Last Updated: 2014-04-18 17:08:52 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
We have received reports by many readers about buggy tools to test for the heartbleed vulnerability. Today I want to show you how easy it is to check for this vulnerability using a reliable tool as nmap.
You just need to trigger a version scan (
-sV) along with the script (
ssl-heartbleed). The following example with show a command that will scan 192.168.0.107 for this bug:
nmap -sV 192.168.0.107 --script=ssl-heartbleed
This will be the output for a non-vulnerable website. As you can see, no warnings are shown:
If you are vulnerable, you will get the following:
For vulnerability testing, always use reliable tools which won't contain malicious code infecting your computer and won't give you false positive messages.