CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap

The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.

The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.

The new project, called Scanning Made Easy, will push out a collection of NMAP Scripting Engine scripts as part of an initiative to help system owners and administrators find systems with specific vulnerabilities.

“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said in a note explaining the motivation for the project.

To make matters worse, even when there is a scanning script available, the agency said it can be difficult to know if it is safe to run or will even return valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them,” the NCSC said.

[ READ: Inside The UK’s Active Cyber Defense Program ]

To fill this gap, the agency is teaming up with its i100 private sector partners to provide reliable, well-tested scripts that are easy to deploy and provide better attack surface visibility for known vulnerabilities.

The agency said the scripts will be written using the NMAP Scripting Engine (NSE) and will be created for critical documented vulnerabilities that are difficult to find on internal corporate networks. 

“While there won’t be a script for every single vulnerability, our plan is that scripts will be developed, and continuously reviewed, for critical vulnerabilities and for vulnerabilities that are consistently causing headaches for system administrators,” the agency said.

Advertisement. Scroll to continue reading.

It said the scripts will be written and tested by private sector partners and will conform to the NCSC Scanning Made Easy script developer guidelines that mandate how the scripts should be developed and tested.

The first available SME script was released to help defenders find the presence of known remote code execution vulnerabilities in the Exim message transfer agent (MTA).  The NMAP script for the Exim vulnerabilities, publicly known as 21Nails, is available on GitHub.

[ READ: CISA Adds Zoho, Qualcomm, Mikrotik Flaws to ‘Must-Patch’ List ]

The NCSC said the script contains information regarding how it checks for the presence of the vulnerability, why the check is not intrusive, why there may be False Positives and why there may also be False Negatives.

“Even if you don’t think you have an Exim MTA, it’s worth running the scan anyway, you might be surprised by what you find installed on your network,” the agency said, noting that the Exim script will output simple-to-read results including a description of the vulnerability and a link to the vendor security advisory. 

“Running this script often and following the linked vendor advice will help to keep your network secure,” the NCSC said, urging defenders to develop and consider sharing their own NMAP scripts with the community.

Related: Five Eyes Nations Issue Joint Guidance on Log4j Flaws

Related: CISA Adds Zoho, Qualcomm, Mikrotik Flaws to ‘Must-Patch’ List

Related: Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.