• Nemesis:
  a command line packet shaper
• Packit:
  The Packet Toolkit – A network packet shaper.
• Hping
  by Antirez: a command line TCP/IP packet shaper
• Sing:
  stands for ‘Send ICMP Nasty Garbage’; sends fully customizeable ICMP
  packets
• Scapy:
  a new python-based packet generator

Password
Cracker/Login Hacker:

• John
  the Ripper: a well-known
  password cracker for Windows and *nix Systems
• Djohn:
  a distributed password cracker based on "John
  the Ripper"
• Cain
  & Abel: an advanced
  password recovery tool for windows systems. It sniffs the network
  packets an cracks authentication brute-force or with dictionary
  attacks.
• Project
  RainbowCrack: Advanced instant
  NT password cracker
• Rainbowtables: The
  shmoo group provides pre-generated rainbow tables for bittorrent
  download. The tables are generated with RainbowCrack (see above).
• Windows
  NT
  password recovery tool by Peter
  Nordahl
• THC-Dialup
  Login Hacker by THC. It tries to
  guess username and password against the modem carrier. As far as I know
  the only available dialup password guesser for *NIX.
• Hydra
  by THC: a multi-protocol login hacker. Hydra is also integrated with Nessus.
• Medusa: parallel network login auditor
• THC
  imap bruter: a very fast imap
  password brute forcer
• x25bru:
  a login/password bruteforcer for x25 pad
• Crowbar: a generic web brute force tool (Windows only; requires .NET Framework)
• MDCrack-NG: a very fast MD4/MD5/NTLMv1 hash cracker; works optionally with precomputed hash tables

Advanced
Sniffers:

• Wireshark (formerly known as Ethereal): an open source network protocol analyzer
• Dsniff
  by Dug Song: a combination of very useful sniffer and man-in-the-middle
  attack tools
• Ettercap:
  a multipurpose sniffer/interceptor/logger for switched LAN environments
• aimsniffer:
  monitors AOL instant messager communication on the network
• 4G8:
  a tool ,similar to ettercap, to capture network traffic in switched
  environments
• cdpsniffer:
  Cisco discovery protocol (CDP) decoding sniffer

Port
Scanner / Information Gathering:

• nmap:
  the currently most well-known port scanner. Since version 3.45 it
  supports version
  scans. Have a look at PBNJ for diffing different nmap scans.
• ISECOM
  released their nmap wrapper NWRAP,
  which shows all known protocols for the discovered ports form the Open
  Protocol Resource Database
• Nmap::Scanner:
  Perl output parser for nmap
• Amap
  by THC: An advanced portscanner which determines the application behind
  a network port by its application handshake. Thus it detects well-known
  applications on non-standard ports or unknown applications on
  well-known ports.
• vmap
  by THC: version mapper to determine the version (sic!) of scanned daemons
• Unicornscan:
  a information gathering and correlation engine
• DMitry (Deepmagic Information Gathering Tool): a host information gathering tool for *nix systems
• Athena:
  a search engine query tool for passive information gathering

Security
Scanner:

• Nessus
  - In version 2 an OpenSource network scanner. Version 3 is only available in binary form and under a proprietary license.
• OpenVAS: a fork of Nessus 2.2.5 (formerly known as GNessUs)

• Nessj: a java based nessus (and compatibles) client (formerly known as Reason)
• Paul
  Clip from @stake released AUSTIN,
  a security scanner for Palm OS 3.5+.

Webserver:

• Nikto:
  a web server scanner with anti IDS features. Based on Rain Forest
  Puppies libwhisker
  library.
• Wikto: a webserver assessment tool (Windows only; requires .NET framework)
• WSDigger:
  a black box web pen testing tool from Foundstone (Windows based)
• Metis:
  a java based information gathering tool for web sites

Fingerprinting:

• SinFP: a fingerprinting tool which requires only an open tcp port and sends maximum 3 packets
• Winfingerprint:
  much more than a simple fingerprinting tool.It scans for Windows
  shares, enumerates usernames, groups, sids and much more.
• p0f
  2: Michal Zalewski announced his
  new release of p0f 2, a passive OS fingerprinting tool. p0f 2 is a
  completely rewrite of the old p0f code.
• xprobe2:
  a remote active operating system fingerprinting tool from Ofir Arkin
  and the xprobe2 team
• Cron-OS:
  an active OS fingerprinting tool based on TCP timeout behavior. This
  project was formerly known as "RING" and is now published as a nmap
  addon.

