Wanting to setup nmap on my Ubuntu 14.04 tls system to detect heartbleed vulnerability. I followed the instructions here:

http://cyberarms.wordpress.com/2014/...th-metasploit/

To create the script files and place them in the proper directory. However the script throws an execution error.

<error>
|_ssl-heartbleed: ERROR: Script execution failed (use -d to debug)
</error>

So I ran it with -d to debug and get this:

<error>
NSE: Starting ssl-heartbleed against "testsite".com (IP Address:443).
Initiating NSE at 08:28
NSE: ssl-heartbleed against testsite.com (IP Address:443) threw an error!
/usr/bin/../share/nmap/scripts/ssl-heartbleed.nse:77: variable 'keys' is not declared
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nselib/strict.lua:80: in function '__index'
/usr/bin/../share/nmap/scripts/ssl-heartbleed.nse:77: in function 'testversion'
/usr/bin/../share/nmap/scripts/ssl-heartbleed.nse:232: in function </usr/bin/../share/nmap/scripts/ssl-heartbleed.nse:205>
(...tail calls...)

Completed NSE at 08:28, 0.01s elapsed

The debug results do not help me but I am hoping someone here knows whats wrong. The host I scanned sits on public IP space so I know its not a FW issue. I also am the owner of the files and have execute perms for the script.

That looks like a scripting error on line 77, or before it.

Here is the first 77 lines of the script. But how do I fix? 77 references stdnse.keys file. I wonder if that file is missing or missing "keys". Or do I change the name of the file to "variable.keys"

local bin = require('bin')
local match = require('match')
local nmap = require('nmap')
local shortport = require('shortport')
local sslcert = require('sslcert')
local stdnse = require('stdnse')
local string = require('string')
local table = require('table')
local vulns = require('vulns')
local have_tls, tls = pcall(require,'tls')
assert(have_tls, "This script requires the tls.lua library from http://nmap.org/nsedoc/lib/tls.html")

description = [[
Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160).
The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)
]]

---
-- @usage
-- nmap -p 443 --script ssl-heartbleed <target>
--
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | ssl-heartbleed:
-- | VULNERABLE:
-- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
-- | State: VULNERABLE
-- | Risk factor: High
-- | Description:
-- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
-- |
-- | References:
-- | https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-0160
-- | http://www.openssl.org/news/secadv_20140407.txt
-- |_ http://cvedetails.com/cve/2014-0160/
--
--
-- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2
--

author = "Patrik Karlsson <patrik@cqure.net>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = { "vuln", "safe" }

local arg_protocols = stdnse.get_script_args(SCRIPT_NAME .. ".protocols") or {'TLSv1.0', 'TLSv1.1', 'TLSv1.2'}

portrule = function(host, port)
return shortport.ssl(host, port) or sslcert.isPortSupported(port)
end

local function recvhdr(s)
local status, hdr = s:receive_buf(match.numbytes(5), true)
if not status then
stdnse.debug3('Unexpected EOF receiving record header - server closed connection')
return
end
local pos, typ, ver, ln = bin.unpack('>CSS', hdr)
return status, typ, ver, ln
end

local function recvmsg(s, len)
local status, pay = s:receive_buf(match.numbytes(len), true)
if not status then
stdnse.debug3('Unexpected EOF receiving record payload - server closed connection')
return
end
return true, pay
end

local function testversion(host, port, version)

local hello = tls.client_hello({
["protocol"] = version,
-- Claim to support every cipher
-- Doesn't work with IIS, but IIS isn't vulnerable
["ciphers"] = stdnse.keys(tls.CIPHERS),

Here's a python script that may be of help.
Usage: fill up a scan.txt file with target IPs or hosts and run
any vulnerable hosts will have an ip.txt in the directory it was run from.

Habitual - thanks but your gonna have to help me out. Do I just copy the script into a text editor and name it "python" then run it out of the directory where scan.txt lives?

Business Kid - I did some digging on the stdnse.keys thing which led me to the stdnse.lua file, which has a "keys" function, but I am not sure what to do with it.

http://nmap.org/nsedoc/lib/stdnse.html

According to the docs, nmap's stdnse library does have a "keys" field, so it's unclear why you would get an error. Maybe that field was only added in a recent version of nmap?

I think I'll just wait on nmap 6.45 to be available for my distro. The changelog for that version says the script was included in the new version. Thanks everyone for the help.

If history is any indication, 14.04 will not get a new version of Nmap. They lock in the version and only backport security patches. You are better off building it yourself; luckily, Nmap is a pretty easy package to build. I answered your copy-paste of this question over at unix.stackexchange.com, too.

I copied the RAW Paste Data to hbscan.py and save it.
Then I run
where scan.txt has IPs you'd like to check, one per line.

Hope that helps

The file you pointed me at is a bit of a red herring.

Apparently it wants the location of your ssh keys and hasn't got it. That's what I get from it. Not the world's expert here, I might add.