Guide to using Nmap to scan for the Heartbleed bug.


  1. Nmap. The script requires version 6.25 or newer.
    • An easy way to get the latest Nmap release is to use Kali Linux.
    • Binary installers are available for Windows, but are vulnerable to the HeartBleed bug.
    • RPM installer available for Linux, or install from source.
    • .dmg installer available for Mac OS X.
  2. tls.lua. The script requires this Lua library for TLS handshaking.
  3. ssl-heartbleed.nse. This is the script itself.


Locate your Nmap files directory. On Linux, this is usually


On Windows, it’s either C:\Program Files\Nmap\ or C:\Program Files (x86)\Nmap\

Download the tls.lua library and put it in the nselib directory.

Download the ssl-heartbleed.nse script and put it in the scripts directory

Optionally, run nmap --script-updatedb to allow the script to run according to category (not necessary for this example).

Finally, run Nmap. Here are some recommended options to use:

Options summary:

  • -d turns on debugging output, helpful for seeing problems with the script.
  • --script ssl-heartbleed selects the ssl-heartbleed script to run on appropriate ports.
  • --script-args vulns.showall tells the script to output “NOT VULNERABLE” when it does not detect the vulnerability.
  • -sV requests a service version detection scan, which will allow the script to run against unusual ports that support SSL.

Other helpful options:

  • --script-trace shows a packet dump of all script-related traffic, which may show memory dumps from the Heartbleed bug.
  • -p 443 limits the script to port 443, but use caution! Even services like SMTP, FTP, and IMAP can be vulnerable.
  • -oA heartbleed-%y%m%d saves Nmap’s output in 3 formats as heartbleed-20140410.nmapheartbleed-20140410.xml, and heartbleed-20140410.gnmap.


Leave a Reply