Nmap Development mailing list archives
Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 22 Apr 2014 06:39:20 -0500
On Mon, Apr 21, 2014 at 6:21 PM, Gamache, Mark <Mark.Gamache () t-mobile com>wrote:
Hi Devs, I just ran HB tests using 6.46 and it only seems to work for “standard SSL” ports. I use openssl s_server. For 443, 8443, and 636 the tool works great. For other ports, it repots back not vulnerable. For the other ports, nmap does a sny , sny/ack, rst and shows the open port, but does not initiate an SSL session. I have verified this via packet captures. Here is what I am using to test. openssl s_server -accept 2381 -cert chaintest.gsm1900.org.pem -key chaintest.gsm1900.org.pem -pass pass:1q2w3e running nmap –p 2381 --script ssl-heartbleed.nse IPaddress I tried this on several non-standard ports and get no luck. False negative scare me.
Mark, One feature of the Nmap Scripting Engine (NSE) is script selection via a special function in the script called the "rule." In the case of ssl-heartbleed, the "portrule" function decides which ports to run on. In the absence of any other information, it chooses to run on ports that commonly support SSL/TLS either directly or via STARTTLS procedures. You can increase the number of ports that will successfully pass the portrule (as well as possibly rule some out) by using the service version detection scan, -sV. This will send additional probes between the port scan and the NSE scan phases to determine the service listening on the port, including whether it is a SSL tunnel. This can slow down large scans, especially if you are only interested in a single type of service, so it has several tunable parameters. I addressed this exact problem in a Security.StackExchange question last week: http://security.stackexchange.com/a/56051/9209 Finally (and not recommended!) you can force a script to run on *every* open port, regardless of port number, protocol, or service, by prepending a + to the script name: --script +ssl-heartbleed. Note that this will take even longer because of some of the socket timeouts in the script, and will send lots of unnecessary traffic. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- heartbleed script only seems to work on known SSL ports in 6.46 for windows Gamache, Mark (Apr 21)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Daniel Miller (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Matias N. Sliafertas (Apr 23)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 23)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 23)
- RE: heartbleed script only seems to work on known SSL ports in 6.46 for windows Gamache, Mark (Apr 23)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Daniel Miller (Apr 22)