ssl-heartbleed on non-standard ports

[Kent Fritz <kfritz () wolfman devio us>]

When looking for vulnerable services on non-standard ports, I find that -sV
doesn't identify them as ssl, so I need to run a second pass forcing 
ssl-heartbleed to run.

For example:
root@hex:~# nmap -p 4444 -sV --script ssl-heartbleed sl64-14-1

Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-11 05:35 PDT
Nmap scan report for sl64-14-1 (192.168.1.128)
Host is up (0.00019s latency).
PORT     STATE SERVICE VERSION
4444/tcp open  http    Apache httpd 2.4.6 ((Unix) OpenSSL/1.0.1f)
MAC Address: DE:AD:BE:EF:00:1D (Unknown)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.15 seconds

That's a vulnerable ssl port.  I suspect service detection is marking it as
plain HTTP because it returns 400 bad request telling you it's HTTPS.  Is
there something I'm missing?  Same behavior against Apache and Nginx. 

MANY thanks for the detection script!

Kent.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/