UK government plans to release Nmap scripts for finding vulnerabilities
The UK government’s cyber-security agency plans to release Nmap scripts in order to help system administrators in scanning their networks for unpatched or vulnerable devices.
The new project, titled Scanning Made Easy (SME), will be managed by the UK National Cyber Security Centre (NCSC) and is a joint effort with Industry 100 (i100), a collaboration between the NCSC and the UK private sector.
“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said yesterday.
“To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results.”
The NCSC said that the SME project was created to solve this problem by having some of the UK’s leading security experts, from both the government and public sector, either create or review scripts that can be used to scan internal networks.
Approved scripts will be made available via the NCSC’s SME GitHub project page, and the agency said it’s also taking submissions from the security community as well.
Only scripts for the Nmap network scanning app will be made available through this project, the NCSC said on Monday.
The NCSC pointed to a Nmap script released by the NCC Group for the 21Nails vulnerability as an example and model of how submissions should look, with a primer on well-documented code behavior, low false-positive detections, and clearly formatted results.
Full criteria for submitted scripts are below:
- Written for NMAP using the Nmap Script Engine (.nse).
- Relate to one of the high priority vulnerabilities impacting the UK;
- Conform to the metadata template (see annex);
- Run in isolation (i.e. no dependencies and does not connect to other servers);
- Be as close to 100% reliable in detection of vulnerable instances as is practicable (i.e. low false-positive rate);
- Be as unintrusive (i.e. not transmit excessive network traffic) and safe as possible in the detection mechanism;
- Be hosted on a publicly available repository or website;
- Be made freely available under a permissive open source licence;
- Not to capture sensitive data (e.g., exposure of cyber security risk or personal);
- Not to send data off the system upon which the script is run; and
- Ability to write the output from the script to a file.