Scanning OpenSSL HeartBleed Vuln with Nmap


There is serious vulnerability OpenSSL cryptographic software library which allows stealing the protected  information ..
This bug allows anyone on the Internet to read the memory of the system which runs the vulnerable OpenSSL version. So the attackers easily eavesdrop the secret keys, usernames,passwords which resides in the memory…

You may have thousands of machines run on your network and you cannot check whether they are vuln or not one by one. So you can use nmap to scan all servers to see which one is vuln or not with a single command. Do NOT scan third parties…

Now. First we should download the latest version of nmap.
Don’t install the nmap package from your linux repositories. It may be lack of modules or scripts which we need later. (ssl-heartbleed.nse and modules it is depended) So, I prefer compiling from source..

Test system is Ubuntu 12.04.3

Go to home
cd /home
pull the latest source from Nmap SVN Repository
svn co
Once finished a folder named nmap will be created.
cd nmap
Now we will compile the source. ( you may need gcc, g++, make, autoconf etc.. be prepared in advance )
Run the commands below

Configure the build system
Successful configuration should be like below. You must see the dragon :)

Build Nmap
Install Nmap
make install

nmap should be installed here > /usr/local/bin/nmap

lets define an alias for it.
alias nmap=/usr/local/bin/nmap

Now we are ready to go.Run the following command.. change xxx to IP address/domain of the target server

nmap -sV -p 443 --script=ssl-heartbleed.nse

If it is vulnerable output should be like this

Starting Nmap 6.45 ( ) at 2014-04-12 15:54 UTC
Nmap scan report for
Host is up (0.15s latency).
443/tcp open ssl OpenSSL (SSLv3)
| ssl-heartbleed:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| Risk factor: High
| Description:
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
| References:

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 8.33 seconds

More info:

1 thought on “Scanning OpenSSL HeartBleed Vuln with Nmap”

Leave a Reply