- Nmap. The script requires version 6.25 or newer. The latest version, 6.46, already includes the next 2 dependencies, so you can skip directly to the Scanning section below.
- An easy way to get the latest Nmap release is to use Kali Linux.
- Binary installers are available for Windows.
- RPM installer available for Linux, or install from source.
- .dmg installer available for Mac OS X.
- tls.lua. The script requires this Lua library for TLS handshaking.
- ssl-heartbleed.nse. This is the script itself.
If you have Nmap version 6.46, you can skip this section, since you already have the ssl-heartbleed
script and the tls.lua
library.
Locate your Nmap files directory. On Linux, this is usually /usr/share/nmap/
or /usr/local/share/nmap/
.
On Windows, it's either C:\Program Files\Nmap\
or C:\Program Files (x86)\Nmap\
Download the tls.lua library and put it in the nselib
directory.
Download the ssl-heartbleed.nse script and put it in the scripts
directory
Optionally, run nmap --script-updatedb
to allow the script to run according to category (not necessary for this example).
Finally, run Nmap. Here are some recommended options to use:
nmap -d --script ssl-heartbleed --script-args vulns.showall -sV X.X.X.X/24
Options summary:
-d
turns on debugging output, helpful for seeing problems with the script.--script ssl-heartbleed
selects the ssl-heartbleed script to run on appropriate ports.--script-args vulns.showall
tells the script to output "NOT VULNERABLE" when it does not detect the vulnerability.-sV
requests a service version detection scan, which will allow the script to run against unusual ports that support SSL.
Other helpful options:
--script-trace
shows a packet dump of all script-related traffic, which may show memory dumps from the Heartbleed bug.-p 443
limits the script to port 443, but use caution! Even services like SMTP, FTP, and IMAP can be vulnerable.-oA heartbleed-%y%m%d
saves Nmap's output in 3 formats asheartbleed-20140410.nmap
,heartbleed-20140410.xml
, andheartbleed-20140410.gnmap
.
Before reporting a bug, please be sure that you
- have the latest version of Nmap,
- have the most recent version of the script and the tls.lua library (links on this page are always the most recent), and
- have installed the script and the library according to this guide.
If you find a false-negative or false-positive bug with the script, please notify the developers mailing list or #nmap on Freenode IRC. Output with -d
and --script-trace
is especially appreciated.