- Nmap. The script requires version 6.25 or newer. The latest version, 6.47, already includes the next 3 dependencies, so you can skip directly to the Scanning section below.
- An easy way to get the latest Nmap release is to use Kali Linux.
- Binary installers are available for Windows.
- RPM installer available for Linux, or install from source.
- .dmg installer available for Mac OS X.
- tls.lua. The script requires this Lua library for TLS handshaking.
- ssl-heartbleed.nse. This is the script itself.
- stdnse.lua. The ssl-heartbleed script above is the development version, so it depends on some functions that are not present in released versions of Nmap.
If you have Nmap version 6.46 or 6.47, you can skip this section, since you already have the ssl-heartbleed
script and the tls.lua
library.
Locate your Nmap files directory. On Linux, this is usually /usr/share/nmap/
or /usr/local/share/nmap/
.
On Windows, it's either C:\Program Files\Nmap\
or C:\Program Files (x86)\Nmap\
Download the tls.lua and stdnse.lua libraries and put them in the nselib
directory.
Download the ssl-heartbleed.nse script and put it in the scripts
directory
Optionally, run nmap --script-updatedb
to allow the script to run according to category (not necessary for this example).
Finally, run Nmap. Here are some recommended options to use:
nmap -d --script ssl-heartbleed --script-args vulns.showall -sV X.X.X.X/24
Options summary:
-d
turns on debugging output, helpful for seeing problems with the script.--script ssl-heartbleed
selects the ssl-heartbleed script to run on appropriate ports.--script-args vulns.showall
tells the script to output "NOT VULNERABLE" when it does not detect the vulnerability.-sV
requests a service version detection scan, which will allow the script to run against unusual ports that support SSL.
Other helpful options:
--script-trace
shows a packet dump of all script-related traffic, which may show memory dumps from the Heartbleed bug.-p 443
limits the script to port 443, but use caution! Even services like SMTP, FTP, and IMAP can be vulnerable.-oA heartbleed-%y%m%d
saves Nmap's output in 3 formats asheartbleed-20140410.nmap
,heartbleed-20140410.xml
, andheartbleed-20140410.gnmap
.
Before reporting a bug, please be sure that you
- have the latest version of Nmap, OR
- have the most recent version of the script and the tls.lua library (links on this page are always the most recent), and
- have installed the script and the library according to this guide.
If you find a false-negative or false-positive bug with the script, please notify the developers mailing list or #nmap on Freenode IRC. Output with -d
and --script-trace
is especially appreciated.
https://ma.ttias.be/scan-your-network-for-heartbleed-vulnerabilities-with-nmap/