Here is the first 77 lines of the script. But how do I fix? 77 references stdnse.keys file. I wonder if that file is missing or missing "keys". Or do I change the name of the file to "variable.keys"
local bin = require('bin')
local match = require('match')
local nmap = require('nmap')
local shortport = require('shortport')
local sslcert = require('sslcert')
local stdnse = require('stdnse')
local string = require('string')
local table = require('table')
local vulns = require('vulns')
local have_tls, tls = pcall(require,'tls')
assert(have_tls, "This script requires the tls.lua library from http://nmap.org/nsedoc/lib/tls.html")
description = [[
Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160).
The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)
]]
---
-- @usage
-- nmap -p 443 --script ssl-heartbleed <target>
--
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | ssl-heartbleed:
-- | VULNERABLE:
-- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
-- | State: VULNERABLE
-- | Risk factor: High
-- | Description:
-- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
-- |
-- | References:
-- |
https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-0160
-- |
http://www.openssl.org/news/secadv_20140407.txt
-- |_
http://cvedetails.com/cve/2014-0160/
--
--
-- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2
--
author = "Patrik Karlsson <patrik@cqure.net>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = { "vuln", "safe" }
local arg_protocols = stdnse.get_script_args(SCRIPT_NAME .. ".protocols") or {'TLSv1.0', 'TLSv1.1', 'TLSv1.2'}
portrule = function(host, port)
return shortport.ssl(host, port) or sslcert.isPortSupported(port)
end
local function recvhdr(s)
local status, hdr = s:receive_buf(match.numbytes(5), true)
if not status then
stdnse.debug3('Unexpected EOF receiving record header - server closed connection')
return
end
local pos, typ, ver, ln = bin.unpack('>CSS', hdr)
return status, typ, ver, ln
end
local function recvmsg(s, len)
local status, pay = s:receive_buf(match.numbytes(len), true)
if not status then
stdnse.debug3('Unexpected EOF receiving record payload - server closed connection')
return
end
return true, pay
end
local function testversion(host, port, version)
local hello = tls.client_hello({
["protocol"] = version,
-- Claim to support every cipher
-- Doesn't work with IIS, but IIS isn't vulnerable
["ciphers"] = stdnse.keys(tls.CIPHERS),