For the memo, here are some of the tools that I use often for analysis, penetration testing or forensics.

Discovery / Fingerprinting

• Nmap – THE active network and fingerprinting scanner.
• Halberd – Reveals if a server is behind a load balancer.
• Waf00f – Detect web application firewalls.
• Tcptraceroute – TCP based traceroute.

System penetration testing

• Metasploit – The most popular penetration testing framework.
• Nessus – Vulnerability scanner.

Network penetration testing

• Wireshark - The best network sniffer and analyser.
• Tcpdump - Powerful and convenient network sniffer. Massively available on Unix boxes.
• Ettercap - Point’n click tool for ARP spoofing and MiTM attacks.
• Hping3 - TCP/IP packet assembler. [patch for openSUSE]
• Scapy - Packet manipulation tool.

Web penetration testing

• Burpsuite – Complete and powerful tool.
• OWASP DirBuster – Path discovery and fuzzing.
• Webshag – Less complete than Burpsuite but good to have.
• W3AF – Web auditing framework.
• XSS cheat sheet

Database penetration testing

• No more and 1=1 – SQL injection cheat sheet.

Wireless penetration testing

• Aircrack-ng – The major wireless cracker out there.
• Kismet – Wifi scanner

Web tools

• Unxxx – misc tools
• Shodan – search engine

Forensics

• OpenSourceForensics – Tools, papers and procedures.
• Evilfingers – Security portal with various ressources.