UK Govt. NCSC will be publishing Nmap scripts to help find vulnerabilities

A joint effort between the i100 and the NCSC, Scanning Made Easy (SME) will be a collection of NMAP Scripting Engine scripts, designed to help system owners and administrators find systems with specific vulnerabilities.

Scanning Made Easy (SME) is a joint project between the i100 and the NCSC to build a collection of NMAP Scripting Engine scripts, designed to help system owners and administrators find systems with specific vulnerabilities. When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network. To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results. NCSC says-

"Scanning Made Easy (SME) was born out of our frustration 
with this problem and our desire to help network defenders 
find vulnerable systems, so they can protect them."

Why NMAP?

NMAP is an industry standard network mapping tool that has been in active development for over 20 years. NCSC believes that providing a false sense of security, or false positives does not help anyone, as the real security issues don’t patch themselves. Hence helping SMEs with functional and open source scripts would be their way of providing a simple yet functional solution. This is why SME scripts are written using the NMAP Scripting Engine (NSE).

“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said today.

“To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them.”

Before adding new scripts to the SME collection, the NCSC will check if the following requirements are met:

1. written for NMAP using the NMAP Script Engine (.nse).

2. Relate to one of the high priority vulnerabilities impacting the UK;

3. Conform to the metadata template;

4. Run in isolation, i.e. no dependencies and does not connect to other servers;

5. Be as close to 100% reliable in detection of vulnerable instances as is practicable, i.e. low false-positive rate;

6. Be as unintrusive (i.e. not transmit excessive network traffic) and safe as possible in the detection mechanism;

7. Be hosted on a publicly available repository or website;

8. Be made freely available under a permissive open source license;

9. Not to capture sensitive data, e.g., exposure of cyber security risk or personal;

10. Not to send data off the system upon which the script is run; and

11. Ability to write the output from the script to a file.

Scripts will be released OpenSource on Github

The NCSC has already released the first SME script to help admins scan for servers vulnerable to attacks that target Exim remote code execution vulnerabilities.The UK government agency plans to only release new Nmap scripts for critical security vulnerabilities believed to be on top of threat actors’ target lists.

If you like our articles, please follow us on linkedin and subscribe to our newsletters to hear security news in priority. Share this with your connections.