Posts Tagged ‘heartbleed CVE-2014-0160 openssl SSL’

With all the news of the Heartbleed SSL flaw in the media this week IT staff have been working to lock things down on servers & services.

Here are 3 Simple ways to Identify if a domain is vulnerable to a Heartbleed

Method 1
From any host running Chrome Web Browser search for and install the following extension


Now browse to the Domain name in question to validate the status.
If the domain is vulnerable you will see a message similar to the following

Method 2
Use a web based service such as the one found here:

Method 3
For scanning multiple sites at once we have created the following script.

Usage :

‘./ domain-list.txt’

Output Examples :

'TLS server extension heartbeat' 

The above output should be further investigated to verify the vulnerability.

More Info: