There are dozens of online tools you can use to determine if your site is vulnerable to the heartbleed bug (click to learn more). What about internal sites (a.k.a intranet sites)? How do you determine if they are vulnerable? Ofcourse there are several premium security tools to analyze your systems but what if you are a one-man-army-shop kind of business? Why waste hundreds of dollars on a tool that would do just as much? Anyway, let’s go back to the original question I posed. How do you check your internal sites? We know that the online tools cannot scan your intranet sites (pssh., even 5 year old kids know that these days, am I right?) and for that you will need a tool that will scan your network from the inside. Another drawback of the online tools is that they only scan certain predefined ports.
CrowdStrike Heartbleed Scanner however, scans your internal and external network and its available for free. To run the tool, you need a Windows based operating system running atleast Windows XP. You will be able to specify all the ports you would want to scan. You also get the ability to prepopulate the tool with a whole bunch of hostnames/IP addresses or even IP address ranges and then let it do its magic while you sit back, relax and enjoy an eposide of Suits (okay, don’t do that last part. Work is work, find something else to work on). Finally, you can save the report as HTML, CSV, XML or TXT and tell everyone how safe and secure your environment really is. If you did your job right, expect a good bonus at the end of the year (no guarantees though)
Download link for your clicking pleasure: http://www.crowdstrike.com/community-tools/index.html