Community Tools CROWDSTRIKE FALCON™ ORCHESTRATOR Extendable Workflow Automation & Real-Time Security Forensics and Remediation Falcon Orchestrator is an open source tool built on CrowdStrike’s Falcon Connect APIs. Customers can take advantage of powerful workflow automation and case management capabilities, as well as extendable wide range of security forensics and remediation actions which work in conjunction with and complement the capabilities of CrowdStrike Falcon Host. Download Learn More Watch Video CROWDSTRIKE SHELLSHOCK SCANNER Network Scan for Bash Vulnerability CrowdStrike ShellShock Scanner is a free tool aimed to help alert you to the presence of systems on your network that are vulnerable to the Bash ShellShock vulnerability. Supported Operating Systems: The tool runs on both 32 bit and 64 bit versions of Windows from XP and above. Download Integrity Hashes CSShellShockScanner.zip MD5 4C5082101C87BB38BE9A659CCB1844D6 SHA1 730A27FEDBC0884D020F5FE075A751BF7EFBA85D SHA256 61744C1405F92A7BA551D0969B2C20A928DE87F54ED3C2AC5F0B7CFF09A55BBB CSShellShockScanner.exe MD5 290EE8C5EA6A055E6DE58FFE28C1F9FC SHA1 B7A778FB7951BEE617755ECB7ED297DCC97157C3 SHA256 775EEDCC67A62632E9A585182B1854643F2B116C500760DB4F8EB86570F6FCB3 CROWDSTRIKE HEARTBLEED SCANNER Network Scan for OpenSSL Vulnerability CrowdStrike Heartbleed Scanner is a free tool aimed to help alert you to the presence of systems (such as web servers, VPNs, secure FTP servers, databases, routers, etc.) on your network that are vulnerable to the OpenSSL Heartbleed vulnerability. Supported Operating Systems: The tool runs on both 32 bit and 64 bit versions of Windows from XP and above. Download Integrity Hashes CSHeartbleedScanner.zip MD5 5AA490B7FABFD523411586459CB44571 SHA1 A9B47160745A4BC7D6A7E043B001F2F6A5C3FAE4 SHA256 54B5DC89DB3221B20E6EB5AB1B68AB8EB9D95F2A9A7EDC9E9EB04A438B92B5CC CSHeartbleedScanner.exe MD5 DAAC0A10E341468A3A27788647066EF1 SHA1 DEA595C7A92D14A2B6328A87EFE954BAB1289AB0 SHA256 3CD34EB55C5570B38AE126C0D4E053586B55CF7B964A03BFDFB6935C24432E48 CROWD RESPONSE Static Host Data Collection Tool Crowd Response is a lightweight Windows console application designed to aid in the gathering of system information for incident response and security engagements. The application contains numerous modules, each of them invoked by providing specific command line parameters to the main application. Modules are all built into the main application in C++ language utilizing the Win32 API to achieve their functionality. Crowd Response results may be viewed in a variety of ways, particularly when leveraging CrowdStrike’s CRconvert. By default, output from Crowd Response is provided in an XML file. CRconvert will flatten this XML to CSV, TSV or HTML, if desired. The various format options were created to support the different needs and analysis preferences of the end user. Supported Operating Systems: The tool runs on 32 bit and 64 bit versions of Windows from XP and above. Download INTEGRITY HASHES CrowdResponse.zip MD5 65bfdf1f52ee05f6c717b246bf862794 SHA1 d6addb1ac73343ec55b3de497957447419ff41c9 SHA256 6aa2aa39efee84851f261b90cfad482d0dd06e297c918eb7f77f1ae1c00aa813 TORTILLA Anonymous Security Research through Tor Tortilla is an open source tool that allows users to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines. Supported Operating Systems: The tool runs on 32 bit and 64 bit versions of Windows from XP and above. Download Source Code Integrity Hashes Tortilla_v1.1.0_Beta.zip SHA256 5c6e8caa200850d44e6dbaf187f238e24ada2de7e394b5d4d5f5d04f524bd899 CROWD DETOX Decompilation Deobfuscator The CrowdDetox plugin for Hex-Rays automatically removes junk code and variables from Hex-Rays function decompilations. This allows security researchers to analyze malware more easily, efficiently, and effectively. Supported Operating Systems: This distribution comes with pre-built versions of the plugin for Windows, Mac OS, and Linux. Download Source Code Integrity Hashes CrowdDetox_v1.0.2_Beta.zip SHA256 f04c6253f737a3bf3d7096840be082097523e521ca57c79533b8ceb979c8a6eb CROWD INSPECT Host-Based Process Inspection CrowdInspect is a free community tool for Microsoft Windows systems that is aimed to help alert you to the presence of potential malware are on your computer that may be communicating over the network. It is a host-based process inspection tool utilizing multiple sources of information to detect untrusted or malicious network-active process. The tool is leveraging intelligence from VirusTotal, Web of Trust (WOT), and Team Cymru’s Malware Hash Registry. Supported Operating Systems: The tool runs on both 32 bit and 64 bit versions of Windows from XP and above. CrowdInspect. Version 1.0.0.3: CrowdInspect now analyzes all processes, not just those communicating over the network. Uncheck the TCP and UDP buttons to see only those processes not communicating on the network. Bug fixes, including better parsing of VirtusTotal results. Download Integrity Hashes CrowdInspect.zip MD5 334B9BF33CE1B1E9899B179397094627 SHA1 0C1D6EF4354A5B9E0B4D9E3DFFB3C108FDDFE418 