UK Government Plans To Release Nmap Scripts for Finding Vulnerabilities (therecord.media) 18
The UK government's cyber-security agency plans to release Nmap scripts in order to help system administrators in scanning their networks for unpatched or vulnerable devices. From a report: The new project, titled Scanning Made Easy (SME), will be managed by the UK National Cyber Security Centre (NCSC) and is a joint effort with Industry 100 (i100), a collaboration between the NCSC and the UK private sector. "When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network," the NCSC said yesterday. "To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results."
The NCSC said that the SME project was created to solve this problem by having some of the UK's leading security experts, from both the government and public sector, either create or review scripts that can be used to scan internal networks. Approved scripts will be made available via the NCSC's SME GitHub project page, and the agency said it's also taking submissions from the security community as well. Only scripts for the Nmap network scanning app will be made available through this project, the NCSC said on Monday.
The NCSC said that the SME project was created to solve this problem by having some of the UK's leading security experts, from both the government and public sector, either create or review scripts that can be used to scan internal networks. Approved scripts will be made available via the NCSC's SME GitHub project page, and the agency said it's also taking submissions from the security community as well. Only scripts for the Nmap network scanning app will be made available through this project, the NCSC said on Monday.
How will that help? Yeah, notsomuch (Score:2)
A) The people who know what Nmap is and run it regularly will think "duh"
B) Everyone else will see the results and will think "um, uh, I think I'm ok. What's a port?"
Re: (Score:1)
It takes a bit of knowledge and training to both A) figure out what to feed Nmap; and B) how to interpret the results. I'm gonna go out on a limb here and make 2 predictions:
They should also provide some "training", saying anything that shows open should be blocked in the firewall unless you can write down a good reason it shouldn't be.
I'll add a 3rd prediction.
3a) A lot of people will not know why the ports are open, and block them.
3b) Some people, for some ports, will find out what breaks when they are blocked and learn the reason they are open.
What do we get?
From A, a lot of services closed off that shouldn't have been open, perhaps maybe ones that haven't been hacked into y
Re: (Score:1)
Re: (Score:2)
I am assuming here, but I would guess that the whole reason they are releasing "scripts" is to set all of the command line options for you after asking for some basic user input and then presenting the user with an easily understandable report / output.
Re:How will that help? Yeah, notsomuch (Score:4, Insightful)
So you think there are only two kinds of admins: those who are experts at nmap and those who don't know what a port is? I would think the majority of admins would fall somewhere between those two extremes, and those admins are the ones who will benefit from something like this.
Re: (Score:1)
scripts and the like are good sources for leaks to customize your own footprint os/arch scans. from there maybe trick a service into responding? ironically the the best way to find attacks like that is to trap the scan in the first place. fortunately that type of "big game hunting" is not so wide spread lately i'm willing to guess a suicide run for most.
Re: (Score:1)
Did you just have an attack of verbal diarrhea? Was that supposed to be English?
if you are going to dispute something dispute it. being so arrogant as to assume you no longer need to avoid attacking someone personally, and you don't know me at all, to make a point makes you look childish. and can i say a bit ignorant? i'm not in your club, circle so please keep it technical in the future and about some fact...
Re: (Score:1)
and you can continue but i'm done with this too personal discussion.
Re: (Score:3)
If you don't know how nmap works then why would you trust these scripts?
I wouldn't go near anything from the UK government.
Re: (Score:3)
I really want to see these scripts, though. - if only for the laughs. I'm guessing somehow they'll figure out a way to bloat them up to several dozen kilobytes in size - and route the output to some government agency, along with a surreptitious scan of your local machine. Plus you'll have to sign some sort of disclaimer agreeing to all this and absolving the government of any blame.
Bonus points if they turn the whole thing into a binary blob of some sort.
Re: (Score:1)
Re: How will that help? Yeah, notsomuch (Score:3)
Found the repo and the first script:
https://github.com/nccgroup/nmap-nse-vulnerability-scripts/blob/master/smtp-vuln-cve2020-28017-through-28026-21nails.nse
I enjoy the assumption that Exim (or postfix, or sendmail, etc..) sometimes lives on tcp/586 lol
I guess I could take the time to issue a pull request and change that to 587, or maybe just send them an RFC:
https://www.rfc-editor.org/rfc/rfc6409.html
They do get credit for listing at least one false positive / false negative right in the script.
Can't wait t
Re: How will that help? Yeah, notsomuch (Score:1)
Re: (Score:2)
I do find this initiative interesting, if well done. Consider small companies, government agencies, schools, ... they have admins, but admins may not be world-class security experts. Having a way to scan their networks using scripts maintained by experts can be very useful. Government-endorsed scripts can have a big impact because they are not some shady source (yeah in EU people trust their government services as serving the citizens) plus they bear some "due diligence" factor.
Re: (Score:2)
I don't know which one of those two descriptions I am, but I'm rather looking forward to this. The NCSC have (so far) produced some really good material - some really good "guides to securing your business" and whatnot, as well as a few online tools. I've used quite a bit of that stuff with my less technical clients because it tells them what they need to know without scaring them off - and if they do what it says, they'll be head-and-shoulders above "the majority", so a considerably smaller and less conven
Re: (Score:2)
yes i have not read the article but. (Score:1)
my guess is this will phone home.