This is the AuditNet Standard Risk Control Audit Matix which incorporates formats

used by many audit organizations in their documentation working papers. There

are format templates for risk control, audit procedures, questionnaires and
checklists. There is a blank workpaper and a report summary that can in used by
audit organizations. AuditNet has prepared a monograph for guidance on preparing
and developing audit work programs, checklists, questionnaires and matrices. The
monograph is available to AuditNet subscribers. For more information go to
www.auditnet.org
Audit Program Licensing Terms 1. You accept that this product is intended for your
use, and you will not duplicate in any form or manner, electronic or otherwise, copies
of this product nor distribute this product to anyone else. 2. You recognize that the
product and its content are the sole property of AuditNet® (the Publisher), and that we
have copyrighted the product. 3. You agree that the Publisher is not responsible for
any interruption of service or malfunction that is a consequence of the Internet, a
service provider, personal computer, browser or other software or hardware
components. You accept that there is no guarantee that this product is totally error
free. You further understand and accept that the Publisher intends to provide reliable
information but does not guarantee the accuracy or completeness of any information,
and is not responsible for any results obtained from the use of such information. 4
This license is effective until terminated, when the license or subscription period ends
without renewal, or when you destroy this product and any related documentation.
The Publisher may terminate your license without notice if you fail to comply with the
conditions set forth in this agreement, and may pursue any other legal recourse.
Thank you for sharing your document(s) with AuditNet. You will receive the agreed upon compensation for each
working paper that we accept subject to answering the due diligence questions and certification required by our
attorney.

The audit working papers (programs or documents) you send must be original and current. You must have
either created the documents or have permission from whoever prepared them or from your organization to
share. They must be in Word or Excel  format (Excel preferred). 

Based on advice from legal counsel, before we accept the material and process your payment we need to perform
due diligence on what you are sharing. You must answer these questions and your email response will be
considered an electronic signature for purposes of this statement.

Name:
Organization:
Title of the Audit Working Paper(s) 

a)     Are you the author of the Materials (are the Materials original works that you created?

b)    Please provide a brief explanation of the purpose of the working paper:

c)     Please provide the audit objectives for the working paper:

d)    By submitting the Materials or other communication or content after receipt of this notice, you grant
AuditNet permission to, on an irrevocable, perpetual, worldwide and royalty-free basis, reproduce, distribute,
display, perform, read, enhance, adapt, modify, create derivative works or use the Submitted Materials and any
other such communication or content on this site, on any other site and anywhere throughout the world in all
media?

e)     Please provide the industry sector for your contribution. (i.e. life insurance, banking, energy etc.)

f)     Please provide the functional area for your audit program.
g)    Please provide several keywords to help categorize programs and facilitate searches.

h)     Please ensure that you have removed (scrubbed) all confidential or proprietary information such as company
name, employee name, email addresses, social security numbers, etc.

Your name and email address will not be added to the Materials.
Certification

I hereby certify that I am the author of the materials shared or have written permission from the author
and/or the organization that I work for in the form of a transfer of all rights or a license from the author to
grant use of the Materials to AuditNet.  By submitting the Materials or other communication or content after
receipt of this notice, I hereby grant AuditNet permission to, on an irrevocable, perpetual, worldwide and
royalty-free basis, reproduce, distribute, display, perform, read, enhance, adapt, modify, create derivative works
or use the Submitted Materials and any other such communication or content on this site, on any other site and
anywhere throughout the world in all media.

Signed:
Inserting your name here electronically will serve as a valid representation of your signature and will be considered bind
Date:

Price:
PayPal:
Payment Details if PayPal not an option:
IT AUDITING TOOLS

Yes

A comprehensive list by function (and alphabetical) of scanning,

password, analytical and wireless IT Audit Tools

To enable IT Auditors to make decisions and have resources in

the functional IT Audit area of choice.

All

IT
 Scanning, Vulnerability, Password, IT Audit Tools

e considered binding
11/18/2013
This template was purchased by AuditNet from a third party under a work for hire
agreement. However, while we have attempted to provide accurate information no
representation is made or warranty given as to the completeness or accuracy of the
template. In particular, you should be aware that the template may be incomplete,
may contain errors, or may have become out of date. While every reasonable
precaution has been taken in the preparation of this template, neither the author nor
AuditNet assumes responsibility for errors or omissions, or for damages resulting
from the use of the information contained herein. The information contained in this
document is believed to be accurate. However, no guarantee is provided. Use this
information at your own risk.
Audit Program Licensing Terms 1. You accept that this product is intended for your use,
and you will not duplicate in any form or manner, electronic or otherwise, copies of this
product nor distribute this product to anyone else. 2. You recognize that the product and its
content are the sole property of AuditNet® (the Publisher), and that we have copyrighted
the product. 3. You agree that the Publisher is not responsible for any interruption of
service or malfunction that is a consequence of the Internet, a service provider, personal
computer, browser or other software or hardware components. You accept that there is no
guarantee that this product is totally error free. You further understand and accept that the
Publisher intends to provide reliable information but does not guarantee the accuracy or
completeness of any information, and is not responsible for any results obtained from the
use of such information. 4 This license is effective until terminated, when the license or
subscription period ends without renewal, or when you destroy this product and any related
documentation. The Publisher may terminate your license without notice if you fail to
comply with the conditions set forth in this agreement, and may pursue any other legal
recourse.
IT AUDITING TOOLS BY FUNCTION

Function Tool Version

Reconnaissance
0Trace 1.0-bt4
driftnet 0.1.6-bt2
dsniff 2.4b1-bt1
ettercap-gtk 1:0.7.3-1.4ubuntu1
giskismet 1.0-bt2
hping3 20051105-bt2
maltego 3.0-bt4
netdiscover 0.3beta6-bt4
skipfish 2.00-bt0
tcpdump 4.1.1-bt6
tcpflow 0.21.ds1-6
tcptraceroute 1.5beta7-bt3
traceroute 2.0.13-bt2
voipong 2.0-bt1
wireshark 1.4.7-bt0

Scanning
arping 2.09-bt0
admsnmp 0.1-bt3
amap 5.2-bt4
autoscan 1.50-bt0
cisco-ocs 0.1-bt3
ciscos 1.3-bt1
fierce 0.9.9-bt4
fping 2.4b2-bt0
grabber 0.1-bt1
iputils-ping 3:20071127-2ubuntu1
iputils-tracepath 3:20071127-2ubuntu1
lanmap2 1.0-bt1
nbtscan 1.5.1a-bt2
nmap 0.05-bt0
onesixtyone 0.3.2-bt4
p0f 2.0.8-bt0
portmap 6.0.0-1ubuntu2.1
sipscan 0.1-bt1
smap 0.6.0-bt0
yersinia 0.7.1-bt0

Enumeration
ace 1.10-bt2
asleap 2.2-bt2
asp-auditor 2.2-bt2
blindelephant 1.0-bt3
braa 0.82-bt2
copy-router-config 4.0-bt3
dirbuster 0.12-bt2
dns2tcp 0.5.2-bt1
dnsenum 1.2.2-bt0
dnsmap 0.30-bt3
dnsrecon 0.3-bt2
dnstracer 1.9-bt2
ike-scan 1.9-bt2
 miranda 1.0-bt0
httprint 301-bt2
os-prober 1.38
smtp-user-enum 1.2-bt0
snmpcheck 1.8-bt2
snmpenum 1.0-bt2
theharvester 2.0-bt1

Vulnerability Scanners
bed 0.5-bt1
burpsuite 1.4-bt0
cisco-auditing-tool 1.0-bt1
cms-explorer 1.0-bt2
mopest 2.0-bt0
nessus 4.4.1-bt5
nikto 2.1.4-bt4
sipvicious 0.2.6-bt0
sqlmap 0.9-bt2
videojak 2.00-bt3
voiper 0.07-bt3
warvox 1.0.1-bt1
websecurify 0.8-bt0

