http://filippo.io/Heartbleed/ is a great service to the community.
I wouldn’t recommend testing hosts againt an online tool. All you do is create a log for a security savvy person with vulnerable hosts. While not quite the same, this is similar to uploading private keys or passwords to a service to check if they are secure.
Luckily it is easy to run the software locally, as the author was so kind to provide the source. I don’t read go very well, but a cursory glance suggests that the software does what it says on the tin, so we don’t worry about it phoning home.
This is the first time I’m building a go project, so I have to install go first.
brew install go is easily done. You can get binary distributions for your OS from the go homepage: https://code.google.com/p/go/downloads/list
Heartbleed depends on a few other modules and I’m sure there is a fancy module system I can use, but I have no time to learn that right now (comments are open :), so I’m patching the source a little (see below), to make source imports local. I also clone git clone https://github.com/davecgh/go-spew.git into the Heartbleed top level directory.
See https://gist.github.com/janl/10107626#comment-1207459 for how to install the dependencies.
To build the thing, run
Then I can run Heartbleed locally without creating a log elsewhere:
> git diff diff --git a/bleed.go b/bleed.go index f017e57..aa36d40 100644 --- a/bleed.go +++ b/bleed.go @@ -1,7 +1,7 @@ package main import ( - bleed "github.com/FiloSottile/Heartbleed/bleed" + bleed "./bleed" "log" "os" ) diff --git a/bleed/heartbleed.go b/bleed/heartbleed.go index afe8b41..cfd9dd1 100644 --- a/bleed/heartbleed.go +++ b/bleed/heartbleed.go @@ -4,8 +4,8 @@ import ( "bytes" "encoding/binary" "errors" - "github.com/FiloSottile/Heartbleed/tls" - "github.com/davecgh/go-spew/spew" + "../tls" + "../go-spew/spew" "time" )