Moved a bunch of scripts to the "safe" category, and some others to "intrusive" after

discussion on nmap-dev about how best to handle these. I also updated the docs and am about to regenerate script.db. See this thread for more info: http://seclists.org/nmap-dev/2009/q3/1008.html
2025-12-06 04:31:29 +00:00 · 2009-10-01 19:07:16 +00:00
parent 8dfb8af45e
commit fea1ab7c39
17 changed files with 19 additions and 19 deletions
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -286,7 +286,7 @@ and <literal>vuln</literal>.  Category names are not case sensitive.  The follow
        <varlistentry>
        <term>Intrusiveness</term>
-        <listitem><para>Some scripts are very intrusive because they use significant resources on the remote system, are likely to crash the system or service, or are likely to be perceived as an attack by the remote administrators.  The more intrusive a script is, the less suitable it is for the <literal>default</literal> category.</para></listitem>
+        <listitem><para>Some scripts are very intrusive because they use significant resources on the remote system, are likely to crash the system or service, or are likely to be perceived as an attack by the remote administrators.  The more intrusive a script is, the less suitable it is for the <literal>default</literal> category.  Default scripts are almost always in the <literal>safe</literal> category too, though we occasionally allow <literal>intrusive</literal> scripts by default when they are only mildly intrusive and score well in the other factors.</para></listitem>
        </varlistentry>
        <varlistentry>
@@ -354,7 +354,7 @@ and <literal>vuln</literal>.  Category names are not case sensitive.  The follow
            device's SNMP community string by sending common values
            such
            as <literal>public</literal>, <literal>private</literal>,
-            and <literal>cisco</literal>).</para>
+            and <literal>cisco</literal>).  Unless a script is in the special <literal>version</literal> category, it should be categorized as either <literal>safe</literal> or <literal>intrusive</literal>.</para>
          </listitem>
        </varlistentry>
@@ -387,7 +387,7 @@ and <literal>vuln</literal>.  Category names are not case sensitive.  The follow
              network discovery. Examples are
              <literal>ssh-hostkey</literal> (retrieves an SSH host key) and
              <literal>html-title</literal> (grabs the title from a
-              web page).</para>
+              web page).  Scripts in the <literal>version</literal> category are not categorized by safety, but any other scripts which aren't in <literal>safe</literal> should be placed in <literal>intrusive</literal>.</para>
          </listitem>
        </varlistentry>
--- a/scripts/asn-query.nse
+++ b/scripts/asn-query.nse
@@ -36,7 +36,7 @@ server (your default DNS server, or whichever one you specified with the
 author = "jah, Michael"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery", "external"}
+categories = {"discovery", "external", "safe"}
 runlevel = 1
--- a/scripts/auth-spoof.nse
+++ b/scripts/auth-spoof.nse
@@ -11,7 +11,7 @@ author = "Diman Todorov <diman.todorov@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"malware"}
+categories = {"malware", "safe"}
 require "comm"
 require "shortport"
--- a/scripts/daytime.nse
+++ b/scripts/daytime.nse
@@ -6,7 +6,7 @@ author = "Diman Todorov <diman.todorov@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "safe"}
 require "comm"
 require "shortport"
--- a/scripts/dhcp-discover.nse
+++ b/scripts/dhcp-discover.nse
@@ -64,7 +64,7 @@ author = "Ron Bowes <ron@skullsecurity.net>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "intrusive"}
 require 'bin'
 require 'bit'
--- a/scripts/finger.nse
+++ b/scripts/finger.nse
@@ -6,7 +6,7 @@ author = "Eddie Bell <ejlbell@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "safe"}
 require "comm"
 require "shortport"
--- a/scripts/http-favicon.nse
+++ b/scripts/http-favicon.nse
@@ -20,7 +20,7 @@ author = "Vlatko Kosturjak <kost@linux.hr>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "safe"}
 require "shortport"
 require "http"
--- a/scripts/http-headers.nse
+++ b/scripts/http-headers.nse
@@ -22,7 +22,7 @@ author = "Ron Bowes <ron@skullsecurity.org>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "safe"}
 require "shortport"
 require "http"
--- a/scripts/http-malware-host.nse
+++ b/scripts/http-malware-host.nse
@@ -24,7 +24,7 @@ author = "Ron Bowes <ron@skullsecurity.net>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"malware"}
+categories = {"malware", "safe"}
 require 'stdnse'
 require 'http'
--- a/scripts/http-trace.nse
+++ b/scripts/http-trace.nse
@@ -19,7 +19,7 @@ author = "Kris Katterjohn <katterjohn@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "safe"}
 require "comm"
 require "shortport"
--- a/scripts/http-userdir-enum.nse
+++ b/scripts/http-userdir-enum.nse
@@ -1,6 +1,6 @@
 author = "jah <jah@zadkiel.plus.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "intrusive"}
 description = [[
 Attempts to enumerate valid usernames on webservers running with the mod_userdir
 module or similar enabled.
--- a/scripts/imap-capabilities.nse
+++ b/scripts/imap-capabilities.nse
@@ -15,7 +15,7 @@ any site-specific policy.
 author = "Brandon Enright <bmenrigh@ucsd.edu>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default"}
+categories = {"default", "safe"}
 require 'imap'
 require 'shortport'
--- a/scripts/irc-info.nse
+++ b/scripts/irc-info.nse
@@ -18,7 +18,7 @@ author = "Doug Hoyte"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "discovery"}
+categories = {"default", "discovery", "safe"}
 require("stdnse")
 require "shortport"
--- a/scripts/pop3-capabilities.nse
+++ b/scripts/pop3-capabilities.nse
@@ -15,7 +15,7 @@ server version may be available.
 author = "Philip Pickering <pgpickering@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default","discovery"}
+categories = {"default","discovery","safe"}
 require 'pop3'
 require 'shortport'
--- a/scripts/realvnc-auth-bypass.nse
+++ b/scripts/realvnc-auth-bypass.nse
@@ -5,7 +5,7 @@ Checks if a VNC server is vulnerable to the RealVNC authentication bypass
 author = "Brandon Enright <bmenrigh@ucsd.edu>" 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"default", "vuln"}
+categories = {"default", "vuln", "safe"}
 require "shortport"
--- a/scripts/smtp-strangeport.nse
+++ b/scripts/smtp-strangeport.nse
@@ -14,7 +14,7 @@ author = "Diman Todorov <diman.todorov@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"malware"}
+categories = {"malware", "safe"}
 portrule = function(host, port) 
 	return port.service == "smtp" and
--- a/scripts/sniffer-detect.nse
+++ b/scripts/sniffer-detect.nse
@@ -13,7 +13,7 @@ http://www.securityfriday.com/promiscuous_detection_01.pdf.
 author = "Marek Majkowski <majek04+nse@gmail.com>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"discovery"}
+categories = {"discovery", "intrusive"}
 -- okay, we're interested only in hosts that are on our ethernet lan
 hostrule = function(host, port)