SHA256 0FAA2360D6D14BB83EF45545825F52F382D6D47BF1D168495ED207A359DCD4B8 CrowdInspect.exe MD5 38AC17757EB710350FF389FAB43D6900 SHA1 77B7D727691AB2EBE70A6ABE4534840C54D19B69 SHA256 ADCAF4BFD954F46D05C3F9DBF9A1A057B28D8870B7C54C30455D2742C0AF0F71 X CrowdStrike ShellShock Scanner is certified as a Trusted Download application by TRUSTe signifying that the ShellShock Scanner has been tested by TRUSTe for compliance with TRUSTe’s TDP program requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding the scanner, please contact us at CrowdStrike, 15440 Laguna Canyon Road, Suite 250, Irvine, CA 92618 or by email at privacy@crowdstrike.com or by phone at 1.888.512.8906. If you are not satisfied with our response you can contact TRUSTe here. Crowdstrike Shellshock Scanner Software License Agreement Please read this software license agreement carefully before downloading or using the CrowdStrike Shellshock scanner software and its documentation (together, the software). by clicking Accept, downloading, or using the software you are consenting to be bound by this agreement. If you do not agree to all of the terms of this agreement, click Decline and do not otherwise download, install or use the software. What Is CrowdStrike Shellshock Scanner? CrowdStrike ShellShock Scanner is a free tool for Microsoft Windows systems aimed to help alert you to the presence of systems on your network that are vulnerable to the bash shell ShellShock Vulnerability. Please review our Privacy Policy 1. Free License CrowdStrike, Inc. (CrowdStrike) grants to the user ("You" or you) a free, nonexclusive license to download, install, run, copy, use and distribute the Software in object code form. If you may make copies or distribute the Software, you must include this Software License Agreement, the readme file, and the copyright notices in the files and not charge a fee. The Software should only be used to scan systems that you own or control or have permission to scan. You are solely responsible for determining the appropriateness of using or redistributing the Software and assume any risk and all liability associated with your exercise of permissions under this Agreement. YOU SHALL NOT: SELL, RENT, LEASE, MODIFY, CREATE DERIVATIVE WORKS, REVERSE COMPILE OR REVERSE ASSEMBLE ALL OR ANY PORTION OF THE SOFTWARE. YOU SHALL NOT: USE THIS SOFTWARE FOR ANY UNLAWFUL PURPOSE. 2. CrowdStrike Property. The Software is licensed and not sold to you, and no title or ownership to the Software or the intellectual property rights embodied therein passes as a result of this Agreement or any act pursuant to this Agreement. All rights in and to the Software not expressly granted to you in this Agreement are reserved. The CrowdStrike name, the CrowdStrike logo and the product names associated with the Software are trademarks of CrowdStrike and no right or license is granted to use them other than in connection with the use of the Software as allowed by this Agreement. 3. Feedback. You agree that if you give us any suggestions, comments and feedback regarding the Software, they can be used by us for any purpose for free. 4. NO WARRANTY. THE SOFTWARE IS PROVIDED AS IS WITHOUT ANY WARRANTY WHATSOEVER. CROWDSTRIKE, ITS AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, RESULT, EFFORT, TITLE AND NON-INFRINGEMENT, OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WARNING POSSIBLE DAMAGE OR DISRUPTION. The Software scans systems and may cause instability, disruption or damage to systems and data thereon. CrowdStrike disclaims responsibility for costs in connection with disruptions of and/or damage to your or a third party's information systems and the information and data contained therein, including, but not limited to, automatic shut-down of information systems caused by intrusion detection software or hardware, or failure of the information system resulting from the use of the Software. 5. NO LIABILITY. IN NO EVENT WILL CROWDSTRIKE, ITS AFFILIATES, OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE EVEN IF CROWDSTRIKE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 6. Term and Termination. This Agreement and the license are effective until terminated. You may terminate this Agreement at any time by destroying all copies of Software including any documentation. This Agreement will terminate immediately without notice from CrowdStrike if You fail to comply with any provision of this Agreement. Upon termination, You must destroy all copies of the Software. 7. Import Regulation and Export Control. The Software, including technical data, is subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. You agree to comply strictly with all such regulations and acknowledge that You have the responsibility to obtain any necessary licenses to export, re-export, or import the Software. 8. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect. This Agreement constitutes the entire agreement between the parties with respect to the use of the Software. 