FiloSottile / Heartbleed

A checker (site and tool) for CVE-2014-0160
http://filippo.io/Heartbleed
MIT License
2.31k stars 461 forks source link

Heartbleed

A checker (site and tool) for CVE-2014-0160.

Public site at https://filippo.io/Heartbleed/

Tool usage:

    Heartbleed [-service="service_name"] example.com[:443]
    Heartbleed service_name://example.com[:443]

Exit codes: 0 - SAFE; 1 - VULNERABLE; 2 - ERROR. (recently changed)

See the online FAQ for an explanation of error messages including TIMEOUT and BROKEN PIPE.

If a service name is specified besides https, the tool checks the specified service using STARTTLS. You do still need to specify the correct port.

Install

You will need Go >= 1.2, otherwise you'll get undefined: cipher.AEAD and other errors

go get github.com/FiloSottile/Heartbleed

You can also use Docker to get a ready to run virtual machine with Heartbleed: https://github.com/kasimon/docker-heartbleed