Sussen is a tool for testing the security posture of computers and other network devices.

eyeIS 0.99 from paranoid Security has been created to give administrators the possibility to check their IIS 4.0 and 5.0 Webservers for an extremely dangerous buffer overflow vulnerability discovered by parSec. This tool will allow administrators to check for possible holes on their system allowing them to understand how it is done as well as how you go about fixing it. You can check various commands and learn how to protect your server from this and similar attacks.

SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites. Nice manual included!

The Attack Tool Kit (ATK) is an open-source security scanner and exploiting framework.

Scans for the Endpoint Map to discover exploitable RPCs.

Scan file shares on your network and view their security settings to close security holes. Source code included!

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

Microsoft Baseline Security Analyzer (MBSA), is a Windows-only scanner that searches for vulnerable configurations that need patching or updating.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3100 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated.

A freeware scanner that checks for common security problems. VLAD checks for the items referenced in the SANS Top Ten list of common security problems, found at https://www.sans.org/topten.htm.

Packetfence is an open-source network registration and worm detection system. It also provides vulnerability scanning, system inventory (OS fingerprinting), and user-directed remediation functionality.

FatNS Analyzes and Tests Name Servers. It is a PCAP-based security tool intended to sniff and detect common attacks on the DNS system, and is designed to be easily expandable with additional attack detectors.

Springenwerk is a free Cross Site Scripting (XSS) security scanner written in Python.

Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

CAL9000 is a collection of web application security testing tools that complement the feature set of current web proxies and automated scanners. CAL9000 gives you the flexibility and functionality you need for more effective manual testing efforts. Works best when used with Firefox or Internet Explorer.