Skip to content

Instantly share code, notes, and snippets.

@ironcamel
Forked from dolmen/README.md
Last active August 29, 2015 13:58
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save ironcamel/10223348 to your computer and use it in GitHub Desktop.
Check if you are vulnerable to the OpenSSL heartbleed bug.

Check if you are vulnerable to the OpenSSL « heartbleed » bug.

curl -s https://gist.githubusercontent.com/ironcamel/10223348/raw/ssl-heartbleed-check.pl | perl
#!/usr/bin/env perl
use strict;
use warnings;
use Net::SSLeay ();
use Time::ParseDate;
sub print_color {
my ($color, $text) = @_;
print "\e[${color}m$text\e[m\n";
}
my $ssl_ver = Net::SSLeay::SSLeay();
my $ssl_ver_text = Net::SSLeay::SSLeay_version(0);
my $ssl_cflags = Net::SSLeay::SSLeay_version(2);
my $ssl_built_on = Net::SSLeay::SSLeay_version(3);
print "$ssl_ver_text\n";
#printf "SSL version 0x%x %d.%d.%d%s\nCFLAGS=%s\nBUILT_ON=%s\n",
# $ssl_ver,
# ($ssl_ver >> 28) & 0xff,
# ($ssl_ver >> 20) & 0xff,
# ($ssl_ver >> 12) & 0xff,
# do { my $minor = ($ssl_ver >> 4) & 0xff; $minor ? chr(96+$minor) : '' },
# $ssl_cflags,
# $ssl_built_on;
# TODO : openssl may be dynamically linked, so the version reported by
# Net::SSLeay may not match the real version installed
if (
(
$ssl_ver_text =~ /^OpenSSL 1\.0\.(?:1[a-f]?|2-beta1)(?:-fips)? /
|| ($ssl_ver >= 0x10001000 && $ssl_ver <= 0x1000106f)
|| $ssl_ver == 0x10002001
)
&& $ssl_cflags !~ / -DOPENSSL_NO_HEARTBEATS /
) {
(my $build_time = $ssl_built_on) =~ s/^[^:]*: *//;
# the unix time 1396828800 is 2014-04-07 00:00:00
my $recently_built = parsedate($build_time) > 1396828800;
if ( $recently_built ) {
print_color "1;33", "Version number indicates vulnerable,"
. " but your build is recent so may be patched.";
} else {
print_color "1;31", "Vulnerable to heartbleed!";
}
exit 1;
} else {
print_color "1;32", "Not vulnerable to heartbleed.";
#print_color "1;33", "Maybe not vulnerable to heartbleed.";
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment