Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available. (Windows)

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).

There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing - Bsqlbf V2, which is a Blind SQL Injection Brute Forcer.

Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet filtering.

PuttyHijack is a POC tool that injects a dll into the PuTTY process to hijack an existing, or soon to be created, connection.

OpenVAS is the new freeware version of Nessus. Since the Nessus became commercial the community developed a new freeware version. You need to also download the OpneVAS client from this site

This is the Client of the OpenVAS Vulnerability Assesment Tool. OpenVAS is the new freeware version of the known Nessus.

A nice Windows Based SQL Injection Tool

A tool to perfrom security test on Web Apllications.

A C Script to brute force snmp community strings

A collection of Windows tools to scan and crack SNMP

A collection of Linux tools to scan and crack SNMP

This Python Script  scans for known vulnerable remote file inclusion paths and files in Joomla Installations.

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

A database with the exploits submitted on the PacketStorm Web Site.

A database with the exploits submitted on the PacketStorm Web Site.

--XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS) vulnerabilities.

--SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

Both Provided by Security Compass

A collection of exploit scripts

A Windows generic Web Brute Force Tool