func main() { var tgt bleed.Target flag.StringVar(&tgt.StartTls, "starttls", "", "use STARTTLS") flag.Parse() if flag.NArg() < 1 { usage(os.Args[0]) } tgt.HostIp = flag.Arg(0) u, err := url.Parse(tgt.HostIp) if err == nil && u.Host != "" { tgt.HostIp = u.Host } out, err := bleed.Heartbleed(&tgt, []byte("heartbleed.filippo.io")) if err == bleed.Safe { log.Printf("%v - SAFE", tgt.HostIp) os.Exit(0) } else if err != nil { log.Printf("%v - ERROR: %v", tgt.HostIp, err) os.Exit(2) } else { log.Printf("%v\n", string(out)) log.Printf("%v - VULNERABLE", tgt.HostIp) os.Exit(1) } }
func bleedHandler(w http.ResponseWriter, r *http.Request) { w.Header().Set("Access-Control-Allow-Origin", "*") host := r.URL.Path[len("/bleed/"):] u, err := url.Parse(host) if err == nil && u.Host != "" { host = u.Host } tgt := bleed.Target{ HostIp: string(host), } data, err := bleed.Heartbleed(&tgt, PAYLOAD) var rc int var errS string if err == bleed.Safe { rc = 1 data = []byte("") log.Printf("%v - SAFE", host) } else if err != nil { rc = 2 data = []byte("") errS = err.Error() log.Printf("%v - ERROR", host) } else { rc = 0 log.Printf("%v - VULNERABLE", host) } res := result{rc, string(data), errS} j, err := json.Marshal(res) if err != nil { log.Println("ERROR", err) } else { w.Write(j) } }