Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
United Kingdom Security

UK Government Plans To Release Nmap Scripts for Finding Vulnerabilities (therecord.media) 18

The UK government's cyber-security agency plans to release Nmap scripts in order to help system administrators in scanning their networks for unpatched or vulnerable devices. From a report: The new project, titled Scanning Made Easy (SME), will be managed by the UK National Cyber Security Centre (NCSC) and is a joint effort with Industry 100 (i100), a collaboration between the NCSC and the UK private sector. "When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network," the NCSC said yesterday. "To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results."

The NCSC said that the SME project was created to solve this problem by having some of the UK's leading security experts, from both the government and public sector, either create or review scripts that can be used to scan internal networks. Approved scripts will be made available via the NCSC's SME GitHub project page, and the agency said it's also taking submissions from the security community as well. Only scripts for the Nmap network scanning app will be made available through this project, the NCSC said on Monday.

This discussion has been archived. No new comments can be posted.

UK Government Plans To Release Nmap Scripts for Finding Vulnerabilities

Comments Filter:
  • It takes a bit of knowledge and training to both A) figure out what to feed Nmap; and B) how to interpret the results. I'm gonna go out on a limb here and make 2 predictions:

    A) The people who know what Nmap is and run it regularly will think "duh"
    B) Everyone else will see the results and will think "um, uh, I think I'm ok. What's a port?"
    • by Anonymous Coward

      It takes a bit of knowledge and training to both A) figure out what to feed Nmap; and B) how to interpret the results. I'm gonna go out on a limb here and make 2 predictions:

      They should also provide some "training", saying anything that shows open should be blocked in the firewall unless you can write down a good reason it shouldn't be.

      I'll add a 3rd prediction.
      3a) A lot of people will not know why the ports are open, and block them.
      3b) Some people, for some ports, will find out what breaks when they are blocked and learn the reason they are open.

      What do we get?
      From A, a lot of services closed off that shouldn't have been open, perhaps maybe ones that haven't been hacked into y

      • I used to run a pen testing team against a DoD network. One of our tests was to run a screaming Nmap script to see how long it took admins to notice and respond. We had to run it at screaming, since the original guidance to crawl was almost never detected.
    • I am assuming here, but I would guess that the whole reason they are releasing "scripts" is to set all of the command line options for you after asking for some basic user input and then presenting the user with an easily understandable report / output.

    • by bws111 ( 1216812 ) on Tuesday January 25, 2022 @04:58PM (#62207013)

      So you think there are only two kinds of admins: those who are experts at nmap and those who don't know what a port is? I would think the majority of admins would fall somewhere between those two extremes, and those admins are the ones who will benefit from something like this.

      • scripts and the like are good sources for leaks to customize your own footprint os/arch scans. from there maybe trick a service into responding? ironically the the best way to find attacks like that is to trap the scan in the first place. fortunately that type of "big game hunting" is not so wide spread lately i'm willing to guess a suicide run for most.

    • by AmiMoJo ( 196126 )

      If you don't know how nmap works then why would you trust these scripts?

      I wouldn't go near anything from the UK government.

      • I really want to see these scripts, though. - if only for the laughs. I'm guessing somehow they'll figure out a way to bloat them up to several dozen kilobytes in size - and route the output to some government agency, along with a surreptitious scan of your local machine. Plus you'll have to sign some sort of disclaimer agreeing to all this and absolving the government of any blame.

        Bonus points if they turn the whole thing into a binary blob of some sort.

        • Clearly you didn't read the article, the first script they are releasing is available, and they are not even written by the UK Government but industry partners: https://github.com/nccgroup/nm... [github.com]
        • Found the repo and the first script:

          https://github.com/nccgroup/nmap-nse-vulnerability-scripts/blob/master/smtp-vuln-cve2020-28017-through-28026-21nails.nse

          I enjoy the assumption that Exim (or postfix, or sendmail, etc..) sometimes lives on tcp/586 lol

          I guess I could take the time to issue a pull request and change that to 587, or maybe just send them an RFC:

          https://www.rfc-editor.org/rfc/rfc6409.html

          They do get credit for listing at least one false positive / false negative right in the script.

          Can't wait t

          • Infact! At this rate, if they're just writing scripts to pull out the response header and regex match it, surely it would be faster to write a script that sends the service best match to the cve database and returns the listed vulns there..
    • I do find this initiative interesting, if well done. Consider small companies, government agencies, schools, ... they have admins, but admins may not be world-class security experts. Having a way to scan their networks using scripts maintained by experts can be very useful. Government-endorsed scripts can have a big impact because they are not some shady source (yeah in EU people trust their government services as serving the citizens) plus they bear some "due diligence" factor.

    • I don't know which one of those two descriptions I am, but I'm rather looking forward to this. The NCSC have (so far) produced some really good material - some really good "guides to securing your business" and whatnot, as well as a few online tools. I've used quite a bit of that stuff with my less technical clients because it tells them what they need to know without scaring them off - and if they do what it says, they'll be head-and-shoulders above "the majority", so a considerably smaller and less conven

  • Comment removed based on user account deletion
  • my guess is this will phone home.

The computer is to the information industry roughly what the central power station is to the electrical industry. -- Peter Drucker

Working...