UK Govt Releasing Nmap Scripts to Find Unpatched Vulnerabilities

The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads UK’s cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.

This is a joint effort between the NCSC and i100 (Industry 100), an initiative that brings together industry and government experts to find solutions to cybersecurity threats.

Also Read: How To Comply With PDPA: A Checklist For Businesses

The scripts, authored by i100 partners or security experts who want to share their scripts with the community, will be published on GitHub through a new project named Scanning Made Easy (SME).

“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said today.

“To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them.”

Before adding new scripts to the SME collection, the NCSC will check if the following requirements are met:

1. written for NMAP using the NMAP Script Engine (.nse).
2. relate to one of the high priority vulnerabilities impacting the UK;
3. conform to the metadata template;
4. run in isolation, i.e. no dependencies and does not connect to other servers;
5. be as close to 100% reliable in detection of vulnerable instances as is practicable, i.e. low false-positive rate;
6. be as unintrusive (i.e. not transmit excessive network traffic) and safe as possible in the detection mechanism;
7. be hosted on a publicly available repository or website;
8. be made freely available under a permissive open source license;
9. not to capture sensitive data, e.g., exposure of cyber security risk or personal;
10. not to send data off the system upon which the script is run; and
11. ability to write the output from the script to a file.

First SME script already released

The NCSC has already released the first SME script in collaboration with NCC Group (an i100 partner) to help admins scan for servers vulnerable to attacks using 21Nails exploits that target Exim remote code execution vulnerabilities.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

The UK government agency plans to only release new Nmap scripts for critical security vulnerabilities believed to be on top of threat actors’ target lists.

NCSC’s new SME project aims to make detecting vulnerable systems easier with the help of reliable and simple-to-use tools.

“We want SME to be as straightforward as possible to use, and also needs to be reliable. Providing a false sense of security, or false positives, doesn’t help make your systems safer, as you won’t be fixing the real security issues,” the NCSC added.

“This is why SME scripts are written using the NMAP Scripting Engine (NSE). NMAP is an industry-standard network mapping tool that has been in active development for over 20 years.”