/Heartbleed

A checker (site and tool) for CVE-2014-0160

Primary LanguageGoMIT LicenseMIT

Heartbleed

A checker (site and tool) for CVE-2014-0160.

Public site at http://filippo.io/Heartbleed/

Tool usage: Heartbleed [-service="service_name"] example.com[:443] or: Heartbleed service_name://example.com[:443]

Exit codes: 0 - SAFE; 1 - VULNERABLE; 2 - ERROR. (recently changed) See the online FAQ for an explanation of returned messages including TIMEOUT and BROKEN PIPE.

Please note that the code is a bit of a mess, not exactly release-ready.

If a service is specified besides https, the tool checks the specified service using STARTTLS. You do still need to specify the correct port.

Install

You will need Go 1.2.x, otherwise you get undefined: cipher.AEAD and other errors

go get github.com/FiloSottile/Heartbleed
go install github.com/FiloSottile/Heartbleed

You can also use docker to get a ready to run virtual machine with heartbleed, see https://github.com/kasimon/docker-heartbleed.