easiest-way-to-check-for-heartbleed

November 13, 2018 21:22

Since the recent Heartbleed vulnerability came to light, I had not had to worry about checking my sites particularly as for a start I don't use HTTPS connection for my website (maybe I should..?) but also I use Cloudflare who had already patched all their servers and so was quite comfortable with that for any sites that did make use of SSL.

I got looking into how I could verify if a site was still susceptible and kept hearing about a Python script, however after some googling, I found that it's actually as simple as running the following command using Nmap, provided you have the latest version (6.46) this command should work for you. There are several online tools available, however I didn't like the sounds of those because if they know that my site is compromised, what could they do with that information?! Little sceptical I know...

nmap -p 443 -script ssl-heartbleed --script-args vulns.showall HOSTNAME

You should get an output which looks like the output below if the site you are testing is vulnerable, if it hasn't been fixed, then update your OpenSSL libraries ASAP to fix it.

# qasim at Qasims-MacBook-Air.local in ~ [0:13:17]
$ nmap -p 443 -script ssl-heartbleed --script-args vulns.showall HOSTNAME

Starting Nmap 6.46 ( http://nmap.org ) at 2014-07-02 00:13 BST
Nmap scan report for HOSTNAME (x.x.x.x)
Host is up (0.0059s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-heartbleed: 
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information   intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| Description:
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted   confidential information as well as the encryption keys themselves.
|           
| References:
| http://cvedetails.com/cve/2014-0160/
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_ http://www.openssl.org/news/secadv_20140407.txt 

Nmap done: 1 IP address (1 host up) scanned in 6.31 seconds