Re: OpenSSL Heartbleed bug, Apache still vulnerable?
On Apr 9, 2014 3:51 PM, "Sven Hartge" <sven@svenhartge.de> wrote:
>
> Curt <curty@free.fr> wrote:
> > On 2014-04-09, Jochen Spieker <ml@well-adjusted.de> wrote:
>
> >> The repository now contains a fixed version (0.9.4.2-r413). I tested it
> >> and the new version looks fine.
>
> > Don't mean to hijack, but is this a useful tool?
>
> > http://filippo.io/Heartbleed/
>
> To scan your complete network in mere seconds:
>
> https://github.com/robertdavidgraham/masscan
> http://blog.erratasec.com/2014/04/using-masscan-to-scan-for-heartbleed.html
>
There's also ssl-heartbleed.nse which (even though its not threaded) is probably a bit faster (not to mention has a familiar interface). It also looks like they cleaned some stuff up in the port.
Reply to:
- References:
- OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Sven Hartge <sven@svenhartge.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Sven Hartge <sven@svenhartge.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Curt <curty@free.fr>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
- From: Sven Hartge <sven@svenhartge.de>