Skip to content

Scanning Engine v2 - Module - BlueKeep

Overview

Bluekeep is a module for detecting the CVE-2019-0708 vulnerability (BlueKeep) in Microsoft Remote Desktop Services (RDP). This vulnerability allows for remote code execution on unpatched systems and is considered highly critical. The module is designed for high-performance scanning of large address spaces and is suitable for both targeted and wide-scale internet scanning.

Targeting

This module targets TCP ports by IP address or hostname. When given a hostname, its associated IP addresses are resolved and used, disregarding the hostname afterward.

Schemas

The schema for the body object of all results generated with .task.module_name equal to bluekeep can be found here. The schema for results is available both in standalone and bundled form.

Examples

These are examples of the .body object for results with .task.module_name equal to bluekeep.

Live Host

This example was generated with a live host on the internet.

{
  "status": "VULNERABLE",
  "reason": "got appid"
}

Changelog

v2.0.0 (2025-07-23)

  • Complete rewrite from Python to Go for improved performance and maintainability.
  • Integrated the new targeting library to standardize and improve target resolution and indexing. All scans now use IP addresses exclusively, even when hostnames are submitted, to ensure consistent identification and avoid ambiguity in result mapping.
  • Improved error handling, result processing, and logging.

v1.0.0 (2025-05-05)

  • Initial release of versioning for each module. All modules are being tagged with version number 1.0.0. Going forward:
  • Major version should be changed when there are changes that impact consumers or clients of the modules.
  • Minor version should be changed when there are additions which enrich or enhance the module but shouldn't affect consumers or clients.
  • Patch version should be changed when there are bugfixes.