This tool allows you to scan multiple hosts for Heartbleed, in an efficient multi-threaded manner.
This tests for OpenSSL versions vulnerable to Heartbleed without exploiting the server, so the heartbeat request does not cause the server to leak any data from memory or expose any data in an unauthorized manner. This Mozilla blog post outlines the method used.
Usage: ssltest.py [network2] [network3] ... Test for SSL heartbleed vulnerability (CVE-2014-0160) on multiple domains Options: -h, --help show this help message and exit -p PORT, --port=PORT Port to scan on all hosts or networks, default 443 -i INPUT_FILE, --input=INPUT_FILE Optional input file of networks or ip addresses, one address per line -o LOG_FILE, --logfile=LOG_FILE Optional logfile destination --resume Do not rescan hosts that are already in the logfile -t TIMEOUT, --timeout=TIMEOUT How long to wait for remote host to respond before timing out --threads=THREADS If specific, run X concurrent threads --json=JSON_FILE Save data as json into this file --only-vulnerable Only scan hosts that have been scanned before and were vulnerable --only-unscanned Only scan hosts that appear in the json file but have not been scanned --summary Useful with --json. Don't scan, just print old results --verbose Print verbose information to screen --max=MAX Exit program after scanning X hosts. Useful with --only-unscanned