This repo contains a script to automatically test sites for vulnerability to the Heartbleed Bug (CVE-2014-0160).

This repo also contains test results for the Alexa top 10,000 sites as of around April 8, 16:00 UTC. Websites listed as vulnerable may no longer be vulnerable. This list serves as a snapshot of vulnerable sites at the time of the scan.

This is not a tracker which tracks which sites are vulnerable or not over time, but shows which sites have been affected.

To check if a site is still vulnerable, you may use the tool at http://filippo.io/Heartbleed/.

Please note that subdomains aren't tested, so sites that don't have SSL on their main domain will appear as "no SSL".