There are dozens of online tools you can use to determine if your site is vulnerable to the Heartbleed bug (click to learn more). But what about internal sites (a.k.a. intranet sites)? How do you determine if they are vulnerable? Of course, there are several premium security tools available to analyze your systems, but what if you’re a one-man-army type of business? Why spend hundreds of dollars on a tool that does just as much? Let’s return to the original question I posed: how do you check your internal sites? We know that online tools cannot scan your intranet sites (pssh, even five-year-olds know that these days, am I right?). For that, you’ll need a tool that scans your network from the inside. Another limitation of online tools is that they only scan certain predefined ports.
The CrowdStrike Heartbleed Scanner, however, scans both your internal and external networks—and it’s available for free. To run the tool, you’ll need a Windows-based operating system, running at least Windows XP. You’ll be able to specify all the ports you want to scan. Additionally, the tool allows you to prepopulate it with a list of hostnames, IP addresses, or even IP address ranges. Then you can let it work its magic while you sit back, relax, and enjoy an episode of Suits. (Okay, don’t actually do that last part. Work is work—find something else productive to focus on.)
Finally, you can save the report in formats like HTML, CSV, XML, or TXT and proudly share how safe and secure your environment really is. If you’ve done your job well, you might even earn a nice bonus at the end of the year (no guarantees, though).
Download link for your convenience: CrowdStrike Community Tools
