Rush post: heartbleed-masstest
The Heartbleed Bug (CVE-2014-0160) is not just a run-of-the-mill bug, it’s a damn scary bug. Most “nasty” vulnerabilities are quite limited in scope – maybe an attacker has a tiny chance of exploiting the vulnerability to execute (a tiny segment of) code, or they corrupt the appearance of files (ahem, winRAR) so the user is tricked into executing malicious code. The heartbleed bug however, can be exploited without leaving any evidence of exploitation, and requires NO user interaction. The Heartbleed bug lets attackers read from arbitrary locations in the OpenSSL address space, including those used to store the PRIVATE keys.
As a result of this danger, Mustafa Al-Bassam created a tool to scan websites for this vulnerability. I forked it on GitHub, and quickly hacked it to scan in a multithreaded fashion, much faster than the original serial method.
It’s really ugly at the moment, but you can clone it here: https://github.com/ariccio/heartbleed-masstest/