Proxy
Server:

• Burp
  proxy: an interactive HTTP/S
  proxy server for attacking and debugging web-enabled applications
• Screen-scraper:
  a http/https-proxy server with a scripting engine for data manipulation
  and searching
• Paros:
  a man-in-the-middle proxy and application vulnerability scanner
• WebScarab: a framework for analyzing web applications. One of it’s basic functionality is the usage as intercepting proxy.

War Dialers:

• IWar: a classic war dialer. One of a few wardialers for *nix operation systems, and the only with VOIP functionality (to my knowledge)
• THC-Scan: a war dialer for DOS, Windows and DOS emulators

Malware / Exploit Collections:

• packetstormsecurity.org:
  Huge collections of tools and exploits
• ElseNot Project: The project tries to publish an exploit for each MS Security Bulltin. A script kiddie dream come true.
• Offensive Computing: Another malware collection site
• Securityforest: try the ExploitTree to get a collection of exploit code; have a look at the ToolTree for a huge list of pentest stuff

Databases / SQL:

• sqlninja: a tool to exploit sql injection vulnerabilities in web applications with MS SQL Servers (alpha stage)
• CIS
  Oracle Database Scoring Tool:
  scans Oracle 8i for compliance with the CIS Oracle Database
  Benchmark
• SQLRecon:
  an active and passive scanner for MSSQL server. Works on Windows 2000,
  XP and 2003.
• absinthe: a
  gui-based tool that automates the process of downloading the schema
  & contents of a database that is vulnerable to Blind SQL Injection
  (see here
  and here).
• SQL Power Injector: a GUI based SQL injector for web pages (Windows, .Net Framework 1.1 required, Internet Explorer 5.0+ required)

Voice over IP (VOIP):

• vomit (voice over misconfigured internet telephones): converts Cisco IP phone conversations into wave files
• SiVuS: a VOIP vulnerability scanner – SIP protocol (beta, Windows only)
• Cain & Abel: mostly a password cracker, can also record VOIP conversations (Windows only)
• sipsak (SIP swis army knife): a SIP packet generator
• SIPp: a SIP test tool and packet generator
• Nastysip: a SIP bogus message generator
• voipong: dumps G711 encoded VOIP communications to wave files. Supports: SIP, H323, Cisco Skinny Client Protocol, RTP and RTCP
• Perl based tools by Thomas Skora: sip-scan, sip-kill, sip-redirectrtp, rtpproxy and ipq_rules
• rtptools: a toolset for rtp recording and playing

Networkbased Tools:

• yersinia: a network tool
  designed to take advantage of some weakeness in different network
  protocols (STP, CDP, DTP, DHCP, HSRP, 802.1q, VTP)

• Netsed:
  alters content of network packets while
  forwarding the packets

• ip6sic:
  a IPv6 stack integrity tester

VPN:

• ike-scan:
  an IPSec enumeration and fingerprinting tool
• ikeprobe:
  ike scanning tool
• ipsectrace:
  a tool for profiling ipsec traffic in a dump file. Initial alpha release
• VPNMonitor:
  a Java application to observer network traffic. It graphically
  represents network connections and highlights all VPN connections. Nice
  for demonstrations, if somewhat of limited use in a real pen test.
• IKECrack:an IKE/IPSec cracker for pre-shared keys (in aggressive mode authentication [RFC2409])

DNSA:
DNS Auditing tool by Pierre Betouin

Hunt:
a session hijacking tool with curses GUI

SMAC:
a Windows MAC Address Modifying Utility. Supports Windows 2000 and XP.

The
WebGoat Project: a web
application written in Java with intentional vulnerabilities. Supports
an interactive learning environment with individual lessons.

TSCrack:
a Windows Terminal Server brute forcer

Ollie
Whitehouse from @stake released some new cellular phone based
pentesting tools for scanning
(NetScan,
MobilePenTester).
All tools
require a Sony Ericsson P800 mobile phone. Unfortunately, @stake seems
no longer to support much of their free
security tools. So, use instead the alternativ download links above.

