A large number of ShellShock online vulnerability scanners have been released since the bug disclosure on September 24. These tools can be great for scanning external web servers, however, just as we’ve seen with the Heartbleed scanners, there is a real unfilled need for a tool that can be easily used to scan for vulnerable internal systems, in addition to the external servers. While Unix gurus can fairly easily write scripts to accomplish this task, many prefer to have an easy to use Windows GUI tool to simplify the vulnerability assessment process.

And so after once again having put Robin Keir, our toolbuilder extraordinaire, on the case, we are proud to announce CrowdStrike ShellShock Scanner as our latest free community tool. As with our Heartbleed scanner, the tool can import a list of IP ranges or website URLs to scan. Multiple port ranges can be selected and the results can be saved in CSV, HTML, XML or text format.