Tools
hbad - Heartbleed client side test tool
Hbad functionality
The functionality of hbad can be demonstrated with the below illustration:
If a request is sent to the hbad server by any client (e.g. IRC, Fetchmail, browser), the server initiates the SSL handshake and checks the SSL header for the Heartbeat addon. If it is available, it indicates the client uses OpenSSL. Thereupon the hbad server sends a Heartbeat request back to the client. If the client runs a vulnerable OpenSSL version, it sends back the Heartbeat response, which contains the sensitive data.
nsdtool
Nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline. It is not being bound to the delivered tools by Netgear.
CRT-Removelocks.apk / CRT-Removelocks Source code
We have developed an app to illustrate a security gap in Android 4.x (4.0, 4.1, 4.2, 4.3). This vulnerability enables any rogue app at any time to remove all existing device locks activated by a user. You can choose between two options: remove all locks right away or remove them at a defined time.