Password Crackers
bkhive 1.1.1-1
chntpw 100627-bt0
cmospwd 5.0-bt0
eapmd5pass 1.4-bt0
fcrackzip 1.3-bt2
hashcat 0.36-bt4
hashcat-utils 0.3-bt3
hydra 6.3-bt6
john 1.7.6-jumbo-12-bt5
medusa 2.0-bt4
ncrack 0.4-bt0
oclhashcat-lite 0.05-bt0
ophcrack 3.3.0-1
pack 0.0.2-bt0
samdump2 1.1.1-1
sipcrack 0.3-bt2
thc-pptp-bruter 0.1.4-bt0

Exploitation
autopsy 2.24-bt0
beef-ng 0.4.2.7-bt1
cisco-global-exploiter 13-bt1
cymothoa 1alpha-bt0
darkmysqli 1.0-bt2
framework3 3.7.0-bt1
mantra 0.01-bt0
perl-cisco-copyconfig 1.4-bt2
sapyto 0.99-bt0
set 1.3.5-bt4
sqlninja 0.2.6-bt0
thc-ipv6 1.4-bt1
w3af 1.0-rc5-bt2
wapiti 2.2.1-bt2
 webslayer rev5-bt0

Bluetooth
bluediving 0.9-bt1
bluemaho 090417-bt0
bluez-hcidump 1.42-1build1
btscanner 2.1-bt0

Forensics
air 2.0.0-bt2
bulk-extractor 0.7.18-bt0
dcfldd 1.3.4.1-2
ddrescue 1.14-bt0
fatback 1.3-bt2
galleta 1.0+20040505-5
pasco 1.0+20040505-5
ptk 2.0-bt2
rkhunter 1.3.8-bt1
sleuthkit (TSK) 3.2.1-bt0
vinetto 0.7-bt2

Intrusion Detection
fragrouter 1.6-bt3
ftester 1.0-bt0
snort 2.8.5.2-2build1
snort-rules-default 2.8.5.2-2build1
snort-common-libraries 2.8.5.2-2build1

Miscellaneous
3Proxy 0.6.1-bt2
chkrootkit 0.49-bt0
cpu-checker 0.1-0ubuntu2
cryptcat 1.2.1-bt2
dnswalk 2.0.2-bt1
gpsd 2.92-4
gpshell 1.4.4-bt0
netcat-traditional 1.10-38
ohrwurm 0.1-bt0
sbd 1.37-bt1
socat 1.7.1.3-bt2
sqlite3 3.6.22-1
stegdetect 0.6-bt0
truecrypt 7.0-bt4

Wireless
aircrack-ng 1.1-bt9
cowpatty 4.3-bt0
freeradius-wpe 2.1.7-bt1
kismet 201103r2-bt1
mdk3 6.0-bt1
rfidiot 1.0a-bt4
wepcrack 0.1-bt2
wifitap 0.4.0-bt2
Comments

0trace is a traceroute tool which can be run within an existing, open TCP connection - therefore bypassing some types of s
Listens to network traffic and picks out images.
Suite of tools for network auditing and penetration testing.
Multi purpose sniffer/interceptor/logger for switched LAN's.
GISKismet is a wireless recon visualisation tool to represent data gathered using Kismet in a flexible manner.
Command-line oriented TCP/IP packet assembler/analyser.
Reconnaissance software.
Active/passive address reconnaissance tool, mainly developed for wireless networks without dhcp server.
Fully automated, active web application security reconnaissance tool.
Powerful command-line packet analyser.
TCP flow recorder.
Traceroute implementation using TCP packets.
Modern implementation of traceroute for Linux systems.
Utility which detects all Voice Over IP calls on a pipeline.
Network "sniffer" - a tool that captures and analyses packets off the wire.

Broadcasts a who-has ARP packet on the network and outputs the answer.
SNMP audit scanner.
AMAP is a next-generation scanning tool for assistingnetwork penetration testing.
Network scanner, useful for discovering and managing applications.
Mass cisco scanner
Cisco Scanner will scan a range of IP address for Cisco routers that haven't changed their default password of "cisco".
PERL script that quickly scans domains.
A ping-like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up.
Web application scanner.
Suite of tools to test the reachability of network hosts.
Tools to trace the network path to a remote host
Builds database/visualisations of LAN structure from passively sifted information.
Program for scanning IP networks for NetBIOS name information.
NMAP port and vulnerability scanner.
SNMP scanner and bruteforce tool.
Passive OS fingerprinting tool.
RPC port mapper.
Fast network scanner for UDP-SIP clients.
Simple scanner for SIP enabled devices.
Network tool designed to take advantage of some weakeness in different network protocols.

Automated Corporate Enumerator (ACE) is a VoIP enumeration tool that mimics the behavior of an IP Phone.
Demonstrates a serious deficiency in proprietary Cisco LEAP networks.
Look for common misconfigurations and information leaks in ASP.NET applications.
Attempts to discover the version of a (known) web application by comparing static files at known locations against precomp
Braa is a tool for making SNMP queries.
Copies cisco router configuration files using SNMP.
JAVA application designed to brute force directories and files names on web application servers.
Tool for relaying TCP connections over DNS.
Script for enumerating DNS servers.
Used for information gathering/enumeration phase of infrastructure assessments.
DNS enumeration script.
Determines where a given Domain Name Server (DNS) gets its information from.
Command-line tool that uses the IKE protocol to discover, fingerprint and test IPsec VPN servers.
Python-based application designed to discover, query and interact with UPNP devices.
Web server fingerprinting tool.
Utility to detect other operating systems on a set of drives.
Username guessing tool primarily for use against the default Solaris SMTP service.
Permits to enumerate information via SNMP protocol.
Simple perl script to enumerate information on Machines that are running SNMP.
Tool for gathering e-mail accounts and subdomain names from different public sources.

Designed to check daemons for potential buffer overflows and format strings (as well as other issues).
Integrated platform for performing security testing of web applications.
Perl script which scans cisco routers for common vulnerabilities.
Content Management System (CMS) explorer designed to reveal specific modules, plugins, components and themes of CM
PHP web vulnerability scanner.
Vulnerability scanner by Tenable.
Open Source (GPL) web server scanner which performs comprehensive tests against web servers.
SIP based VoIP systems auditing tool.
Testing tool that automates the process of detecting and exploiting SQL.
IP Video security assessment tool.
Allows for extensively and automatiion of testing for VoIP devices for vulnerabilities.
Suite of tools for exploring, classifying, and auditing telephone systems.
Advanced solution to accurately identify web application security issues.

Dumps the syskey bootkey from a Windows NT/2K/XP system hive.

Offline NT password editor.
Decrypts password stored in Complementary Metal-Oxide Semi Conductor (CMOS) used to access BIOS SETUP.
An implementation of an offline dictionary attack against the EAP-MD5 protocol.
ZIP password cracker, similar to fzc, zipcrack and others.
CPU based multihash cracker.
Utilities for creating and manipulation wordlists.
Network logon cracker which support many different services.
Fast password cracker.
parallel network login auditor
High-speed network authentication cracking tool.
Very fast single hash GPU based password cracker.
Windows password cracker using rainbow tables.
Password analys and cracking toolkit.
Dumps Windows 2k/NT/XP password hashes.
Suite for sniffing and cracking the digest authentification used in the Session Intiation Protocol (SIP) protocol.
Brute force program against PPTP VPN endpoints (tcp port 1723).

Graphical interface to The Sleuth Kit (TSK).

Browser Exploitation Framework (BEEF) focuses on leveraging browser vulnerabilities to assess the security posture of a ta
Cisco Global Exploiter (CGE) is an advanced, simple and fast security testing tool.
Stealth backdoor tool that injects shellcode into an existing process.
MySQL injection tool.
Metasploit Exploitation Framework
Security framework which can be very helpful in performing all phases of penetration testing.
Provides methods for manipulating the running-config of devices running IOS via SNMP directed TFTP.
SAP Penetration Testing Framework
Social-Engineer Toolkit (SET) is a python driven attack framework.
Exploits SQL Injection vulnerabilities on web applications using Microsoft SQL.
Framework to attack the inherent protocol weaknesses of IPV6.
Web application attack and audit Framework.
Web application vulnerability scanner and security auditor.
Designed for bruteforcing web applications.

Bluediving is a Bluetooth penetration testing suite.

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices.
Analyses Bluetooth Host Controller Interface (HCI) packets.
BTScanner is designed specifically to extract as much information as possible from a Bluetooth device.

AIR is a GUI front-end to dd/dc3dd - designed for easily creating forensic images.
C++ program that scans a disk image (or any other file) extracting useful information.
Enhanced version of dd for forensics and security.
Similar to dd in that it copies data from one file or block device to another.
*NIX tool for recovering files from FAT file systems.
Internet Explorer cookie forensic analysis tool.
Internet Explorer cache forensic analysis tool.
Computer forensic framework for the command line tools in the SleuthKit.
Scans for rootkits, backdoors and local exploits.
The Sleuth Kit (TSK) is a collection of forensic command line tools.
Forensics tool to examine Thumbs.db files.

Network Intrusion Detection (NID) evasion toolkit.

Firewall filtering and Intrusion Detection System (IDS) testing.
Flexible Network Intrusion Detection System (NIDS).
Flexible Network Intrusion Detection System (NIDS) ruleset.
Flexible Network Intrusion Detection System (NIDS) ruleset.

3Proxy is a lightweight proxy server.

Designed to check locally for signs of a rootkit.
Evaluates certain CPU (or BIOS) features.
Standard NETCAT enhanced with twofish encryption.
DNS debugger.
Global Positioning System - daemon
GPshell for Globalplatform
TCP/IP swiss army knife.
Real-Time Transport Protocol (RTP) fuzzer.
Secure backdoor NETCAT clone.
Alllows for a bi-directional data relay between two independent data channels.
Command line interface for SQLite 3.
Automated tool for detecting steganographic content in images.
Disk encryption software.

Aircrack-ng wireless exploitation and enumeration suite.

Cowpatty attacks the WPA/WPA2-PSK exchanges.
A patch for FreeRADIUS implementation to demonstrate RADIUS impersonation.
802.11 layer2 wireless network detector, sniffer, and intrusion detection system (IDS).
Proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses using the oslib of aircrack-ng.
Python library for exploring RFID devices.
Open source tool for breaking 802.11 WEP secret keys.
Wi-Fi injection tool through tun/tap devices.
 Tool Version
0Trace 1.0-bt4
3Proxy 0.6.1-bt2

ace 1.10-bt2
admsnmp 0.1-bt3
air 2.0.0-bt2
aircrack-ng 1.1-bt9
amap 5.2-bt4
arping 2.09-bt0
asleap 2.2-bt2
asp-auditor 2.2-bt2
autopsy 2.24-bt0
autoscan 1.50-bt0

bed 0.5-bt1
beef-ng 0.4.2.7-bt1
bkhive 1.1.1-1
blindelephant 1.0-bt3
bluediving 0.9-bt1
bluemaho 090417-bt0
bluez-hcidump 1.42-1build1
braa 0.82-bt2
btscanner 2.1-bt0
bulk-extractor 0.7.18-bt0
burpsuite 1.4-bt0

chkrootkit 0.49-bt0
chntpw 100627-bt0
cisco-auditing-tool 1.0-bt1
cisco-global-exploiter 13-bt1
cisco-ocs 0.1-bt3
ciscos 1.3-bt1
cmospwd 5.0-bt0
cms-explorer 1.0-bt2
copy-router-config 4.0-bt3
cowpatty 4.3-bt0
cpu-checker 0.1-0ubuntu2
cryptcat 1.2.1-bt2
cymothoa 1alpha-bt0

darkmysqli 1.0-bt2
dcfldd 1.3.4.1-2
ddrescue 1.14-bt0
dirbuster 0.12-bt2
dns2tcp 0.5.2-bt1
dnsenum 1.2.2-bt0
dnsmap 0.30-bt3
dnsrecon 0.3-bt2
dnstracer 1.9-bt2
dnswalk 2.0.2-bt1
driftnet 0.1.6-bt2
dsniff 2.4b1-bt1

eapmd5pass 1.4-bt0
ettercap-gtk 1:0.7.3-1.4ubuntu1
fatback 1.3-bt2
fcrackzip 1.3-bt2
fierce 0.9.9-bt4
fping 2.4b2-bt0
fragrouter 1.6-bt3
framework3 3.7.0-bt1
freeradius-wpe 2.1.7-bt1
ftester 1.0-bt0

galleta 1.0+20040505-5
giskismet 1.0-bt2
gpsd 2.92-4
gpshell 1.4.4-bt0
grabber 0.1-bt1

hashcat 0.36-bt4
hashcat-utils 0.3-bt3
hping3 20051105-bt2
httprint 301-bt2
hydra 6.3-bt6

ike-scan 1.9-bt2
iputils-ping 3:20071127-2ubuntu1
iputils-tracepath 3:20071127-2ubuntu1

john 1.7.6-jumbo-12-bt5

kismet 201103r2-bt1

lanmap2 1.0-bt1

maltego 3.0-bt4
mantra 0.01-bt0
mdk3 6.0-bt1
miranda 1.0-bt0
mopest 2.0-bt0

nbtscan 1.5.1a-bt2
ncrack 0.4-bt0
nessus 4.4.1-bt5
netcat-traditional 1.10-38
netdiscover 0.3beta6-bt4
nikto 2.1.4-bt4
nmap 0.05-bt0

oclhashcat-lite 0.05-bt0
ohrwurm 0.1-bt0
onesixtyone 0.3.2-bt4
ophcrack 3.3.0-1
os-prober 1.38

p0f 2.0.8-bt0
pack 0.0.2-bt0
pasco 1.0+20040505-5
perl-cisco-copyconfig 1.4-bt2
portmap 6.0.0-1ubuntu2.1
ptk 2.0-bt2
rfidiot 1.0a-bt4
rkhunter 1.3.8-bt1

samdump2 1.1.1-1
sapyto 0.99-bt0
sbd 1.37-bt1
set 1.3.5-bt4
sipcrack 0.3-bt2
sipscan 0.1-bt1
sipvicious 0.2.6-bt0
skipfish 2.00-bt0
sleuthkit (TSK) 3.2.1-bt0
smap 0.6.0-bt0
smtp-user-enum 1.2-bt0
snmpcheck 1.8-bt2
snmpenum 1.0-bt2
snort 2.8.5.2-2build1
snort-rules-default 2.8.5.2-2build1
snort-common-libraries 2.8.5.2-2build1
socat 1.7.1.3-bt2
sqlite3 3.6.22-1
sqlmap 0.9-bt2
sqlninja 0.2.6-bt0
stegdetect 0.6-bt0

tcpdump 4.1.1-bt6
tcpflow 0.21.ds1-6
tcptraceroute 1.5beta7-bt3
thc-ipv6 1.4-bt1
thc-pptp-bruter 0.1.4-bt0
theharvester 2.0-bt1
traceroute 2.0.13-bt2
truecrypt 7.0-bt4

videojak 2.00-bt3
vinetto 0.7-bt2
voiper 0.07-bt3
voipong 2.0-bt1

w3af 1.0-rc5-bt2
wapiti 2.2.1-bt2
warvox 1.0.1-bt1
websecurify 0.8-bt0
webslayer rev5-bt0
wepcrack 0.1-bt2
wifitap 0.4.0-bt2
wireshark 1.4.7-bt0

yersinia 0.7.1-bt0
Comments
0trace is a traceroute tool which can be run within an existing, open TCP connection - therefore bypassing some types of s
3Proxy is a lightweight proxy server.

