Tools

Tools

You can find all new publications of Curesec on GitHub


Recotak

Recotak is an evolving security framework for penetration testing. It's major parts are writen in python-2.7. We have a lot of great features right now and a lot more are coming by the next releases.

Get it on Github

Further information and documentation


hbad - Heartbleed client side test tool

Hbad functionality

The functionality of hbad can be demonstrated with the below illustration:

If a request is sent to the hbad server by any client (e.g. IRC, Fetchmail, browser), the server initiates the SSL handshake and checks the SSL header for the Heartbeat addon. If it is available, it indicates the client uses OpenSSL. Thereupon the hbad server sends a Heartbeat request back to the client. If the client runs a vulnerable OpenSSL version, it sends back the Heartbeat response, which contains the sensitive data.

nsdtool hbad-release.tar.gz


nsdtool

Nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline. It is not being bound to the delivered tools by Netgear.

nsdtool nsdtool


CRT-Removelocks.apk / CRT-Removelocks Source code

We have developed an app to illustrate a security gap in Android 4.x (4.0, 4.1, 4.2, 4.3). This vulnerability enables any rogue app at any time to remove all existing device locks activated by a user. You can choose between two options: remove all locks right away or remove them at a defined time.

CRT-Removelocks.apk

CRT-Removelocks Source code

 

callus
Tel.: +49(0)30/ 52004 - 5222
xingcontact
Besuchen Sie unser Xing-Profil
twittercontact
Folgen Sie uns auf Twitter
contactus
Email: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!