The vulnerable bee-box virtual machine will have the IP address 192.168.56.12 and the vulnerable service is running on port 8443. Let's start by identifying the vulnerability in the server:

1. We use sslscan to check the TCP port 8443 on bee-box; as the following screenshot shows, we will find it is vulnerable to Heartbleed:

2. By exploiting Heartbleed we will extract information from the server, before proceeding to undertake some activities in the applications, like logging into bWAPP (https://192.168.56.12:8443/bwapp/) to be sure there's some data in the server's memory.
3. Now, to look for an exploit in the local copy of Exploit-DB, open a Terminal and type the searchsploit heartbleed command. The result is displayed here:

4. We'll pick the first exploit in the list. To inspect this exploit's contents and analyze how to use it and what it does, we can simply use the cat command to display the Python code, as illustrated:

5. According to the instructions in the exploit, we should run it with the server address as the first parameter and then the -p option to indicate the port we want to test. So, the attacking command should be python /usr/share/exploitdb/platforms/multiple/remote/32764.py 192.168.56.12 -p 8443. The next screenshot shows the result of a successful attack where we were able to retrieve a username and password: