.TH HEARTBLEEDER "1"  "Apr 2014" "HEARTBLEEDER" "test servers for OpenSSL CVE-2014-0160 aka Heartbleed"
.SH NAME
\fBheartbleeder \fP- Test servers for OpenSSL CVE-2014-0160, aka Heartbleed
.SH SYNOPSIS
.nf
.fam C
\fBheartbleeder\fP [\fIoptions\fP] host[:443]
.fam T
.fi
.fam T
.fi
.SH DESCRIPTION
\fBheartbleeder\fP is a tool that tests remotely (over a network) if a system is compromised by an insecure OpenSSL service, in accordance with CVE-2014-0160, aka Heartbleed.
.PP
More about Heartbleed Bug can be viewed at http://heartbleed.com.
.SH OPTIONS
.TP
.B
\fB-hostfile\fP=""
Path to a newline separated file with hosts or IPs.
.TP
.B
\fB-listen\fP="localhost:5000"
Address to serve HTTP dashboard from.
.TP
.B
\fB-pg\fP=false
Check PostgreSQL TLS. This option is incompatible with \fB-hostfile\fP.
.TP
.B
\fB-refresh\fP=10m0s
Seconds to wait before rechecking secure hosts.
.TP
.B
\fB-retry\fP=10s
Seconds to wait before retesting a host after an unfavorable response.
.TP
.B
\fB-timeout\fP=5s
Timeout after sending heartbeat.
.TP
.B
\fB-workers\fP=40
Number of workers to scan hosts with, only used with hostfile flag.
.SH NOTES
Multiple hosts may be monitored by setting '\fB-hostfile\fP' flag to a file with newline separated addresses. A web dashboard will be available at 'http://localhost:5000' by default.
.PP
Postgres uses OpenSSL in a slightly different way. To test whether a Postgres server is vulnerable, run the following (defaults to port 5432). Example:
.PP
$ \fBheartbleeder\fP \fB-pg\fP example.com.br
.SH WARNING
No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.
.SH AUTHOR
\fBheartbleeder\fP was written by Jonathan Rudenberg <jonathan@titanous.com>. The TLS implementation was borrowed from the Go standard library.
This manual page was written by Joao Eriberto Mota Filho <eriberto@eriberto.pro.br> for the Debian project (but may be used by others). The \fBheartbleeder\fP help page was the source.