heartbleeder

command module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2014 License: BSD-3-Clause Imports: 16 Imported by: 0

README

Heartbleeder

Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed.

WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.

Pull requests welcome.

Usage

$ heartbleeder example.com
INSECURE - example.com:443 has the heartbeat extension enabled and is vulnerable
Multiple hosts

Multiple hosts may be monitored by setting -hostfile flag to a file with newline separated addresses. A web dashboard is available at http://localhost:5000 by default.

Testing PostgreSQL

Postgres uses OpenSSL in a slightly different way. To test whether a Postgres server is vulnerable, run the following (defaults to port 5432):

$ heartbleeder -pg example.com
SECURE - example:5432 does not have the heartbeat extension enabled
Installation

Binaries are available from gobuild.io.

Build from source by running go get -u github.com/titanous/heartbleeder, which will put the code in $GOPATH/src/github.com/titanous/heartbleeder and a binary at $GOPATH/bin/heartbleeder.

Requires Go version >= 1.2. On Ubuntu godeb is an easy way of getting the latest version of Go.

Credits

The TLS implementation was borrowed from the Go standard library.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
Package tls partially implements TLS 1.2, as specified in RFC 5246.
 Package tls partially implements TLS 1.2, as specified in RFC 5246.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.