangeport.nse b/scripts/smtp-strangeport.nse
index 24d135007..970279666 100644
--- a/scripts/smtp-strangeport.nse
+++ b/scripts/smtp-strangeport.nse
@@ -14,7 +14,7 @@ author = "Diman Todorov "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"malware"}
+categories = {"malware", "safe"}
portrule = function(host, port)
return port.service == "smtp" and
diff --git a/scripts/sniffer-detect.nse b/scripts/sniffer-detect.nse
index 144148556..afd3c3870 100644
--- a/scripts/sniffer-detect.nse
+++ b/scripts/sniffer-detect.nse
@@ -13,7 +13,7 @@ http://www.securityfriday.com/promiscuous_detection_01.pdf.
author = "Marek Majkowski "
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "intrusive"}
-- okay, we're interested only in hosts that are on our ethernet lan
hostrule = function(host, port)