Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap

The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.

The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.

The new project, called Scanning Made Easy, will push out a collection of NMAP Scripting Engine scripts as part of an initiative to help system owners and administrators find systems with specific vulnerabilities.

“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said in a note explaining the motivation for the project.

To make matters worse, even when there is a scanning script available, the agency said it can be difficult to know if it is safe to run or will even return valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them,” the NCSC said.

[ READ: Inside The UK’s Active Cyber Defense Program ]

To fill this gap, the agency is teaming up with its i100 private sector partners to provide reliable, well-tested scripts that are easy to deploy and provide better attack surface visibility for known vulnerabilities.

The agency said the scripts will be written using the NMAP Scripting Engine (NSE) and will be created for critical documented vulnerabilities that are difficult to find on internal corporate networks. 

“While there won’t be a script for every single vulnerability, our plan is that scripts will be developed, and continuously reviewed, for critical vulnerabilities and for vulnerabilities that are consistently causing headaches for system administrators,” the agency said.

It said the scripts will be written and tested by private sector partners and will conform to the NCSC Scanning Made Easy script developer guidelines that mandate how the scripts should be developed and tested.

The first available SME script was released to help defenders find the presence of known remote code execution vulnerabilities in the Exim message transfer agent (MTA).  The NMAP script for the Exim vulnerabilities, publicly known as 21Nails, is available on GitHub.

[ READ: CISA Adds Zoho, Qualcomm, Mikrotik Flaws to ‘Must-Patch’ List ]

The NCSC said the script contains information regarding how it checks for the presence of the vulnerability, why the check is not intrusive, why there may be False Positives and why there may also be False Negatives.

“Even if you don’t think you have an Exim MTA, it’s worth running the scan anyway, you might be surprised by what you find installed on your network,” the agency said, noting that the Exim script will output simple-to-read results including a description of the vulnerability and a link to the vendor security advisory. 

“Running this script often and following the linked vendor advice will help to keep your network secure,” the NCSC said, urging defenders to develop and consider sharing their own NMAP scripts with the community.

Related: Five Eyes Nations Issue Joint Guidance on Log4j Flaws

Related: CISA Adds Zoho, Qualcomm, Mikrotik Flaws to ‘Must-Patch’ List

Related: Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.