How to Scan for Heartbleed bug using Nmap on Kali Linux

  • 148
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    148
    Shares

In this tutorial we will be scanning a target for the well known Heartbleed SSL Bug using the popular Nmap tool on Kali Linux. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library and was introduced on 31 December on 2011 and released in March 2012. This weakness allows the attacker to steal information protected by the SSL/TLS encryption which is very commonly used to secure internet connections. The official name for Heartbleed is CVE-2014-0160. A fix has been released and deployed by many OS and application vendors but when a vulnerable version of OpenSSL is used or when applications haven’t been patched by the user or vendor, the vulnerability can still be exploited. With Nmap’s SSL-Heartbleed script it takes us just a couple seconds to check for this vulnerability and should be part of any penetration test.

 

Scanning for Heartbleed with Nmap

Use the following command to scan a target for the Heartbleed SSL bug:

nmap -d –script ssl-heartbleed –script-args vulns.showall -sV [host]

When using the –script-args vulns.showall flag, Nmap will show you also when the target is not vulnerable.

heartbleed-ssl-bug-nmap

As you can see on the screenshot the target host we have scanned is not vulnerable to Heartbleed. The scanning took only a few seconds and since a lot of applications have been vulnerable to Heartbleed we suggest you to run this script when performing a penetration test or security scan.

Nmap Heartbleed Scanning Video Tutorial

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply