Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect the "heartbleed" vulnerability #90

robertdavidgraham opened this issue Apr 8, 2014 · 3 comments


Copy link

commented Apr 8, 2014

No description provided.


This comment has been minimized.

Copy link

commented Apr 9, 2014

Not sure how well this is working.
Using the original script that started floating around yesterday I can still find some of these that are still vulnerable
the one for example. shows it being vulnerable, however masscan -p443 --banners --heartbleed -dddddddddddddd --packet-trace do not.
It doesnt seem to hit the ssl parsing code at all, getting an RST instead of any form of handshake.
This seems to be the case with more than just this example for me.

Starting masscan 1.0.3 ( at 2014-04-09 16:24:44 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
xmit: starting main loop: [0..1]
Scanning 1 hosts [1 port/host]
SENT (1.3097) TCP    >      SYN
Transmit thread done, waiting for receive thread to realize this
begin receive thread
RCVD (2.0602) TCP      >    SYN-ACK   :  443: -> TCP ackno=0x2f87f1fe flags=0x12(syn-ack)   :  443: =STATE_SYN_SENT : TCP_WHAT_SYNACK
Discovered open port 443/tcp on
SENT (2.0601) TCP    >      ACK
RCVD (3.0614) TCP      >    RST-ACK   :  443: -> TCP ackno=0x2f87f1fe flags=0x14(rst-ack)   :  443: =STATE_READY_TO_SEND : TCP_WHAT_ACK - 0-sending, 0-reciving   :  443: =STATE_READY_TO_SEND : TCP_WHAT_RST

This comment has been minimized.

Copy link

commented Apr 11, 2014

I am encountering the same issue as @espenfjo The SSL code is never being called. I stepped through the code and seems like after the TCP request is sent there is no data sent back.


This comment has been minimized.

Copy link

commented Apr 13, 2014

I'm having the same problem as @espenfjo and @ecstasy2
nmap and other scripts report the host as vulnerable but masscan does not.

This is not always the case sometimes masscan does recognize the issue and reports it correctly. My concern is that with those discrepancies the results are not accurate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
4 participants
You can’t perform that action at this time.