heartbleeder

by titanous

titanous /heartbleeder

OpenSSL CVE-2014-0160 Heartbleed vulnerability test

450 Stars 97 Forks Last release: Not found Other 37 Commits 2 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Heartbleeder

Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed.

WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.

Pull requests welcome.

Usage

$ heartbleeder example.com
INSECURE - example.com:443 has the heartbeat extension enabled and is vulnerable

Multiple hosts

Multiple hosts may be monitored by setting

-hostfile
flag to a file with newline separated addresses. A web dashboard is available at
http://localhost:5000
by default.

Testing PostgreSQL

Postgres uses OpenSSL in a slightly different way. To test whether a Postgres server is vulnerable, run the following (defaults to port 5432):

$ heartbleeder -pg example.com
SECURE - example:5432 does not have the heartbeat extension enabled

Installation

Binaries are available from gobuild.io.

Build from source by running

go get -u github.com/titanous/heartbleeder
, which will put the code in
$GOPATH/src/github.com/titanous/heartbleeder
and a binary at
$GOPATH/bin/heartbleeder
.

Requires Go version >= 1.2. On Ubuntu godeb is an easy way of getting the latest version of Go.

Credits

The TLS implementation was borrowed from the Go standard library.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.