Nmap Development mailing list archives
Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows
From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 23 Apr 2014 10:52:44 -0400
It will work fine in most cases. It looks like there may be a problem for this script and other scripts relying on SSL when a port responds in both http and https. -Patrik On Wed, Apr 23, 2014 at 8:32 AM, Matias N. Sliafertas <matiasns () gmail com>wrote:
Dear all , I executed the nmap with the Heartbleed script and for me it worked fine. I used the following command : *nmap -d --script ssl-heartbleed --script-args vuln.showall -sV -oA heartbleed-%y%m%d [IP RANGE]* On Tue, Apr 22, 2014 at 6:33 PM, Patrik Karlsson <patrik () cqure net> wrote:Kent, I think I understand what is going on and this is a bigger issue than just this one script. Not sure how to tackle this case where the port is both plain http and https. I think that ideally the port would be tagged as both http and https in some way. Does anyone else on the list have any ideas or suggestions? -Patrik On Tue, Apr 22, 2014 at 4:46 PM, Kent Fritz <kfritz () wolfman devio us> wrote:On Tue, Apr 22, 2014 at 04:20:30PM -0400, Patrik Karlsson wrote:Kent, Out of curiosity, does the server respond with plain HTTP on thatport aswell telling you that you need to connect using HTTPS? -PatrikYes. I only have access to Nginx here, but Apache responds similarly: $ curl -i http://puffy1:4444 HTTP/1.1 400 Bad Request Server: nginx Date: Tue, 22 Apr 2014 20:43:08 GMT Content-Type: text/html Content-Length: 264 Connection: close <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx</center> </body> </html>-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77 _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-- ----------------------------------------------------------- Matias N. Sliafertas
-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77 _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- heartbleed script only seems to work on known SSL ports in 6.46 for windows Gamache, Mark (Apr 21)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Daniel Miller (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Matias N. Sliafertas (Apr 23)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 23)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 23)
- RE: heartbleed script only seems to work on known SSL ports in 6.46 for windows Gamache, Mark (Apr 23)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Daniel Miller (Apr 22)