Skip to content
Branch: master
Find file History
Latest commit d65a8b6 May 27, 2014
Type Name Latest commit message Commit time
Failed to load latest commit information.
man Improve manpage May 27, 2014
.gitignore Add makefile for man page Apr 27, 2014
LICENSE Add `-u` flag to `go get` command in README Apr 11, 2014
monitor.go Make listen address log output clearer Apr 10, 2014


Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed.

WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.

Pull requests welcome.


$ heartbleeder
INSECURE - has the heartbeat extension enabled and is vulnerable

Multiple hosts

Multiple hosts may be monitored by setting -hostfile flag to a file with newline separated addresses. A web dashboard is available at http://localhost:5000 by default.

Testing PostgreSQL

Postgres uses OpenSSL in a slightly different way. To test whether a Postgres server is vulnerable, run the following (defaults to port 5432):

$ heartbleeder -pg
SECURE - example:5432 does not have the heartbeat extension enabled


Binaries are available from

Build from source by running go get -u, which will put the code in $GOPATH/src/ and a binary at $GOPATH/bin/heartbleeder.

Requires Go version >= 1.2. On Ubuntu godeb is an easy way of getting the latest version of Go.


The TLS implementation was borrowed from the Go standard library.

You can’t perform that action at this time.