UK NCSC Rolls Out SME NMAP Scripts To Detect Vulnerabilities

The UK NCSC has recently announced the launch of  a dedicated NMAP script collection “Scanning Made Easy” (SME). The organization aims at enhancing vulnerability detection by releasing specified scripts for all.

About SME NMAP Scripts

As elaborated in a detailed blog post, NCSC launched SME as a collection of Nmap Scripting Engine scripts to find bugs.

NMAP has been an effective and frequently used tool for network mapping. Therefore, NCSC believes that using NMAP scripts can be easy and reliable for system administrators and owners.

Specifically, the organization stated that the abundance and easy availability of exploit codes made them take this step.

When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network. To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results.

With SME, the users can scan their networks for finding potential vulnerabilities via dedicated scripts. For this, NCSC partnered with i100 to develop such scripts.

Although, SME currently lacks scripts for numerous vulnerabilities. Nonetheless, NCSC is positive to improve the tool in the future.

While there won’t be a script for every single vulnerability, our plan is that scripts will be developed, and continuously reviewed, for critical vulnerabilities and for vulnerabilities that are consistently causing headaches for system administrators.

Sharing the tool on GitHub, the UK NCSC also stated the specific guidelines for selecting scripts for the purpose.

Although, they already vet scripts before including them in SME. Yet, they also ask the users to thoroughly test scripts and keep the artifacts for NCSC’s review (if needed).

The organization also allows the script authors to mention their scripts’ inclusion with SME.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil