source : http://code.google.com/p/skipfish/
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
source : http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Main_Page
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
source : http://code.google.com/p/zaproxy/
source : http://lcamtuf.coredump.cx/
Paros : for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java
All HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
source : http://www.oxid.it/cain.html
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
source : http://ophcrack.sourceforge.net/
+ Live CD
L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available.
source : http://www.l0phtcrack.com/index.html.