Nmap Development mailing list archives

Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows

From: "Matias N. Sliafertas" <matiasns () gmail com>
Date: Wed, 23 Apr 2014 09:32:34 -0300

Dear all , I executed the nmap with the Heartbleed script and for me it
worked fine.
I used the following command :
*nmap -d --script ssl-heartbleed --script-args vuln.showall -sV -oA
heartbleed-%y%m%d [IP RANGE]*


On Tue, Apr 22, 2014 at 6:33 PM, Patrik Karlsson <patrik () cqure net> wrote:

Kent,

I think I understand what is going on and this is a bigger issue than just
this one script.
Not sure how to tackle this case where the port is both plain http and
https.
I think that ideally the port would be tagged as both http and https in
some way.
Does anyone else on the list have any ideas or suggestions?

-Patrik


On Tue, Apr 22, 2014 at 4:46 PM, Kent Fritz <kfritz () wolfman devio us>
wrote:

On Tue, Apr 22, 2014 at 04:20:30PM -0400, Patrik Karlsson wrote:

Kent,

Out of curiosity, does the server respond with plain HTTP on that port

as

well telling you that you need to connect using HTTPS?

-Patrik


Yes.  I only  have access to Nginx here, but Apache responds similarly:

$ curl -i http://puffy1:4444
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 22 Apr 2014 20:43:08 GMT
Content-Type: text/html
Content-Length: 264
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS
port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>



--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




-- 
-----------------------------------------------------------
Matias N. Sliafertas
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

heartbleed script only seems to work on known SSL ports in 6.46 for windows Gamache, Mark (Apr 21)
- Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Daniel Miller (Apr 22)
  - Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
    - Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 22)
    - Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 22)
    - Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 22)
    - Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Matias N. Sliafertas (Apr 23)
    - Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Patrik Karlsson (Apr 23)
    - Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows Kent Fritz (Apr 23)
    - RE: heartbleed script only seems to work on known SSL ports in 6.46 for windows Gamache, Mark (Apr 23)