Security News > 2022 > January > UK govt releasing Nmap scripts to find unpatched vulnerabilities
The United Kingdom's National Cyber Security Centre, the government agency that leads UK's cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.
The scripts, authored by i100 partners or security experts who want to share their scripts with the community, will be published on GitHub through a new project named Scanning Made Easy.
"To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results. Scanning Made Easy was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them."
The NCSC has already released the first SME script in collaboration with NCC Group to help admins scan for servers vulnerable to attacks using 21Nails exploits that target Exim remote code execution vulnerabilities.
The UK government agency plans to only release new Nmap scripts for critical security vulnerabilities believed to be on top of threat actors' target lists.
"This is why SME scripts are written using the NMAP Scripting Engine. NMAP is an industry-standard network mapping tool that has been in active development for over 20 years."