NAME¶
heartbleeder - Test servers for OpenSSL CVE-2014-0160, aka Heartbleed
SYNOPSIS¶
heartbleeder [options] host[:443]
DESCRIPTION¶
heartbleeder is a tool that tests remotely (over a network) if a system
is compromised by an insecure OpenSSL service, in accordance with
CVE-2014-0160, aka Heartbleed.
More about Heartbleed Bug can be viewed at
http://heartbleed.com.
OPTIONS¶
- -hostfile=""
- Path to a newline separated file with hosts or IPs.
- -listen="localhost:5000"
- Address to serve HTTP dashboard from.
- -pg=false
- Check PostgreSQL TLS. This option is incompatible with
-hostfile.
- -refresh=10m0s
- Seconds to wait before rechecking secure hosts.
- -retry=10s
- Seconds to wait before retesting a host after an unfavorable
response.
- -timeout=5s
- Timeout after sending heartbeat.
- -workers=40
- Number of workers to scan hosts with, only used with hostfile flag.
NOTES¶
Multiple hosts may be monitored by setting '
-hostfile' flag to a file
with newline separated addresses. A web dashboard will be available at
'
http://localhost:5000' by default.
Postgres uses OpenSSL in a slightly different way. To test whether a Postgres
server is vulnerable, run the following (defaults to port 5432). Example:
$
heartbleeder -pg example.com.br
WARNING¶
No guarantees are made about the accuracy of results, and you should verify them
independently by checking your OpenSSL build.
AUTHOR¶
heartbleeder was written by Jonathan Rudenberg
<jonathan@titanous.com>. The TLS implementation was borrowed from the Go
standard library. This manual page was written by Joao Eriberto Mota Filho
<eriberto@eriberto.pro.br> for the Debian project (but may be used by
others). The
heartbleeder help page was the source.