diff --git a/modules/utilities/unix/nc_message/manifests/install.pp b/modules/utilities/unix/nc_message/manifests/install.pp
index 64b0db3b3..6ab56ac8a 100644
--- a/modules/utilities/unix/nc_message/manifests/install.pp
+++ b/modules/utilities/unix/nc_message/manifests/install.pp
@@ -1,11 +1,14 @@
 class nc_message::install {
-  package { 'nmap':
-    ensure => installed
-  }
-
   $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
   $port = $secgen_parameters['port'][0]
 
+  ensure_pacakge("nmap")
+  case $operatingsystemrelease {
+    /^(10).*/: { # do buster stuff
+      ensure_pacakge("ncat")
+    }
+  }
+
   # join all the strings to leak
   # escape single quotes and semicolons, so we can use echo
   # $strings_to_leak = regsubst(join($secgen_parameters['strings_to_leak'], ","), "'|;", "\\\\\0")
diff --git a/modules/vulnerabilities/unix/misc/nc_backdoor/manifests/install.pp b/modules/vulnerabilities/unix/misc/nc_backdoor/manifests/install.pp
index a0677c21b..6b1714b97 100644
--- a/modules/vulnerabilities/unix/misc/nc_backdoor/manifests/install.pp
+++ b/modules/vulnerabilities/unix/misc/nc_backdoor/manifests/install.pp
@@ -1,14 +1,16 @@
 class nc_backdoor::install {
-  package { 'nmap':
-    ensure => installed
-  }
-
   $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
   $port = $secgen_parameters['port'][0]
 
   $strings_to_leak = $secgen_parameters['strings_to_leak']
   $leaked_filenames = $secgen_parameters['leaked_filenames']
 
+  ensure_pacakge("nmap")
+  case $operatingsystemrelease {
+    /^(10).*/: { # do buster stuff
+      ensure_pacakge("ncat")
+    }
+  }
 
   # run on each boot via cron
   cron { 'backdoor':
diff --git a/modules/vulnerabilities/unix/misc/nc_backdoor_chroot_esc/manifests/install.pp b/modules/vulnerabilities/unix/misc/nc_backdoor_chroot_esc/manifests/install.pp
index 74bf9729f..2d6a4ad45 100644
--- a/modules/vulnerabilities/unix/misc/nc_backdoor_chroot_esc/manifests/install.pp
+++ b/modules/vulnerabilities/unix/misc/nc_backdoor_chroot_esc/manifests/install.pp
@@ -1,15 +1,16 @@
 class nc_backdoor_chroot_esc::install {
-  #package { 'netcat-traditional':
-  #  ensure => installed
-  #}
-
   $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
   $port = $secgen_parameters['port'][0]
 
   $strings_to_leak = $secgen_parameters['strings_to_leak']
   $leaked_filenames = $secgen_parameters['leaked_filenames']
 
-
+  ensure_pacakge("nmap")
+  case $operatingsystemrelease {
+    /^(10).*/: { # do buster stuff
+      ensure_pacakge("ncat")
+    }
+  }
   # run on each boot via cron
   #cron { 'backdoor_chroot':
   #  command     => "sleep 90 && chroot /opt/chroot ncat -l -p $port -e /bin/bash -k &",
diff --git a/modules/vulnerabilities/unix/misc/nc_backdoor_docker_esc/manifests/install.pp b/modules/vulnerabilities/unix/misc/nc_backdoor_docker_esc/manifests/install.pp
index f42f327c0..732616006 100644
--- a/modules/vulnerabilities/unix/misc/nc_backdoor_docker_esc/manifests/install.pp
+++ b/modules/vulnerabilities/unix/misc/nc_backdoor_docker_esc/manifests/install.pp
@@ -1,14 +1,17 @@
 class nc_backdoor_docker_esc::install {
-  #package { 'netcat-traditional':
-  #  ensure => installed
-  #}
-
   $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
   $port = $secgen_parameters['port'][0]
 
   $strings_to_leak = $secgen_parameters['strings_to_leak']
   $leaked_filenames = $secgen_parameters['leaked_filenames']
 
+  ensure_pacakge("nmap")
+  case $operatingsystemrelease {
+    /^(10).*/: { # do buster stuff
+      ensure_pacakge("ncat")
+    }
+  }
+
   #docker::run { "docker$port":
   #  image   => 'debian:stretch',
   #  ports            => ["$port"],