Build precise queries to find exactly what you need
Press ESC to close
Your review has been submitted and is pending approval.
check_heartbleed allows you to check for the Heartbleed Vulnerability (CVE-2014-0160) of openssl on various systems. Version - 0.6 : Added TLSv1.0 and SSLv3.0 support If no version is specified, checks all versions. Altered output somewhat. Added optional verbose output Version - 0.5 : Added socket timeout option with default to 10 seconds Changed no data received to unknown, was returning OK. Version - 0.4 : Try: Except: on all socket interactions. Spelling mistake. Version - 0.3 : Properly catches socket connection error. Reworking of internal logic Alterations of some unknown messages Version - 0.2 : Now works with Python 2.4+
Current Version
0.6
Last Release Date
2014-04-18
Owner
Scott Wilkerson
Compatible With
# /usr/local/nagios/libexec/check_heartbleed.py -h usage: check_heartbleed.py server [options]
Test for SSL heartbeat vulnerability (CVE-2014-0160)
options: -h, --help show this help message and exit -H HOST, --host=HOST Host to connect to (default: 127.0.0.1) -p PORT, --port=PORT TCP port to test (default: 443) -v VERSION, --version=VERSION TLS or SSL version to test [TLSv1.0(0), TLSv1.1(1), TLSv1.2(2), or SSLv3.0(3)] (default: all) -u, --udp Use TCP or UDP protocols, no arguments needed. This does not work presently, keep to TCP. (default: TCP) -t TIMEOUT, --timeout=TIMEOUT Plugin timeout length (default: 10) -V, --verbose Print verbose output, including hexdumps of packets.
Example Usage:
# ./check_heartbleed.py -H yahoo.com -p 443 -v 1 OK: yahoo.com TLSv1.0 is not vulnerable # echo $? 0 # ./check_heartbleed.py -H vulnerable.site.com -p 443 -v 1 CRITICAL: vulnerable.site.com TLSv1.0 is vulnerable # echo $? 2 # ./check_heartbleed.py -H vulnerable.site.com CRITICAL: Server vulnerable.site.com TLSv1.0 is vulnerable. TLSv1.1 is vulnerable. TLSv1.2 is vulnerable. SSLv3.0 is vulnerable.
Example Command:
define command { command_name check_heartbleed command_line $USER1$/check_heartbleed.py -H $HOSTADDRESS$ -p 443 -v 1 }
Hey, The plugin works great for some hosts, but is failing for a fairly large number, not sure if this is an issue at my side but I don't think so - [root@host scripts]# ./check_heartbleed.py -H www.google.com -p 443 OK: Server www.google.com TLSv1.0 is not vulnerable. TLSv1.1 is not vulnerable. TLSv1.2 is not vulnerable. SSLv3.0 is not vulnerable. [root@host scripts]# ./check_heartbleed.py -H www.test.com -p 443 UNKNOWN: Server www.test.com closed connection without sending Server Hello. Any thoughts?
In Fortigate devices with FortiOS affected by Heartbleed (FGxxx-5.00-FW-build208-130603), plugin returns OK instead CRITICAL. When we check this devices with NMAP and ssl-heartbleed.nse script, the result is VULNERABLE.
As of 14/4/14 (v0.3), All known issues with python 2.4+ should be resolved. There has been a -H flag per standard nagios plugins, and additional error handling. Please try it again and let us know if issues persist.
hi, i've tried to use it on: rhel 5.x ( Package python-2.4.3-56.el5.x86_64 already installed) but i get the following error msg: --------------------------------------- :~>./check_hearbleed.py --------------------------------------- File "./check_hearbleed.py", line 62 pdat = ' '.join((c if 32
Below is the steps I followed: 1. downloaded “Check_heartbleed.txt” to “check_heartbleed.py” 2. moved to “/usr/local/nagios/libexec/” 3. chmod –R 777 check_heartbleed.py I am getting below error if I execute the script.. any clue on this? [root@localhost libexec]# ./check_heartbleed.py 10.1.71.49 -p 443 Traceback (most recent call last): File "./check_heartbleed.py", line 151, in main() File "./check_heartbleed.py", line 132, in main s.connect((args[0], opts.port)) File "", line 1, in connect socket.error: [Errno 111] Connection refused
Im getting a syntax error: File "./check_heartbleed.py", line 62 pdat = '.join((c if 32 python version: Python 2.4.3 (#1, Oct 23 2012, 22:02:41) [GCC 4.1.2 20080704 (Red Hat 4.1.2-54)] on linux2 Type "help", "copyright", "credits" or "license" for more information.
File "./check_heartbleed.py", line 62 pdat = '.join((c if 32
Hi, I'm getting the following syntax error while executing the plugin. /usr/local/nagios/libexec/check_heartbleed.py localhost -p 443 -v 1 File "/usr/local/nagios/libexec/check_heartbleed.py", line 62 pdat = ''.join((c if 32
You must be logged in to submit a review.
To:
From: