Google : Everyone’s Favorite Search Engine While it is far more than a security tool, Google’s massive database is a good mind for security researchers and penetration testers. You can use it to dig up information about a target company by using directives such as “site:target-domain.com” and find employee names, sensitive information that they wrongly thought was hidden, vulnerable software installations, and more. Similarly, when a bug is found in yet another popular webapp, Google… Google
P0f
P0f : A versatile passive OS fingerprinting tool P0f is able to identify the operating system of a target host simply by examining captured packets even when the device in question is behind an overzealous packet firewall. P0f does not generate ANY additional network traffic, direct or indirect. No name lookups, no mysterious probes, no ARIN queries, nothing. In the hands of advanced users, P0f can detect firewall presence, NAT use, existence of load balancers,… P0f
BackTrack
BackTrack : An Innovative Penetration Testing live Linux distribution This excellent bootable live-CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc.
Airsnort
Airsnort : 802.11 WEP Encryption Cracking Tool AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.
GnuPG_PGP
GnuPG / PGP : Secure your files and communication w/advanced encryption PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.
Sam Spade
Sam Spade : Freeware Windows network query tool Sam Spade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more. Non-Windows users can enjoy online versions… Sam Spade
Scapy
Scapy : Interactive packet manipulation tool Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report… Scapy
L0phtcrack
L0phtcrack : Windows password auditing and recovery application L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still… L0phtcrack
Perl_Python_Ruby
Perl / Python / Ruby : Portable, general-purpose scripting languages While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier.
Retina
Retina : Commercial vulnerability assessment scanner by eEye Like Nessus, Retina’s function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research.