UPDATE: Insecure has released v6.46 which contains all of these patches. Just grab the latest and follow the usage info here
NOTE: I first put this together 3 days ago, but I am just now releasing after being asked by many people for the package and directions.
The problem: How do you scan a bit more than 5 class B’s (~328000 IP addresses) before any off the vendors (Tenable, Qualys, Rapid7) have released signatures? Easy – you build your own!
The goal was to scan as many IPs as possible at work as quickly as possible.
After using the Heartbleed github project (https://github.com/FiloSottile/Heartbleed) and creating a Dancer web service around it, I realized that there still needed to be a faster way to scan for this. How much faster?
How about a /24 (254 IP addresses) in less than 10 seconds.
I have a patched version of NMAP already (6.40) that has Heartbleed checks.
Again, Insecure has released v.6.46 which has these patches. Grab that and follow these directions
Then, you can scan like this:
If you want cleaner results, for a script, a good way to filter the output will be with something like this:
This produced a clean 2 line result, where if it’s vulnerable, it will have “ssl-heartbleed” under each host/IP address entry.
How to build your own patched NMAP binary?
But what if you don’t trust my binary? Good – let me show you how to build one yourself: