OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
RubyDNS is a high-performance DNS server that can be easily integrated into other projects or used as a stand-alone daemon (via RExec). By default, it uses rule-based pattern matching. Results can be hard-coded, computed, fetched from a remote DNS server, or fetched from a local cache, depending on requirements. In addition, RubyDNS includes a high-performance asynchronous DNS resolver built on top of EventMachine. This module can be used by itself in client applications without using the full RubyDNS server stack.
ARP Neighbor Cache Fingerprinter is a tool that provides a mechanism for remote operating system detection by extrapolating characteristics of the target system's underlying neighbor cache and general ARP behavior. Given the non-existence of any standard specification for how the neighbor cache should behave, several differences in network stack implementations can be used for unique identification. The main disadvantage of this tool versus traditional fingerprinting is that because it's based on a Layer 2 protocol instead of a Layer 3 protocol, the target machine that is being tested must reside on the same Ethernet broadcast domain (usually the same physical network).
sqlmap is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a detection engine, many niche features, and a broad range of switches including database fingerprinting, data fetching from the database, and accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.
Bluepot is a Bluetooth honeypot. It is designed to accept and store any malware sent to it and to interact with common Bluetooth attacks such as “BlueBugging” and “BlueSnarfing”. Bluetooth connectivity is provided via hardware Bluetooth dongles. The system also allows monitoring of attacks via a graphical user interface that provides graphs, lists, a dashboard, and further detailed analysis from log files. The system is also highly configurable through said interface.
ipredirectd has functionality similar to netcat but with some extra features. Multiple clients and full logging of network traffic are supported. It can also manipulate incoming and outgoing text traffic. Manipulation is based on pattern files that support regular expressions. This feature is probably most useful with HTTP. The software is smart enough not to apply regular expressions on non-HTML data by reading the content-type header. One possible usage is redistribution of pre-authenticated Web pages in foreign domains by replicating authentication and session cookies.
HackIt! is a strategic game where your goal is to control as many Web sites as you can by hacking them. It is played on an infinite map (the whole Web) where hackers struggle for the control of the Internet. The game involves scanning sites to know who they belong to, hacking your friends' favorite pages, or tracking them to kick them out of the net.