Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap

The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.

The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.

The new project, called Scanning Made Easy, will push out a collection of NMAP Scripting Engine scripts as part of an initiative to help system owners and administrators find systems with specific vulnerabilities.

“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said in a note explaining the motivation for the project.

To make matters worse, even when there is a scanning script available, the agency said it can be difficult to know if it is safe to run or will even return valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them,” the NCSC said.

[ READ: Inside The UK’s Active Cyber Defense Program ]

To fill this gap, the agency is teaming up with its i100 private sector partners to provide reliable, well-tested scripts that are easy to deploy and provide better attack surface visibility for known vulnerabilities.

The agency said the scripts will be written using the NMAP Scripting Engine (NSE) and will be created for critical documented vulnerabilities that are difficult to find on internal corporate networks. 

“While there won’t be a script for every single vulnerability, our plan is that scripts will be developed, and continuously reviewed, for critical vulnerabilities and for vulnerabilities that are consistently causing headaches for system administrators,” the agency said.

Advertisement. Scroll to continue reading.

It said the scripts will be written and tested by private sector partners and will conform to the NCSC Scanning Made Easy script developer guidelines that mandate how the scripts should be developed and tested.

The first available SME script was released to help defenders find the presence of known remote code execution vulnerabilities in the Exim message transfer agent (MTA).  The NMAP script for the Exim vulnerabilities, publicly known as 21Nails, is available on GitHub.

[ READ: CISA Adds Zoho, Qualcomm, Mikrotik Flaws to ‘Must-Patch’ List ]

The NCSC said the script contains information regarding how it checks for the presence of the vulnerability, why the check is not intrusive, why there may be False Positives and why there may also be False Negatives.

“Even if you don’t think you have an Exim MTA, it’s worth running the scan anyway, you might be surprised by what you find installed on your network,” the agency said, noting that the Exim script will output simple-to-read results including a description of the vulnerability and a link to the vendor security advisory. 

“Running this script often and following the linked vendor advice will help to keep your network secure,” the NCSC said, urging defenders to develop and consider sharing their own NMAP scripts with the community.

Related: Five Eyes Nations Issue Joint Guidance on Log4j Flaws

Related: CISA Adds Zoho, Qualcomm, Mikrotik Flaws to ‘Must-Patch’ List

Related: Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...