do a general refresh, now that I actually know some Go

.gitignore

@@ -1,2 +1,24 @@
-/Heartbleed
-/server/HBserver
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014 Filippo Valsorda
+Copyright (c) 2014-2015 Filippo Valsorda
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -3,7 +3,7 @@ Heartbleed
 
 A checker (site and tool) for CVE-2014-0160.
 
-Public site at http://filippo.io/Heartbleed/
+Public site at https://filippo.io/Heartbleed/
 
 Tool usage:
 
@@ -16,14 +16,12 @@ Exit codes: `0` - SAFE; `1` - VULNERABLE; `2` - ERROR. (*recently changed*)
 
 See the [online FAQ](http://filippo.io/Heartbleed/faq.html) for an explanation of error messages including `TIMEOUT` and `BROKEN PIPE`.
 
-Please note that the code is a bit of a mess, not exactly release-ready.
-
 If a service name is specified besides `https`, the tool checks the specified service using STARTTLS.
 **You do still need to specify the correct port.**
 
 ## Install
 
-You will need Go 1.2.x, otherwise you'll get `undefined: cipher.AEAD` and other errors
+You will need Go >= 1.2, otherwise you'll get `undefined: cipher.AEAD` and other errors
 
 ```
 go get github.com/FiloSottile/Heartbleed

heartbleed/heartbleed.go

@@ -5,6 +5,7 @@ import (
 	_ "crypto/sha256"
 	_ "crypto/sha512"
 	"encoding/binary"
+	"encoding/hex"
 	"errors"
 	"io"
 	"net"
@@ -13,7 +14,6 @@ import (
 	"time"
 
 	"github.com/FiloSottile/Heartbleed/heartbleed/tls"
-	"github.com/davecgh/go-spew/spew"
 )
 
 type Target struct {
@@ -128,7 +128,7 @@ func Heartbleed(tgt *Target, payload []byte, skipVerify bool) (string, error) {
 
 	select {
 	case data := <-conn.Heartbeats:
-		out := spew.Sdump(data)
+		out := hex.Dump(data)
 		if bytes.Index(data, padding) == -1 {
 			return "", Safe
 		}

main.go

@@ -27,18 +27,25 @@ func usage() {
 }
 
 func main() {
-	var tgt heartbleed.Target
-
-	flag.StringVar(&tgt.Service, "service", "https", fmt.Sprintf("Specify a service name to test (using STARTTLS if necessary). \n\t\tBesides HTTPS, currently supported services are: \n\t\t%s", heartbleed.Services))
-	check_cert := flag.Bool("check-cert", false, "check the server certificate")
+	var (
+		service = flag.String("service", "https", fmt.Sprintf(
+			`Specify a service name to test (using STARTTLS if necessary).
+		Besides HTTPS, currently supported services are:
+		%s`, heartbleed.Services))
+		check_cert = flag.Bool("check-cert", false, "check the server certificate")
+	)
 	flag.Parse()
 
 	if flag.NArg() < 1 {
 		usage()
 	}
 
-	tgt.HostIp = flag.Arg(0)
+	tgt := &heartbleed.Target{
+		Service: *service,
+		HostIp:  flag.Arg(0),
+	}
 
+	// Parse the host out of URLs
 	u, err := url.Parse(tgt.HostIp)
 	if err == nil && u.Host != "" {
 		tgt.HostIp = u.Host
@@ -47,7 +54,8 @@ func main() {
 		}
 	}
 
-	out, err := heartbleed.Heartbleed(&tgt, []byte("heartbleed.filippo.io"), !(*check_cert))
+	out, err := heartbleed.Heartbleed(tgt,
+		[]byte("github.com/FiloSottile/Heartbleed"), !(*check_cert))
 	if err == heartbleed.Safe {
 		log.Printf("%v - SAFE", tgt.HostIp)
 		os.Exit(0)