9 . Uninstall. CrowdStrike Shellshock Scanner does not need to be uninstalled. It does not have a separate uninstaller. Instead, all you need to do to remove it is to move it to the Recycle Bin or delete it DOWNLOAD X HeartBleed Sensor is certified as a Trusted Download application by TRUSTe signifying that HeartBleed Sensor has been tested by TRUSTe for compliance with TRUSTe's TDP program requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding HeartBleed Sensor, please contact us at CrowdStrike, 15440 Laguna Canyon Road, Suite 250, Irvine, CA 92618 or by email at privacy@crowdstrike.com or by phone at 1.888.512.8906. If you are not satisfied with our response you can contact TRUSTe here. Crowdstrike Heartbleed Scanner Software License Agreement Please read this software license agreement carefully before downloading or using the CrowdStrike Heartbleed scanner software and its documentation (together, the software). by clicking Accept, downloading, or using the software you are consenting to be bound by this agreement. if you do not agree to all of the terms of this agreement, click Decline and do not otherwise download, install or use the software. What Is CrowdStrike Heartbleed Scanner? CrowdStrike Heartbleed Scanner is a free tool for Microsoft Windows systems to help alert you to the presence of systems on your network that are vulnerable to the OpenSSL Heartbleed vulnerability. Please review our Privacy Policy 1. Free License CrowdStrike, Inc. (CrowdStrike) grants to the user ("You" or you) a free, nonexclusive license to download, install, run, copy, use and distribute the Software in object code form. If you may make copies or distribute the Software, you must include this Software License Agreement, the readme file, and the copyright notices in the files and not charge a fee. The Software should only be used to scan systems that you own or control or have permission to scan. You are solely responsible for determining the appropriateness of using or redistributing the Software and assume any risk and all liability associated with your exercise of permissions under this Agreement. YOU SHALL NOT: SELL, RENT, LEASE, MODIFY, CREATE DERIVATIVE WORKS, REVERSE COMPILE OR REVERSE ASSEMBLE ALL OR ANY PORTION OF THE SOFTWARE. YOU SHALL NOT: USE THIS SOFTWARE FOR ANY UNLAWFUL PURPOSE. 2. CrowdStrike Property. The Software is licensed and not sold to you, and no title or ownership to the Software or the intellectual property rights embodied therein passes as a result of this Agreement or any act pursuant to this Agreement. All rights in and to the Software not expressly granted to you in this Agreement are reserved. The CrowdStrike name, the CrowdStrike logo and the product names associated with the Software are trademarks of CrowdStrike and no right or license is granted to use them other than in connection with the use of the Software as allowed by this Agreement. 3. Feedback. You agree that if you give us any suggestions, comments and feedback regarding the Software, they can be used by us for any purpose for free. 4. NO WARRANTY. THE SOFTWARE IS PROVIDED AS IS WITHOUT ANY WARRANTY WHATSOEVER. CROWDSTRIKE, ITS AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, RESULT, EFFORT, TITLE AND NON-INFRINGEMENT, OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WARNING POSSIBLE DAMAGE OR DISRUPTION. The Software scans systems and may cause instability, disruption or damage to systems and data thereon. CrowdStrike disclaims responsibility for costs in connection with disruptions of and/or damage to your or a third party's information systems and the information and data contained therein, including, but not limited to, automatic shut-down of information systems caused by intrusion detection software or hardware, or failure of the information system resulting from the use of the Software. 5. NO LIABILITY. IN NO EVENT WILL CROWDSTRIKE, ITS AFFILIATES, OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE EVEN IF CROWDSTRIKE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 6. Term and Termination. This Agreement and the license are effective until terminated. You may terminate this Agreement at any time by destroying all copies of Software including any documentation. This Agreement will terminate immediately without notice from CrowdStrike if You fail to comply with any provision of this Agreement. Upon termination, You must destroy all copies of the Software. 7. Import Regulation and Export Control. The Software, including technical data, is subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. You agree to comply strictly with all such regulations and acknowledge that You have the responsibility to obtain any necessary licenses to export, re-export, or import the Software. 8. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect. This Agreement constitutes the entire agreement between the parties with respect to the use of the Software. 9 . Uninstall. CrowdStrike Heartbleed Scanner does not need to be uninstalled. It does not have a separate uninstaller. Instead, all you need to do to remove it is to move it to the Recycle Bin or delete it. DOWNLOAD