Tools for Application Security Audits (PT, CR, DR)
Netsparker - free vulnerability scanner
Netsparker® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker's unique detection and exploitation techniques allows it to be dead accurate in reporting hence it's the first and the only False Positive Free web application security scanner.
Download Netsparker from here
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.
Download Fiddler from here
Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.
Download Burp Proxy from here
Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.
Download Echo Mirage from here
Absinthe - Blind SQL Injector
Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.
Download Absinthe from here
Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Download Wireshark from here
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing
Download Zenmap from here
Explore and analyze compiled .NET assemblies, viewing them in C#, Visual Basic, and IL.
Download .NET Reflector from here
Decompile and analyze Java 5 “byte code” and the later versions.
Download Java Decompiler from here
soapUI is a free and open source desktop application for inspecting & invoking Web Services. Can be very usefull for testing webservices from a security perspective
Download soapUI from here
Cain & Abel
Cain & Abel allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols
Download Cain & Abel from here
WinSpy++ is a handy programmer's utility which can be used to select and view the properties of any window in the system. WinSpy is based around the Spy++ utility that ships with Microsoft Visual Studio.
Download WinSpy from here
HexEdit is a hexadecimal file editor for Microsoft Windows. HexEdit allows the user to view and edit any type of file, no matter what format it is saved in.
Download Hex Edit from here
SSL Digger looks at the SSL Ciphers that a web server supports. It produces a report and grades the site
Download SSL Digger from here
Putty - SSH & Telnet
PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator
Download Putty from here