728x90
OpenSSL Heartbeat Information Leak
This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable.
Module Name
auxiliary/scanner/ssl/openssl_heartbleed
Authors
- Neel Mehta
- Riku
- Antti
- Matti
- Jared Stafford <jspenguin [at] jspenguin.org>
- FiloSottile
- Christian Mehlmauer <FireFart [at] gmail.com>
- juan vazquez <juan.vazquez [at] metasploit.com>
References
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/scanner/ssl/openssl_heartbleed
msf auxiliary(openssl_heartbleed) > show actions
...actions...
msf auxiliary(openssl_heartbleed) > set ACTION <action-name>
msf auxiliary(openssl_heartbleed) > show options
...show and set options...
msf auxiliary(openssl_heartbleed) > run
728x90