It didn’t take long for most tools to pick-up the possibility to detect the Heartbleed OpenSSL bug. For nmap the needed elements are in the VCS.
cd /usr/share/nmap/nselib/ sudo wget https://svn.nmap.org/nmap/nselib/tls.lua cd /usr/share/nmap/scripts/ sudo wget https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse sudo nmap --script-updatedb
Run nmap with the script
$ nmap --script ssl-heartbleed [server]
And you will get some output
[snip] 443/tcp open https | ssl-heartbleed: | VULNERABLE: | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption. | State: VULNERABLE | Risk factor: High | Description: | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves. | | References: | http://cvedetails.com/cve/2014-0160/ | http://www.openssl.org/news/secadv_20140407.txt |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