THC-FuzzyFingerprint:
generates fuzzy fingerprints that look almost nearly equal to a given
fingerprint/hash-sum. Very useful for MITM attacks.

BeatLM,
a password finder for LM/NTLM hashes. Currently, there is no support
for NTLM2 hashes. In order to get the hashes from network traffic, try ScoopLM.

THC
vlogger: a linux kernel based
keylogger

The
Metasploit Framework: an
"advanced open-source platform for developing, testing, and using
exploit code".

ATK (Attack Tool Kit): a comination of security scanner and exploit framework (Windows only)

Pirana: an exploitation framework to test the security of email content filters. See also the whitepaper

PassLoc:
a tool which provides the means to locate keys within a buffer. Based
on the article "Playing
hide and seek with stored keys"
by Adi Shamir.

Dl-Hell:
identifies an executables dynamic link library (DLL) files

DHCPing:
a security tool for testing dhcp security

ldapenum:
a perl
script for enumeration against ldap servers.

Checkpwd: a dictionary based password checker for oracle databases

NirCmd from NirSoft: a windows command line tool to manipulate the registry, initiate a dialup connection and much more

Windows Permission Identifier: a tools for auditing user permissions on a windows system

MSNPawn: a toolset for footprinting, profiling and assesment via the MSN Search. Windows-only, .NET required

snmpcheck:a tool to gather information via snmp. Works on Linux, *BSD and Windows systems.

pwdump6: extract NTLM and LanMan hashes from Windows targets

• Must have Bluetooth hacking tools
• Great list of hacking tools
• splmap 0.6 released
• VoIP Hacking software
• Free SQL Injection Scanners

Discovering Bluetooth Devices

BlueScanner – BlueScanner searches out for
Bluetooth-enabled devices. It will try to extract as much information
as possible for each newly discovered device. Download BlueScan.

BlueSniff – BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.

BTBrowser – Bluetooth Browser is a J2ME application that
can browse and explore the technical specification of surrounding
Bluetooth-enabled devices. You can browse device information and all
supported profiles and service records of each device. BTBrowser works
on phones that supports JSR-82 – the Java Bluetooth specification. Download BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows
Mobile based devices. It scans for other devices in range and performs
service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability.
BlueBug is the name of a set of Bluetooth security holes found in some
Bluetooth-enabled mobile phones. By exploiting those vulnerabilities,
one can gain an unauthorized access to the phone-book, calls lists and
other private information. Download BlueBugger.

CIHWB – Can I Hack With Bluetooth (CIHWB) is a Bluetooth
security auditing framework for Windows Mobile 2005. Currently it only
support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and
some DoS attacks. Should work on any PocketPC with the Microsoft
Bluetooth stack. Download CIHWB.

Bluediving – Bluediving is a Bluetooth penetration testing
suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++,
BlueSmack, has features such as Bluetooth address spoofing, an AT and a
RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP
packetgenerator, L2CAP connection resetter, RFCOMM scanner and
greenplaque scanning mode. Download Bluediving.

Transient Bluetooth Environment Auditor – T-BEAR is a
security-auditing platform for Bluetooth-enabled devices. The platform
consists of Bluetooth discovery tools, sniffing tools and various
cracking tools. Download T-BEAR.

Bluesnarfer – Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing.
Bluesnarfing is a serious security flow discovered in several
Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is
possible to connect to the phone without alerting the owner, and gain
access to restricted portions of the stored data. Download Bluesnarfer.

BTcrack – BTCrack is a Bluetooth Pass phrase (PIN) cracking
tool. BTCrack aims to reconstruct the Passkey and the Link key from
captured Pairing exchanges. Download BTcrack.

Blooover II – Blooover II is a J2ME-based auditing tool. It
is intended to serve as an auditing tool to check whether a mobile
phone is vulnerable. Download Blooover II.

BlueTest – BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.

BTAudit – BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

• Penetration Testing Tools
• Great list of hacking tools
• splmap 0.6 released
• VoIP Hacking software
• Free SQL Injection Scanners

• Penetration Testing Tools
• Must have Bluetooth hacking tools
• SecDocs – Documenti vari di IT security
• Lol: A Geek Life
• splmap 0.6 released