Scan for heartbleed with nmap 6.45

By | 2014/04/14

nmap 6.45 includes a script for heartbleed detection. Here is how it works!


Specify the script ssl-heartbleed as follows:

$ sudo nmap example.com --script=ssl-heartbleed


For a vulnerable host, the output will appear like so:

$ sudo nmap 10.0.20.159 --script=ssl-heartbleed

Starting Nmap 6.45 ( http://nmap.org ) at 2014-04-14 14:09 EDT
Nmap scan report for example.com (10.0.20.159)
Host is up (0.0012s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https
| ssl-heartbleed: 
|   VULNERABLE:
|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|           
|     References:
|       http://cvedetails.com/cve/2014-0160/
|       http://www.openssl.org/news/secadv_20140407.txt 
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
MAC Address: 08:00:27:B9:AD:64 (Cadmus Computer Systems)

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds