Since last week, several researchers and security companies have released free web-based scanners for the OpenSSL Heartbleed (CVE-2014-0160) vulnerability independently revealed on April 7th. While these may be great and easy to use tools to determine if your public website may be vulnerable to this issue (although, some have been found not to be very accurate), we realized that there was a largely unmet demand for an easy to use UI tool capable of also scanning the internal networks and non-HTTPS services for this vulnerability since this problem is so much bigger than just external websites.
Today we are happy to release a new free community CrowdStrike Heartbleed Scanner built by our very own Robin Keir, CrowdStrike community tool developer extraordinaire. With this tool, you can now easily scan your Intranet SSL websites, OpenSSL VPNs, Secure FTP servers, Databases, Secure SMTP/POP/IMAP email servers, routers, printers, phones, and anything else that may have been compiled with OpenSSL 1.0.1-1.0.1f.
In addition to the ability to show the list of vulnerable servers, the scanner also outputs the contents of the the 64kb of memory that a vulnerable server returns back to the heartbeat SSL request allowing you to see the extent of the impact of this vulnerability on your devices and services.
We’ve built this tool to help our CrowdStrike Services clients and to continue our mission of giving back to the community. In that spirit, we also decided to release the scanner as a free tool available to all.
Download CrowdStrike Heartbleed Scanner here.
And please leave your feedback, comments or questions in our Community Forums – we love hearing from you and your experiences with our free tools!