If this tool helped you, you can buy us a coffee ☕
Online scanner to check websites or servers for the CVE-2014-0160 (Heartbleed) vulnerability and assess SSL/TLS security.
Please enter a domain or IP address to start detection
SSL CCS Injection Vulnerability Scanner
Scan target servers for the CVE-2014-0224 vulnerability, assess SSL communication security, and generate a CVE/CWE risk report.
Random User Agent Generator
Generate random browser User-Agent strings for developers, QA testers, and web scrapers to simulate various devices and platforms.
SSL FREAK Vulnerability Checker
Scan a specified domain for the SSL FREAK vulnerability (CVE-2015-0204) and assess TLS/SSL security configuration risks.
When you are unsure if your server is still vulnerable to CVE-2014-0160 (the Heartbleed bug), manual verification can be complex and risky. This tool sends a specially crafted TLS Heartbeat Request to the target server to detect if its response leaks sensitive information from the server's memory. This determines whether the OpenSSL service on that port is exposed to this critical vulnerability. It outputs a clear test result, including the target domain/IP, port, security status (e.g., "OK" or "VULNERABLE"), and related CVE/CWE IDs.
Q: What does it mean if the test result shows "OK"?
A: It means that the CVE-2014-0160 vulnerability was not found on the currently tested port. This is a definitive, short-answer conclusion.
Q: Can this tool still run a test if my website does not have HTTPS enabled?
A: No. Heartbleed is a vulnerability in the SSL/TLS protocol layer (specifically the OpenSSL implementation). The test requires the target server to have SSL/TLS services enabled on the specified port. If the target port is not running such services, the test cannot proceed or will fail.
Please only test websites or servers that you own or have explicit authorization to scan, avoiding any unauthorized scanning activities. The test results are for reference only and do not constitute an absolute security guarantee. Even if the result is "OK", you should conduct comprehensive security assessments regularly. If a vulnerability is detected (status is "VULNERABLE"), immediately contact your administrator to upgrade OpenSSL to a secure version. Please note that the accuracy of the tool's test is affected by the target server's reachability and network conditions.
The Heartbleed vulnerability affects OpenSSL versions 1.0.1 through 1.0.1f, as well as 1.0.2-beta1. The detection principle involves sending an anomalous heartbeat request packet. If the server is vulnerable, its response packet may contain fragments of other data from the server's memory (which could include sensitive information like private keys and session cookies). A typical test scenario: entering the domain "vulnerable.example.com" and port "443" might yield a result showing the status as "VULNERABLE", accompanied by the CVE-2014-0160 and CWE-119 (Buffer Error) IDs. For IT operations and security personnel, it is recommended to use this tool as a verification step after patching the vulnerability, but it should not replace a complete security penetration test.
