Here's mine, written in Go: http://code.google.com/p/mxk/source/browse/go1/tlshb/
To build the binary, install Mercurial, install Go (golang.org), set GOPATH to some empty directory, then run: go get code.google.com/p/mxk/go1/tlshb - Max On Tue, Apr 8, 2014 at 12:16 PM, Patrick W. Gilmore <patr...@ianai.net> wrote: > Lots of tools available. I'm with ferg, surprised more haven't been mentioned > here. > > Tools to check for the bug: > • on your own box: > https://github.com/musalbas/heartbleed-masstest/blob/master/ssltest.py > • online: http://filippo.io/Heartbleed/ (use carefully as they might > log what you check) > • online: http://possible.lv/tools/hb/ > • offline: https://github.com/tdussa/heartbleed-masstest <--- Tobias > Dussa, also Takes a CSV file with host names for input and ports as parameter > • offline: http://s3.jspenguin.org/ssltest.py > • offline: https://github.com/titanous/heartbleeder > > List of vulnerable Linux distributions: <http://www.circl.lu/pub/tr-21/>. > > Anyone have any more? > > -- > TTFN, > patrick > > > On Apr 08, 2014, at 12:11 , Jonathan Lassoff <j...@thejof.com> wrote: > >> For testing, I've had good luck with >> https://github.com/titanous/heartbleeder and >> https://gist.github.com/takeshixx/10107280 >> >> Both are mostly platform-independent, so they should be able to work even >> if you don't have a modern OpenSSL to test with. >> >> Cheers and good luck (you're going to need it), >> jof >> >> On Tue, Apr 8, 2014 at 5:03 PM, Michael Thomas <m...@mtcc.com> wrote: >> >>> Just as a data point, I checked the servers I run and it's a good thing I >>> didn't reflexively update them first. >>> On Centos 6.0, the default openssl is 1.0.0 which supposedly doesn't have >>> the vulnerability, but the >>> ones queued up for update do. I assume that redhat will get the patched >>> version soon but be careful! >>> >>> Mike >>> >>> >>> On 04/07/2014 10:06 PM, Paul Ferguson wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA256 >>>> >>>> I'm really surprised no one has mentioned this here yet... >>>> >>>> FYI, >>>> >>>> - - ferg >>>> >>>> >>>> >>>> Begin forwarded message: >>>> >>>> From: Rich Kulawiec <r...@gsp.org> Subject: Serious bug in >>>>> ubiquitous OpenSSL library: "Heartbleed" Date: April 7, 2014 at >>>>> 9:27:40 PM EDT >>>>> >>>>> This reaches across many versions of Linux and BSD and, I'd >>>>> presume, into some versions of operating systems based on them. >>>>> OpenSSL is used in web servers, mail servers, VPNs, and many other >>>>> places. >>>>> >>>>> Writeup: Heartbleed: Serious OpenSSL zero day vulnerability >>>>> revealed >>>>> http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability- >>>>> revealed-7000028166/ >>>>> >>>>> Technical details: Heartbleed Bug http://heartbleed.com/ >>>>> >>>>> OpenSSL versions affected (from link just above): OpenSSL 1.0.1 >>>>> through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT >>>>> vulnerable (released today, April 7, 2014) OpenSSL 1.0.0 branch is >>>>> NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable >>>>> >>>>> >>>> - -- Paul Ferguson >>>> VP Threat Intelligence, IID >>>> PGP Public Key ID: 0x54DC85B2 >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v2.0.22 (MingW32) >>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >>>> >>>> iF4EAREIAAYFAlNDg9gACgkQKJasdVTchbIrAAD9HzKaElH1Tk0oIomAOoSOvfJf >>>> 3Dvt4QB54os4/yewQQ8A/0dhFZ/YuEdA81dkNfR9KIf1ZF72CyslSPxPvkDcTz5e >>>> =aAzE >>>> -----END PGP SIGNATURE----- >>>> >>> >>> >>> >
