I Need To Make A Change With My IT Support! Call (225) 706-8414

How to test your website for the OpenSSL Heartbleed Bug

You want to determine if your website is vulnerable to the OpenSSL Heartbleed bug.

Solution

You should use nmap for this. There is a specific plugin that will help you determine if your web server (or other devices) is vulnerable. For public IP scans of your website this is relatively easy. For internal scanning of all devices, it will require more work by you and your scanner.

I am doing this on a Windows 7 Pro 64-bit PC.

  1. Download and install nmap.
  2. Next, download the nmap OpenSSL Heartbleed script.
  3. Now run nmap!

Okay, so to run nmap we need to do the following:

  • Point nmap at our ssl-heartbleed script.
  • Specify the relevant arguments to nmap.
  • Inspect the output.

Fortunately, the output of the ssl-heartbleed script is very clear. It will either tell you “VULNERABLE” or “NOT VULNERABLE”.

Let’s do a practice run against a Cisco ASA 5505 that is not vulnerable. For this test system, the IP is cisco-asa. We’re using -sV (probe open ports), –script (use the specified script), pass an argument to the script, and then list the target system. Here, I list only the target ASA.

c:> nmap -sV –script C:/temp/ssl-heartbleed.nse –script-args vulns.showall cisco-asa/32

Starting Nmap 6.46 ( http://nmap.org ) at 2014-04-21 13:37 Central Daylight Time
Nmap scan report for ciscoasa-corp.example.local (cisco-asa)
Host is up (0.0023s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)
443/tcp open ssl/http Cisco Adaptive Security Appliance http config
| ssl-heartbleed:
| NOT VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: NOT VULNERABLE
| References:
| http://www.openssl.org/news/secadv_20140407.txt
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_ http://cvedetails.com/cve/2014-0160/
MAC Address: 00:24:14:A1:86:3C (Cisco Systems)
Service Info: OS: IOS; Device: firewall; CPE: cpe:/o:cisco:ios, cpe:/h:cisco:asa

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.14 seconds

Well that’s good news!

Now let’s try our web server. If we only wanted to do port 443 (HTTPS), we could use -p 443. However, there is a risk in doing this since you may miss vulnerabilities in your IMAP or other services! The only benefit is that it’s much faster.

c:> nmap -sV -p 443 –script C:/temp/ssl-heartbleed.nse –script-args vulns.showall www.example.com/32

Starting Nmap 6.46 ( http://nmap.org ) at 2014-04-21 13:41 Central Daylight Time
Nmap scan report for www.example.com (a.b.c.d)
Host is up (0.012s latency).
rDNS record for a.b.c.d: host-by.yahoohost.biz
PORT STATE SERVICE VERSION
443/tcp open http Apache httpd 2.2.22
| ssl-heartbleed:
| NOT VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: NOT VULNERABLE
| References:
| http://cvedetails.com/cve/2014-0160/
| http://www.openssl.org/news/secadv_20140407.txt
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.30 seconds

As a good medium between -sV and -p, use -F instead. It will do a “fast scan” but hit the most popular ports in use.

c:> nmap -F –script C:/temp/ssl-heartbleed.nse –script-args vulns.showall www.example.com/32

CREDITS: I got help on this via this article.

Concerned About Cyber Attacks?

CLICK HERE >

Want to Migrate to the Cloud?

CLICK HERE >
Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!