Automated Corporate Enumerator (ACE) is a VoIP enumeration tool that mimics the behavior of an IP Phone.
SNMP audit scanner.
AIR is a GUI front-end to dd/dc3dd - designed for easily creating forensic images.
Aircrack-ng wireless exploitation and enumeration suite.
AMAP is a next-generation scanning tool for assisting network penetration testing.
Broadcasts a who-has ARP packet on the network and outputs the answer.
Demonstrates a serious deficiency in proprietary Cisco LEAP networks.
Look for common misconfigurations and information leaks in ASP.NET applications.
Graphical interface to The Sleuth Kit (TSK).
Network scanner, useful for discovering and managing applications.

Designed to check daemons for potential buffer overflows and format strings (as well as other issues).
Browser Exploitation Framework (BEEF) focuses on leveraging browser vulnerabilities to assess the security posture of a ta
Dumps the syskey bootkey from a Windows NT/2K/XP system hive.
Attempts to discover the version of a (known) web application by comparing static files at known locations against precomp
Bluediving is a Bluetooth penetration testing suite.
BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices.
Analyses Bluetooth Host Controller Interface (HCI) packets.
Braa is a tool for making SNMP queries.
BTScanner is designed specifically to extract as much information as possible from a Bluetooth device.
C++ program that scans a disk image (or any other file) extracting useful information.
Integrated platform for performing security testing of web applications.

Designed to check locally for signs of a rootkit.

Offline NT password editor.
Perl script which scans cisco routers for common vulnerabilities.
Cisco Global Exploiter (CGE) is an advanced, simple and fast security testing tool.
Mass cisco scanner
Cisco Scanner will scan a range of IP address for Cisco routers that haven't changed their default password of "cisco".
Decrypts password stored in Complementary Metal-Oxide Semi Conductor (CMOS) used to access BIOS SETUP.
Content Management System (CMS) explorer designed to reveal specific modules, plugins, components and themes of CM
Copies cisco router configuration files using SNMP.
Cowpatty attacks the WPA/WPA2-PSK exchanges.
Evaluates certain CPU (or BIOS) features.
Standard NETCAT enhanced with twofish encryption.
Stealth backdoor tool that injects shellcode into an existing process.

MySQL injection tool.

Enhanced version of dd for forensics and security.
Similar to dd in that it copies data from one file or block device to another.
JAVA application designed to brute force directories and files names on web application servers.
Tool for relaying TCP connections over DNS.
Script for enumerating DNS servers.
Used for information gathering/enumeration phase of infrastructure assessments.
DNS enumeration script.
Determines where a given Domain Name Server (DNS) gets its information from.
DNS debugger.
Listens to network traffic and picks out images.
Suite of tools for network auditing and penetration testing.

An implementation of an offline dictionary attack against the EAP-MD5 protocol.

Multi purpose sniffer/interceptor/logger for switched LAN's.
*NIX tool for recovering files from FAT file systems.
ZIP password cracker, similar to fzc, zipcrack and others.
PERL script that quickly scans domains.
A ping-like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up.
Network Intrusion Detection (NID) evasion toolkit.
Metasploit Exploitation Framework
A patch for FreeRADIUS implementation to demonstrate RADIUS impersonation.
Firewall filtering and Intrusion Detection System (IDS) testing.

Internet Explorer cookie forensic analysis tool.

GISKismet is a wireless recon visualisation tool to represent data gathered using Kismet in a flexible manner.
Global Positioning System - daemon
GPshell for Globalplatform
Web application scanner.

CPU based multihash cracker.

