Free Scanning Tool Promises To Find Heartbleed On Any Device

CrowdStrike Friday released a free scanning tool that it says can find the Heartbleed vulnerability on any device that runs OpenSSL.

While a number of free scanning tools have been released since the serious Heartbleed vulnerability was disclosed earlier this month, most of them only scan for the bug on an external web server or a single device, notes Dmitri Alperovitch, co-founder and CTO of CrowdStrike in a blog about the free tools.

Some of the previously-released free tools have also come under fire for failing to detect Heartbleed in all instances. In a blog posted on the Internet Storm Center Monday, researcher Pedro Bueno said scanning tools may not always find the flaw.

CrowdStrike's tool can not only consistently identify the flaw on Web servers, but can find it on OpenSSL virtual private networks, Secure FTP servers, email servers, routers, printers, phones, or any other device that uses OpenSSL, Alperovitch says.

"In addition to the ability to show the list of vulnerable servers, the scanner also outputs the contents of the the 64Kb of memory that a vulnerable server returns back to the Heartbeat SSL request, allowing you to see the extent of the impact of this vulnerability on your devices and services," his blog states.