SOLDIERX.COM Nobody Can Stop Information Insemination

The basic principle behind wXf is to collect and place into a framework, all of the various scripts that web security testers create on a per-engagement scenario. This tool is like metasploit for webapps.

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

httptunnel creates a bidirectional virtual data connection tunnelled in HTTP requests.

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Broken Web Apps is a distro that is to be run in a vm that includes many applications that are vulnerable. It's purpose is to help the user learn web hacking and web application security.

A Firefox extension that demonstrates HTTP session hijacking attacks.

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop security test. VoIP Hopper is a VoIP infrastructure security testing tool but also a tool that can be used to test the (in)security of VLANs.

The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it could be but the naming is probably related to H.323.

VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxilliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development

KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID. Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host