WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.
Pull requests welcome.
$ heartbleeder example.com INSECURE - example.com:443 has the heartbeat extension enabled and is vulnerable
Multiple hosts may be monitored by setting
-hostfile flag to a file with
newline separated addresses. A web dashboard is available at
http://localhost:5000 by default.
Postgres uses OpenSSL in a slightly different way. To test whether a Postgres server is vulnerable, run the following (defaults to port 5432):
$ heartbleeder -pg example.com SECURE - example:5432 does not have the heartbeat extension enabled
Binaries are available from gobuild.io.
Build from source by running
go get -u github.com/titanous/heartbleeder, which
will put the code in
$GOPATH/src/github.com/titanous/heartbleeder and a binary
Requires Go version >= 1.2. On Ubuntu godeb is an easy way of getting the latest version of Go.
The TLS implementation was borrowed from the Go standard library.