-snip-
What tools would you use?
None, an attack on someones service without their written consent is usually illegal and can get you in trouble. If you want to learn, get some VMs to break into, like e.g. stapler and run them in your (virtual) lab.
I understand I cannot just scan online wallets without their permission. But let's stick to the security of HW wallets then.
How would I know how secure a HW wallet is? What points should I test to see it?