We use the tools mentioned below to help us perform our penetration testing and audit tasks. This is not an exhaustive list but is illustrative of the software we find helpful, in addition to the manual tests we perform.

	Core Impact: a commercial grade penetration testing product for assessing specific information security threats to an organization. It automates the previously manual and expensive penetration testing process. It allows us to actively exploit vulnerabilities within a network, replicating the kinds of access an intruder could achieve.
	Appdetective: a vulnerability assessment scanner that locates and assesses the security strength of database applications, through penetration testing and security audit techniques. It uses a revolutionary security methodology together with an extensive knowledgebase of vulnerabilities to locate, examine and report on security holes and misconfigurations.
	WebInspect: WebInspect dynamically scans standard and proprietary Web applications to identify known and unknown application vulnerabilities. WebInspect's Adaptive-Agent technology is a sophisticated set of heuristics that enable the product to apply intelligent application level security checks. This technology is a multiphased approach to Web application assessments.
	nmap: Nmap is an open source utility for network exploration or security auditing, in preparation for penetration testing. It was designed to rapidly scan large networks. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
	Netcat: Netcat has been dubbed the network Swiss army knife. It is a simple UNIX utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
	NetScanToolsPro: NetScanTools Pro is a set of internet information gathering utilities. We use it to determine ownership of IP addresses, translate IP addresses to hostnames, scan networks, port probe target computers for services, validate email addresses, find DHCP servers, determine ownership of domains, communicate with SNMP enabled devices, list the computers in a domain, etc.
	SmartWhois: Unlike standard Whois utilities, SmartWhois can find information about a computer or domain in any part of the world, even if an IP address cannot be resolved to a hostname. It reveals country, state or province, city, name of the network provider, administrator and technical support contact information, as well as IP ranges.
	CommView: CommView is a sniffer program. Packets are decoded down to the lowest layer with full analysis of the most widespread protocols. Full access to raw data is also provided. Captured packets can be saved to log files for future analysis. A flexible system of filters makes it possible to drop packets you don't need or capture only those packets that you wish to capture.
	IDServe: A simple program which provides HTTP and non-HTTP server identification and reverse DNS lookup.
	Sam Spade: Sam Spade for Windows is a freeware network query tool which we use for nslookup, dig, finger, DNS zone transfer, SMTP relay check and e-mail header analysis.
	Solarwinds: One of the fastest, most robust network discovery engines in the industry. It includes IP Network Browser and Network Sonar, as well as a switch port mapper, MAC address discovery, subnet list, SNMP sweep and DNS audit.
	Nbt dump: This utility dumps NetBIOS information from Windows NT, Windows 2000 and *NIX Samba servers such as shares, user accounts with comments etc and the password policy. Runs on Windows NT 4 and Windows 2000.
	DumpSec: SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/2000. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
	Achilles: Achilles is a tool for Windows designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. Achilles will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
	Brutus: Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to its home page.
	Hyena: Hyena is a systems management tool that enables administrators to manage just about every aspect of multiple Windows NT/2000 domains, servers, workstations, groups and users from one convenient Explorer-like interface. Hyena brings together all of the administrative tools from Windows NT such as User Manager, Server Manager, and File Manager/Explorer, and many of the MMC components from Windows 2000 into a single, easy-to-use, centralized program. Hyena arranges all system objects, such as users, servers, and groups, in a hierarchical tree for easy and logical system administration.
	IKE-Scan: IKE-scan demonstrates detection and identification of IPsec VPN systems. IKE-scan sends an initial IKE main-mode packet to each of the specified hosts and records all the responses returned. It will display the responses received which discovers which hosts are running IKE and will return a response (most IKE implementations will respond in the default configuration, but not all). It can also record and display the re-transmission back-off pattern for each responding host and attempt to match this pattern against a database of known patterns to "fingerprint" the IKE implementation. The program handles retry and re-transmission with back-off to cope with packet loss. It also limits the amount of bandwidth used by the outbound IKE packets.
	PuTTY: PuTTY is a free implementation of Telnet and SSH for Win32 platforms, along with an xterm terminal emulator.