MassBleed – Open Source SSL Vulnerability Scanner
Heartbleed bug or SSL vuln is a vulnerability in the OpenSSL, a popular open-source cryptographic library that assists in the implementation of SSL and TLS protocols. Along with this CCS; Poodle, Winshock, and DROWN are also the vulnerability that can raise with SSL Protocol. Massbleed is the tool that scans the specified IP/ Host for these SSL Bugs. Massbleed tool is developed in the Shell Script and it is an automated tool. Massbleed tool is available on the GitHub Platform, it’s free and completely open-source so anyone can contribute to it. We only need to provide the IP address of the target host, then the rest of the scanning process is done by the Massbleed tool.
Installation of MassBleed Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/1N3/MassBleed.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: Change the file permissions of the scripts as shown below.
sudo chmod +x massbleed.sh sudo chmod +x heartbleed.py sudo chmod +x openssl_ccs.pl sudo chmod +x winshock.sh
Step 4: Verify the installation using the following command.
Working with MassBleed Tool on Kali Linux OS
Example 1: Scanning the IP Address
In this example, we will be scanning IP 126.96.36.199 which is a testing site.
Example 2: Scan the target web application for the HeartBleed vulnerabilities.
python3 heartbleed.py 188.8.131.52
In this example, we will be testing the geeksforgeeks.org site for HeartBleed Vulnerability.