Wednesday, 9 April 2014

Heartbeat/HeartBleed - Resources Only

I'm not going to rehash everything that's been said about how the vulnerability works, why anyone should patch or what else they need to do - at least not yet.

This post is just a list of resources so I can keep my sanity.


The OpenSSL advisory:

An easy way to check for whether heartbeat extensions may be enabled:
openssl s_client -connect <server>:<port> -tlsextdebug | grep -i heartbeat

SANS Webcast covering the vulnerability (9 April 2014, 20.15 EDT):

SANS Webcast "part two" (10 April 2014):

SANS Webcast on *CLIENT* side exploitation:

Snort and Suricata rules:


An NMAP script to check if a server is vulnerable (note: originally only checked on of the three TLS versions):

A MetaSploit module:

Even better, a MetaSploit module for exploiting clients:

A scanner I've been really pleased with:

Another python-based scanner, checks all TLS versions:

*Another* python-based scanner, this time for checking your clients:

Another server scanner my co-workers have been really pleased with:

An excellent, fast server scanner called masscan now has heartbleed support:


Enter your server's <host>.<domain> to see if it is vulnerable:

This one, courtesy of Qualys, gives a really nice health check:

OS Advisories And Updates






Cygwin (okay, not a distribution, but they were second only behind Gentoo in patching)


No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Enriching Logs With Active Directory Attributes

Date of writing: 4th November 2018 Last edit: 4th November 2018 JUST GIVE ME THE SCRIPT AND CONFIG If all you need are the logstash co...