Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: heartbleed script only seems to work on known SSL ports in 6.46 for windows

From: "Gamache, Mark" <Mark.Gamache () T-Mobile com>
Date: Wed, 23 Apr 2014 08:48:59 -0700
-sV works great, as far as I can tell.  It is just under documented, and not intuitive that when the -p port does not 
work.  I suspect that is due to my lack of expertise with nmap scripts.  I assumed that the -p was taken into account 
by the script, regardless.

I use nmap a few times a week, but am no expert.  My concern is that others with my skill level may be getting false 
negatives and not remediating.  It sounds like this may be resolve by a bit over extra output and documentation.

Mark Gamache
Directory and Security Services
425-302-8873
mark.gamache () t-mobile com<mailto:mark.gamache () t-mobile 
com?subject=Mark,%20you're%20great!%20%20Can%20you%20help%20me?>


From: patrik () labb1 com [mailto:patrik () labb1 com] On Behalf Of Patrik Karlsson
Sent: Wednesday, April 23, 2014 7:53 AM
To: Matias N. Sliafertas
Cc: Kent Fritz; dev () nmap org; Gamache, Mark; Daniel Miller
Subject: Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows

It will work fine in most cases. It looks like there may be a problem for this script and other scripts relying on SSL 
when a port responds in both http and https.

-Patrik

On Wed, Apr 23, 2014 at 8:32 AM, Matias N. Sliafertas <matiasns () gmail com<mailto:matiasns () gmail com>> wrote:
Dear all , I executed the nmap with the Heartbleed script and for me it worked fine.
I used the following command :
nmap -d --script ssl-heartbleed --script-args vuln.showall -sV -oA heartbleed-%y%m%d [IP RANGE]

On Tue, Apr 22, 2014 at 6:33 PM, Patrik Karlsson <patrik () cqure net<mailto:patrik () cqure net>> wrote:
Kent,

I think I understand what is going on and this is a bigger issue than just
this one script.
Not sure how to tackle this case where the port is both plain http and
https.
I think that ideally the port would be tagged as both http and https in
some way.
Does anyone else on the list have any ideas or suggestions?

-Patrik


On Tue, Apr 22, 2014 at 4:46 PM, Kent Fritz <kfritz () wolfman devio us<mailto:kfritz () wolfman devio us>> wrote:


On Tue, Apr 22, 2014 at 04:20:30PM -0400, Patrik Karlsson wrote:

Kent,

Out of curiosity, does the server respond with plain HTTP on that port as
well telling you that you need to connect using HTTPS?

-Patrik




Yes.  I only  have access to Nginx here, but Apache responds similarly:

$ curl -i http://puffy1:4444
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 22 Apr 2014 20:43:08 GMT
Content-Type: text/html
Content-Length: 264
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS
port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>




--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



--
-----------------------------------------------------------
Matias N. Sliafertas



--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: