NSE:ssl-heartbleed and Metasploit
As a Red Teamer if you encounter OpenSSL and a Webserver you should check to see if the machine is vulnerable to the "Heartbleed" security flaw.
Essentially the vulnerability works like this; Heartbleed takes advantage of older TLS and allows an attacker to read data that resides in memory of the target machine. Below you will see two techniques, one through nmap that informs us that the target is indeed vulnerable and one with metasploit. The second option has additional features that actually lets us read the data that is being grabbed from memory
We can quickly check to see if a target is vulnerable by using nmap.
#nmap -p 443 --script ssl-heartbleed <IP>