tools to enumerate/verify
Best tool I've found is surely sslyze by Tom Ritter.
It shows all the cyphers found on a specific site and is capable of analysing https-, ftps, smtps and vpn enabled services. I personally use this very often to re-verify some of the fixes that have been applied to services removed the vulnerable cypher.
sslyze --sslv2 sslv3 --tlsv1 --tlsv1_1 --tlsv1_2 --hide_rejected_ciphers [hostname or IP address]
Watch out for:
EXP-RC4-MD5 40 bits 250 2.0.0 Ok
EXP-RC2-CBC-MD5 40 bits 250 2.0.0 Ok
EXP-EDH-RSA-DES-CBC-SHA 40 bits 250 2.0.0 Ok
EXP-DES-CBC-SHA 40 bits 250 2.0.0 Ok
sslyze --sslv2 --sslv3 --hide_rejected_ciphers ]hostname or IP address]
* SSLV3 Cipher Suites :
Rejected Cipher Suite(s):
Hidden Preferred Cipher Suite: DHE-RSA-AES256-SHA 256 bits 250 2.0.0 Ok
Accepted Cipher Suite(s):
EXP-ADH-RC4-MD5 Anon 250 2.0.0 Ok
EXP-ADH-DES-CBC-SHA Anon 250 2.0.0 Ok
ADH-RC4-MD5 Anon 250 2.0.0 Ok
msf > use auxiliary/scanner/ssl/openssl_heartbleed
Still need to set the RHOSTS and RPORTS accordinlgy
msf auxiliary(openssl_heartbleed) > set verbose true
verbose makes the fun as you can now see WHAT information is retrieved. (username, password, etc.)
I recently found a nice shell script tool that does some nice testing from Dirk Wetter.
Certainly worth a try...
Download it here