The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass.

Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection. Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery.

A web-based GUI which runs on the local PC and provides access to the entire OSVDB (Open Source Vulnerbility Database) offline. The hackerstorm vulnerability database is a tool that allows the Open Source Vulnerability Database (www.osvdb.org) to be viewed offline. Any Web-based browser with Flash player 7 can be used. The tool has some 1500+ vendors with thousands of vulnerabilites including descriptions, solution, attack type, and references. The database is updated daily.

WebRoot is a bruteforce directory/file scanner, which looks for files and directories on a website which might contain interesting data, but which are not referenced anywhere on the site (for example, include-files and database files located under the web root).

PHP, Perl and MySql based web interface for the Nessus security scanner and Nmap port scanner. The system presents scan results via a Email notification, a HTML interface, or exported to a PDF file.

OrakelCrackert is an Oracle 11g database password hash cracker using a weakness in the Oracle password storage strategy. With Oracle 11g, case sensitive SHA1 based hashing is introduced. Storing passwords in a case sensitive way introduces more possible password combinations so password cracking takes longer.

Chaz is a tool that allows network administrators and managers to quickly and easily perform a network security audit.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session.

SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.

AttackAPI provides simple and intuitive programmable interface for composing attack vectors with JavaScript and other client and server related technologies.