OpenSSL CVE-2014-0160 (Heartbleed) Detector
This application lets you test whether a given host:port is susceptible to exploitation by CVE-2014-0160 (aka Heartbleed) OpenSSL security vulnerability.
This tool is intended as a supplement to the Red Hat provided remediation and diagnostics steps provided in:
- Red Hat Enterprise Linux: https://access.redhat.com/site/solutions/781793
- Red Hat Enterprise Virtualization: https://access.redhat.com/site/solutions/781843
- Red Hat Storage: https://access.redhat.com/site/solutions/782053
If you are interested in scanning internal systems you can download the offline Heartbleed scanning tool. The offline tool is not supported and is provided for informational purposes only. For more information about the offline tool see the GitHub page.
To verify that your download is correct please use the following sha256 checksum:
$ sha256sum heartbleed-poc.py c7ce931feb5d3ad7fc2afca005572d0c6dc2283592df7b5c13498be3f635f437 heartbleed-poc.py
Please only use this to scan servers you have permission to. All scans are logged.