With the recent release of the POODLE SSLv3 vulnerability, folks are scrambling around trying to figure out what runs what and where.  Running a handful of things that do SSL, I was obligated, both personally and professionally, to figure out an easy way to drill down and figure out what does what and then fix the vulnerable services.  When there are a lot of devices, this can seem like a daunting task, and it is if you’re trying to do it manually.  This is where NMAP comes into play.  NMAP is an extremely powerful tool for scanning and enumerating your own network, not just a tool for the script kiddies to port scan. Since there is no SSL patch at the time of this writing, and since SSLv3 is old and depricated, it is a good idea to see what services support it and then squish them in favor of TLS 1+.  Thankfully, smarter folks than myself have done most of the legwork for accomplishing this task and written most of it down here. NMAP has a wealth of cool scripts and bolt ons that extend it in amazing ways.  To accomplish our tasks we’ll ned to do a few things. Install nmap. I ran into issues with the nselibs being incomplete, so I grabbed the source and built it that way as opposed to using yum.``` git clone git@github.com:nmap/nmap.git

sudo yum -y groupinstall 'Development Tools'
cd nmap
./configure
sudo make

and alternatively``` sudo make install

From here we can see that there is a host that needs to be updated. There are a wealth of docs out there for changing out the supported version. Most of my stuff is apache so I used this guide. For embedded devices, the best option is to filter access [which you should probably be doing anyway] until there is a patched firmware version.