Nmap Development mailing list archives

Re: [NSE] SSL Heartbleed

From: Jasey DePriest <jrdepriest () gmail com>
Date: Wed, 9 Apr 2014 16:52:23 -0500

If one of the devs wants the script-trace information, I'd be happy to send
it to that person, but I don't feel comfortable posting it the list forever.

-Jasey


On Wed, Apr 9, 2014 at 4:44 PM, Whyte, Jesse <Jesse.Whyte () carefirst com>wrote:

-d for extra debugging info

Jesse Whyte, CISSP GCIH
Lead CyberSecurity Specalist
CareFirst BlueCross BlueShield
10455 Mill Run Circle
Owings Mills, MD 21117
(410) 998-5091 (desk)
(443) 831-5571 (cell)
Jesse.whyte () carefirst com






On 4/9/14, 5:43 PM, "Jasey DePriest" <jrdepriest () gmail com> wrote:

I've been trying to run these scripts all day and none of them produce any
results at all on my system.

I run
$ sudo nmap --script-updatedb
$ sudo nmap -v -p 443 --script ssl-heartbleed {some IP}

But my results look like
PORT    STATE SERVICE
443/tcp open  https

With no further information. Other scripts run fine if I enable them.

If I do a script-trace it sure *looks* like it's running properly.

Any ideas?

Thanks.
Jasey


On Wed, Apr 9, 2014 at 10:53 AM, Dane Goodwin <dane () sensepost com> wrote:

Hi All

I've patched the nse that was released earlier to better handle the TLS
version supported by the server.

I've also fixed an unhandled error that was thrown in the portrule
function when the script was run against something other than SSL. It
now fails silently when you run it against port 80.

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




*******************************************************************************
Unauthorized interception of this communication could be a violation of
Federal and State Law. This communication and any files transmitted with it
are confidential and may contain protected health information. This
communication is solely for the use of the person or entity to whom it was
addressed. If you are not the intended recipient, any use, distribution,
printing or acting in reliance on the contents of this message is strictly
prohibited. If you have received this message in error, please notify the
sender and destroy any and all copies.
Thank you..

*******************************************************************************

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] SSL Heartbleed, (continued)
- - - Re: [NSE] SSL Heartbleed Alan Jones (Apr 09)
    - Re: [NSE] SSL Heartbleed Gisle Vanem (Apr 09)
    - Re: [NSE] SSL Heartbleed Daniel Miller (Apr 09)
    - Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 09)
- Re: [NSE] SSL Heartbleed Niklaus Schiess (Apr 11)
- Re: [NSE] SSL Heartbleed Dane Goodwin (Apr 09)
  - Re: [NSE] SSL Heartbleed Jasey DePriest (Apr 09)
    - Re: [NSE] SSL Heartbleed Whyte, Jesse (Apr 09)
    - Re: [NSE] SSL Heartbleed Jasey DePriest (Apr 09)
    - Re: [NSE] SSL Heartbleed John Bond (Apr 11)
    - Re: [NSE] SSL Heartbleed Jasey DePriest (Apr 09)
- [NSE] SSL Heartbleed Aaron Zauner (Apr 12)
- RE: [NSE] SSL Heartbleed Andrew Klaus (Apr 12)
  - Re: [NSE] SSL Heartbleed Patrik Karlsson (Apr 12)
- Re: Re: [NSE] SSL Heartbleed Olli Hauer (Apr 12)
  - Re: Re: [NSE] SSL Heartbleed Andrew Klaus (Apr 12)
    - RE: Re: [NSE] SSL Heartbleed HD Moore (Apr 14)
    - Re: [NSE] SSL Heartbleed Daniel Miller (Apr 14)