VMs to test tools and explore vulnerabilities:
Metasploitable:
Webgoat: Insecure J2EE website for testing web vulnerabilities.
Certified Hacker: Various exploitable websites http://certifiedhacker.com
Wireshark Trace Files
- burpsuite (pro)
http://portswigger.net/burp/ - firebug
http://getfirebug.com/ - nc
http://netcat.sourceforge.net/ - sysinternals
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx - nmap
http://nmap.org/ - maltego
http://www.paterva.com/web6/ - metasploit
http://www.metasploit.com/ - sqlmap
http://sqlmap.org/ - wireshark
http://www.wireshark.org/
Penetration Testing Execution Standard http://www.pentest-standard.org/
Open Web Application Security Project https://www.owasp.org
Open Source Security Testing Methodology Manual http://www.isecom.org/
NIST
ISO
GLBA
HIPAA
FISMA
National Vulnerability Database nvd.nist.gov
SecurityTracker
SecuriTeam
Secunia
Hackerstorm Vulnerability Database Tool
HackerWatch
SecurityFocus
Security Magazine
SC Magazine
Exploit Database
https://pwnedlist.com/ : Database of compromised accounts by email address
http://www.wirelessdefence.org/
Netcraft
Webmaster http://webmaster-a.com/link-extractor-internal.php
iWEBTOOL
Archive www.archive.org
nslookup
Sam Spade
WebFerret
ARIN
DomainTools
Network Solutions
WherISIP
DNSStuff
BetterWhois
DNS-Digger
SpyFu
Dig (part of BIND) www.isc.org/software/bind
VisualRoute Trace
3d Visual Route
VisualIPTrace
Trout www.foundstone.com
PingPlotter
Path Analyzer Pro
BlackWidow
Reamweaver
Wget
Teleport Pro
Archive
Google cache
eMailTrackerPro
PoliteMail
Google Hacking Database www.hackersforcharity.org/ghdb
Google Hacks http://code.google.com/p/googlehacks/
Google Hacking Master List http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302
Angry IP Scanner
Colasoft Ping
Ultra Ping Pro
Ping Scanner Pro
MegaPing
Friendly Pinger
SuperScan
Nmap (ZenMap)
NetScan Tools Pro
Hping
LAN Surveyor
MegaPing
NScan
Infilitrator
Netcat
IPEye
THC-AMap
THC-SCAN
TeleSweep
ToneLoc
PAWS
WarVOX
Telnet
ID Serve
Netcraft
Xprobe
THC-AMAP
Nessus
SAINT
GFI LanGuard
Retina
Core Impact
MBSA
Nikto
WebInspect
GFI Languard
Tor
ProxyChains
SoftCab
Proxifier
HTTP Tunnel
Anonymouse
Anonymizer
Psiphon
PSTools
P0f
SuperScan
User2Sid/Sid2User www.svrops.com/svrops/dwnldutil.htm OR http://windowssecurity.com
SNMP Scanner
NSauditor
SolarWinds
LDAP Admin
LEX
Ldp.exe
SNMPUTIL
IP Network Browser www.solarwinds.com
Xprobe www.sys-security.com/index.php?page-xprobe
Cain
John the Ripper
LCP
THC-Hydra
ElcomSoft
Lastbit
Ophcrack
Aircrack
Rainbow crack
Brutus
Windows Password Recovery
KerbCrack
Wireshark
Ace
KerbSniff
Ettercap
KeyProwler
Handy Key Logger
Actual Keylogger
Actual Spy
Ghost
Hidden Recorder
IcyScreen
DesktopSpy
USB Grabber
ELsave
EraserPro
WindowWasher
Auditpol
WinZapper
EvidenceEliminator
Homodia
Hping2
PackEth
Packet generator
Netscan
Scapy
Nemesis
Paros Proxy
Burp Suite
Firesheep
Hamster/Ferret http://erratasec.blogspot.com/2009/03/hamster-20-and-ferret-20.html
Ettercap
Hunt http://packetstormsecurity.com
TrueCrypt
Bitlocker
DriveCrypt
MD5 Hash
HashCalc
ImageHide
gifShuffle
QuickStego
EZStego
OpenStego
S Tools
JPHIDE
wbStego
MP3Stegz
OurSecret
OmniHidePro
AudioStega
StegHide
XPTools
Cryptanalysis
Cryptobench
EverCrack
Wireshark
CACE
tcpdump
Capsa
OmniPeek
NetWitness
Windump
dsniff
EtherApe
Kismet
NetStumbler
Macof
SMAC
Cain
UfaSoft
WinARP Attacker
EliteWrap
HiJackThis
What's Running
CurrPorts
SysAnalyzer
Regshot
Driver Detective
SvrMan
ProcessHacker
fport
netcat
nemesis
snort
ADMutate
NIDSBench
IDSInformer
Inundator
WIGLE
AirPcap
Madwifi
Kismet
NetStumbler
AirMagnet WiFi Analyzer
Airodump
Aircrack
AirSnort
BT Browser
BlueScanner
Bluediving
SuperBlueTooth Hack
KisMAC
NetSurveyor
inSSIDer
WiFi Pilot
OmniPeek
Wfetch
Httprecon
ID Serve
WebSleuth
BlackWidow
cURL
CookieDigger
WebScarab
Nstalker
NetBrute
BSQL Hacker
Marathon
Havil
SQL Injection Brute
SQL Brute
SQLNinja
SQLGET
Core Impact
CANVAS
Metasploit
Armitage
Codenomicon
SysInternals
Tripwire
Mandiant - Redline answers the question: are you compromised?
Mandiant - Web Historian browser analysis
Mandiant - Memoryze memory forensics
Mandiant - Highlighter log analysis
Mandiant - Red Curtain malware identifier
Mandiant - IOCe indicator of compromise editor
Mandiant - OpenIOC Common language to describe IOCs
http://it-audit.sans.org/blog/
ABI-Coder Encryption
AXCrypt Encryption
Brutus Password testing
Cain and Abel Password recovery tool for Windows
Cryptograph Encryption
DES Security Manager Encryption
EFSView Encryption
FProt Desktop Encryption Encryption
GNUPG Encryption
NetStumbler Free Windows 802.11 Sniffer
Nipper http://code.google.com/p/nipper-ng/ Firewalls and routers
Nmap Free network mapper and scanner
Paros Web application vulnerability assessment proxy
PGP Encryption
Rawrite LinNT
Router Audit Tool Router
SysinternalsSuite Collection of powerful windows utilities
Tenable Nessus Vulnerability assessment tool
Wireshark Open source network protocol analyzer for Unix and Windows.
Isaca.org
Securitymanagement.com
Secureenterprisemag.com
Infosecuritymag.com
Securitydirectornews.com
SCmagazine.com
Businessweek.com
Forbes.com
Fortune.com
CFO.com
WSJ.com
Fastcompany.com
Baslinemag.com
Computerworld.com
CIOinsight.com
Infoworld.com
CIO.com
Optimizemag.com
TechTarget.com
Networkworld.com
CIOdecisions.com
Informationweek.com