- Nmap. The script requires version 6.25 or newer. The latest version, 6.47, already includes the next 3 dependencies, so you can skip directly to the Scanning section below.
- An easy way to get the latest Nmap release is to use Kali Linux.
- Binary installers are available for Windows.
- RPM installer available for Linux, or install from source.
- .dmg installer available for Mac OS X.
- tls.lua. The script requires this Lua library for TLS handshaking.
- ssl-heartbleed.nse. This is the script itself.
- stdnse.lua. The ssl-heartbleed script above is the development version, so it depends on some functions that are not present in released versions of Nmap.
If you have Nmap version 6.46 or 6.47, you can skip this section, since you already have the
ssl-heartbleed script and the
Locate your Nmap files directory. On Linux, this is usually
On Windows, it's either
C:\Program Files\Nmap\ or
C:\Program Files (x86)\Nmap\
Download the tls.lua and stdnse.lua libraries and put them in the
Download the ssl-heartbleed.nse script and put it in the
nmap --script-updatedb to allow the script to run according to category (not necessary for this example).
Finally, run Nmap. Here are some recommended options to use:
nmap -d --script ssl-heartbleed --script-args vulns.showall -sV X.X.X.X/24
-dturns on debugging output, helpful for seeing problems with the script.
--script ssl-heartbleedselects the ssl-heartbleed script to run on appropriate ports.
--script-args vulns.showalltells the script to output "NOT VULNERABLE" when it does not detect the vulnerability.
-sVrequests a service version detection scan, which will allow the script to run against unusual ports that support SSL.
Other helpful options:
--script-traceshows a packet dump of all script-related traffic, which may show memory dumps from the Heartbleed bug.
-p 443limits the script to port 443, but use caution! Even services like SMTP, FTP, and IMAP can be vulnerable.
-oA heartbleed-%y%m%dsaves Nmap's output in 3 formats as
Before reporting a bug, please be sure that you
- have the latest version of Nmap, OR
- have the most recent version of the script and the tls.lua library (links on this page are always the most recent), and
- have installed the script and the library according to this guide.
If you find a false-negative or false-positive bug with the script, please notify the developers mailing list or #nmap on Freenode IRC. Output with
--script-trace is especially appreciated.