No doubt you guy’s haven’t heard about Heartbleed yet, the critical vulnerability in OpenSSL. I am not going to go into the specifics of the vulnerability but if you so wish, read the following:
– http://heartbleed.com/
However, I am going to talk about a neat little addition to NMAP that has surfaced today. NSE or Nmap Scripting Engine allows the use of pre-compiled scripts and utilises the NMAP scanner to carry out pretty much anything you can imagine from advanced reconnaissance techniques all the way through to vulnerability assessment and exploitation.
Now included in the NSE library is a script named ssl-heartbleed which can be used to identify whether a target host is vulnerable to CVE-2014-0160.
It seems the updated NSE scripts aren’t included with the latest packages on the NMAP site (or at least with the Windows installer), I had to manually download the NSE script from the NMAP SVN.
Heres how to get the script:
1. Download: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
2. Move the downloaded .nse to the scripts folder in the NMAP install directory.
After downloading the script, it’s as simple as issuing the following in the terminal:
> nmap -p 443 —script *path to script* *target IP / hostname*
If the target host is vulnerable, NMAP will show the vulnerability details, if not, NMAP will simply show that 443 is open and no other significant information will be shown.
This was just a quick & dirty way of getting the heartbleed script up and running when I needed it, I’m sure there are cleaner ways of installing, but this works nonetheless.
J