Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do about the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
ACL2 is a mathematical logic, programming language, and mechanical theorem prover based on the applicative subset of Common Lisp. It is an "industrial-strength" version of the NQTHM or Boyer/Moore theorem prover, and has been used for the formal verification of commercial microprocessors, the Java Virtual Machine, interesting algorithms, and so forth.
RFDUMP is a GUI to edit the "User Data Fields" on RFID tags and to test if a tag is protected against reading or writing. It implements a real life cookie on RFID tags. The tags that are supported for reading, writing, and editing are ISO 15693, ISO 14443 A, ISO 14443 B, SR176(1,2), Tag-it®, and I-Code®.
Bunny the Fuzzer is a closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. It uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data.
memfetch dumps the memory of a program without disrupting its operation, either immediately or on the nearest fault condition (such as SIGSEGV). It can be used to examine suspicious or misbehaving processes on your system, verify that processes are what they claim to be, and examine faulty applications using your favorite data viewer so that you are not tied to the inferior data inspection capabilities in your debugger.
Fenris is a multipurpose tracer, debugger, and code analysis tool that detects and documents high-level language constructions, can recover symbols, graph program execution flow, detect internal functions, recover symbol tables, and deal with anti-debugging protection. It features a command-line interface as well as a SoftICE-alike GUI and Web frontend.
Burp intruder is a tool that facilitates automated attacks against Web-enabled applications. It is highly configurable and can test for common Web application vulnerabilities such as SQL injection, cross-site scripting, buffer overflows, and directory traversal as well as performing brute force attacks against authentication schemes, enumeration, parameter manipulation, trawling for hidden content and functionality, session token sequencing and session hijacking, data mining, concurrency attacks, and application-layer denial-of-service attacks.
BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.