Utilities for creating and manipulation wordlists.
Command-line oriented TCP/IP packet assembler/analyser.
Web server fingerprinting tool.
Network logon cracker which support many different services.

Command-line tool that uses the IKE protocol to discover, fingerprint and test IPsec VPN servers.
Suite of tools to test the reachability of network hosts.
Tools to trace the network path to a remote host

Fast password cracker.

802.11 layer2 wireless network detector, sniffer, and intrusion detection system (IDS).

Builds database/visualisations of LAN structure from passively sifted information.

Reconnaissance software.
Security framework which can be very helpful in performing all phases of penetration testing.
Proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses using the oslib of aircrack-ng.
Python-based application designed to discover, query and interact with UPNP devices.
PHP web vulnerability scanner.

Program for scanning IP networks for NetBIOS name information.

High-speed network authentication cracking tool.
Vulnerability scanner by Tenable.
TCP/IP swiss army knife.
Active/passive address reconnaissance tool, mainly developed for wireless networks without dhcp server.
Open Source (GPL) web server scanner which performs comprehensive tests against web servers.
NMAP port and vulnerability scanner.

Very fast single hash GPU based password cracker.

Real-Time Transport Protocol (RTP) fuzzer.
SNMP scanner and bruteforce tool.
Windows password cracker using rainbow tables.
Utility to detect other operating systems on a set of drives.

Passive OS fingerprinting tool.

Password analys and cracking toolkit.
Internet Explorer cache forensic analysis tool.
Provides methods for manipulating the running-config of devices running IOS via SNMP directed TFTP.
RPC port mapper.
Computer forensic framework for the command line tools in the SleuthKit.
Python library for exploring RFID devices.
Scans for rootkits, backdoors and local exploits.

Dumps Windows 2k/NT/XP password hashes.

SAP Penetration Testing Framework
Secure backdoor NETCAT clone.
Social-Engineer Toolkit (SET) is a python driven attack framework.
Suite for sniffing and cracking the digest authentification used in the Session Intiation Protocol (SIP) protocol.
Fast network scanner for UDP-SIP clients.
SIP based VoIP systems auditing tool.
Fully automated, active web application security reconnaissance tool.
The Sleuth Kit (TSK) is a collection of forensic command line tools.
Simple scanner for SIP enabled devices.
Username guessing tool primarily for use against the default Solaris SMTP service.
Permits to enumerate information via SNMP protocol.
Simple perl script to enumerate information on Machines that are running SNMP.
Flexible Network Intrusion Detection System (NIDS).
Flexible Network Intrusion Detection System (NIDS) ruleset.
Flexible Network Intrusion Detection System (NIDS) ruleset.
Alllows for a bi-directional data relay between two independent data channels.
Command line interface for SQLite 3.
Testing tool that automates the process of detecting and exploiting SQL.
Exploits SQL Injection vulnerabilities on web applications using Microsoft SQL.
Automated tool for detecting steganographic content in images.

Powerful command-line packet analyser.

TCP flow recorder.
Traceroute implementation using TCP packets.
Framework to attack the inherent protocol weaknesses of IPV6.
Brute force program against PPTP VPN endpoints (tcp port 1723).
Tool for gathering e-mail accounts and subdomain names from different public sources.
Modern implementation of traceroute for Linux systems.
Disk encryption software.

IP Video security assessment tool.

Forensics tool to examine Thumbs.db files.
Allows for extensively and automatiion of testing for VoIP devices for vulnerabilities.
Utility which detects all Voice Over IP calls on a pipeline.

Web application attack and audit Framework.

Web application vulnerability scanner and security auditor.
Suite of tools for exploring, classifying, and auditing telephone systems.
Advanced solution to accurately identify web application security issues.
Designed for bruteforcing web applications.
Open source tool for breaking 802.11 WEP secret keys.
Wi-Fi injection tool through tun/tap devices.
Network "sniffer" - a tool that captures and analyses packets off the wire.

Network tool designed to take advantage of some weakeness in different network protocols.