Date:
8 March 2022
Author:
Phillipa Martin

Scanning Made Easy 

The Scanning Made Easy (SME) project will release an open source collection of NMAP Scripting Engine scripts that can be used by anyone to find specific vulnerabilities. This provides a great opportunity for governments and corporations around the world to use these security scripts and potentially contribute back. 

NMAP (network mapper) is an open source security tool used by network administrators to scan ports and identify security risks. It’s an extremely popular security tool. For more information (including a fun clip about NMAP’s use in The Matrix), see this Network World article on NMAP

Scanning Made Easy’s first script

The first script released checks for remote code execution vulnerabilities in Exim message transfer agent (MTA). You can download the script on GitHub

About Scanning Made Easy

Scanning Made Easy was introduced to help people protect their systems. An NCSC blog introducing Scanning Made Easy discusses the frustration of trying to find tools to defend against known network vulnerabilities. It was this frustration that led to the development of Scanning Made Easy. 

Building a community

The goal is to build a Scanning Made Easy community, and to build a collection of scripts that cover many different vulnerabilities. People interested in contributing scripts should follow the NCSC Scanning Made Easy Script Developer Guidelines and then submit their scripts. 

Anyone can submit scripts. The script should relate to vulnerabilities that affect the UK, however given the global nature of cyber threats, the scripts will probably be just as relevant to Australia (and the rest of the world) as the UK. This provides plenty of opportunity for Australian government agencies (and businesses) to use the scripts and also write scripts to contribute back to the project. 

Building this community of contributors is an essential part of any new (or existing!) open source project. See our blog on How to drive community engagement for large, open source digital platforms for more information. 

About NCSC and i100

The NCSC is the UK’s national cybersecurity agency. Its i100 program brings together 100 cyber security professionals and fosters collaboration. These professionals come into the NCSC as secondees, for short-term projects (usually on a part-time basis). 

Salsa Digital’s take

Cyber security has always been an essential aspect of digital government services. However the current digital environment is putting an ever-increasing focus and pressure on cyber security. At Salsa, we closely follow cyber security protocols and keep on top of cyber security issues. We’ve been involved in certifying platforms (for example, see our blog on getting IRAP certification for GovCMS), and have more recently hired a dedicated Chief Information Security Officer. 

Security needs to be front-of-mind when building or maintaining any system. Open source security tools like NMAP and Scanning Made Easy help make that task a little easier. We’re hoping the project grows, and perhaps Salsa and our clients can contribute to this new open source community in the future!