Heartbleed has the potential to be one of the biggest most widespread vulnerability in the history of the modern Internet, at the root of Heartbleed is encryption. The internet has a set of protocols for security and encryption commonly known as “Security Socket Layers” S.S.L and its successor “Transport Layer Security” T.L.S, the most common implementation of SSL and TLS is a set of open source tools known as OpenSSL.
More information are available here : http://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html
You can test if your website is vulnerable to Heartbleed attack from this website : https://filippo.io/Heartbleed , well I was thinking about creating a tool that would test a list of websites “TOP 1 Million websites in my case” and if the script finds the target vulnerable it send an email to the webmaster telling him that he should fix it !
I have created that tool and its available for download here : https://github.com/MrNasro/heartbleed/
Before using the tool you need to change the following inside “exploit.py” :
fromaddr = ‘email@example.com’
username = ’email_username’
password = ’email_password’
server = smtplib.SMTP(‘smtp.gmail.com:587’)
After the changes just just place the list of CSV domain names into the script directory and run it from the command line : python heartbleed.py