Vulnerability/Port Scanners

• Nessus (mentioned in a previous note) is still the best even though their licensing has changed.
• nmap - still the best of the port scanner, OS identification tools and builtin most Linux distros.
• Active Ports - host based GUI version of netstat or lsof that attempts to map system processes to port listeners.

Configuration Tools

• Center for Internet Security NG Tool/Benchmark for Windows - free from www.cisecurity.org. Provides a consensus benchmark and scanning
  tool that compares system settings with the benchmark. Provides a numeric score showing what % of your setting match the benchmark
• Microsoft Baseline Security Analyzer v2.0 - scans local and remote systems and provides a nice report of system settings.
• Belarc Advisor - similar to MBSA but harder to find these days
• NSA security configuration guides
• Bastille Linux

Exploit tools

• Metasploit Framework - freeware suite of exploits and payloads for various platforms. Good to actually test your security.
• Commercial pent test tools include CoreImpact and Canvas Immunity.
• hping - command-line oriented TCP/IP packet assembler/analyzer

Web Application Security

• Paros - excellent tool with spider capabilities, limited security scan capabilities, ability to freeze www transactions and allow for dynamic replacement of www strings. Also, does some minor cross site scripting tests.
• WebScarab - available from www.owasp.org. Another good web security tool that allows you to replace session ID, cookie values to test web app security.

One Stop Shop

• Backtrack (formerly Auditor) available from www.remote-exploit.org. This is the big daddy of toolkits. Standalone Knoppix implementation that contains most of the tools mentioned above plus a whole suite of password crackers, enumeration tools, wireless security tools and more. You need this suite to fully assess your assets.
  • BackTrack 3 Teaser Video