SANS Internet Storm Center, InfoCON: green

Testing your website for the heartbleed vulnerability with nmap, (Fri, Apr 18th)

Fri, 2014/04/18 - 19:08
We have received reports by many readers about buggy tools to test for the heartbleed vulnerability. Today I want to show you how easy it is to check for this vulnerability using a reliable tool as nmap. You just need to trigger a version scan (-sV) along with the script (ssl-heartbleed). The following example with show a command that will scan for this bug: nmap -sV --script=ssl-heartbleed This will be the output for a non-vulnerable website. As you can see, no warnings are shown: If you are vulnerable, you will get the following: For vulnerability testing, always use reliable tools which won't contain malicious code infecting your computer and won't give you false positive messages. Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
e-mail: msantand at isc dot sans dot org (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts