Here's some tools I found useful in the past.. (credit goes to my blog) John the Ripper - John the Ripper password cracker Damn fast password cracker; good for getting weak Unix passwords Metasploit Framework - Penetration Testing | The Metasploit Project Open-source platform for all the goodies like dev, testing and using exploits. Anyone said request time out? Nessus - Tenable Network Security Identify potential server vulnerabilities. Yes it's 1200$/year. Worth every penny of it. Nmap or Network Mapper - Nmap - Free Security Scanner For Network Exploration & Security Audits. It's free and it will map your network for sure. Also OS fingerprinting, stealth scan, etc. Nikto - Nikto2 | CIRT.net Nikto is open source; it performs tests against web server to enumarate common vulnerabilities and brute force for files and directories. Sing - SING | Get SING at SourceForge.net Sing = Send ICMP Nasty Garbage. Name says it all; practically you can send anything you want over ICMP. SQLmap - sqlmap: automatic SQL injection and database takeover tool SQLmap allows you to do some sql injection tests. It's main purpose is "to take over of back-end database servers" as it's stated in the introduction on their webpage. Firefox (yes, the old lovely Firefox browser) with Websecapp extensions - https://addons.mozilla.org/en-US/firefox/collection/secfox - https://addons.mozilla.org/en-US/firefox/collection/webappsec You will probably need both Firefox 2.x and Firefox 3.x installed. Extensions go from SQL injection tools to. They are not very advanced but they could be usefull for small tests. SSLcheck - can use online tools like SSL Certificate Tester - Check Certificates They should really install a Captcha plugin on that website.. Wireshark - Wireshark Go deep. Yes. Go deep. Best tool available. Can detect any vulnerability if you read hexa in real time Well seriously, can help anyone make a good evaluation of traffic. Nice to use when conducting tests to see what's happening. Of course there is tcpdump too. Hydra - THC-HYDRA - fast and flexible network login hacker Best brute forcer ever. Can login in about anything if you are patient enough And yes, it also has a Windows version compiled. But if you want to hack something from Windows, go away please. I think compiling Hydra for Windows Users is some kind of jailbait.. Netcat - The GNU Netcat -- Official homepage Reads and writes using TCP/IP protocol. That's all. You can built damn good trojan scripts without knowing even what a socket is. But don't do it. Many more I can't remember.. Enjoy some script kiddie work