Most of the Below tools available in OWASP LIVE CD v 2.0
| httprint | Web Site | Commercial see also | N/A | No | 52 | |
| telnet | Web Site | GPLv3 | source | No | 58 | |
| Site Digger (Foundstone) | Web Site | Commercial see also | N/A | No | 66, A-331 | .Net |
| Burb Suite | Web Site | Other see also | N/A | No | 66, 134, 243, 275, A-332 | Java .jar file |
| wikto | Web Site | Commercial | N/A | No | 62, 66, 106, A-331 | .Net |
| googlegath | Web Site | FOSS | source | No | 66 | Perl |
| SSLDigger | Web Site | Commercial see also | N/A | No | 84, A-332 | .Net |
| curl | Web Site | MIT/X derivate license see also | source | No | 99, 106, A-334 | |
| nikto | Web Site | GPL | source | No | 99, 106 | Perl |
| nessus | Web Site | Commercial | N/A | No | 62, 84, 99, 106 | Write an install guide |
| nc | Web Site | as-is | source | No | 46, 104, A-332 | The original |
| netcat | Web Site | GPL | source | No | No (see nc) | GNU re-write of nc |
| SPIKE Proxy | Web Site | GPL | source | No | 106 | Python |
| Xenu | Web Site | Freeware but no source | N/A | No | 106, A-334 | Windows binary |
| brutus | Web Site | dead? | 122, 123, A-332 | Unable to locate | ||
| THC Hydra | Web Site | GPL v2 | source | No | 123, A-332 | |
| John the Ripper | Web Site | GPL v2 | source | No | 123, A-332 | |
| Add and Edit Cookies | Web Site | MPL 1.1 | source | No | 140 | FF Add-on |
| cookie digger | Web Site | Commercial | N/A | No | 162 | .Net |
| SQLiX | Web Site | FOSS | source | Yes | 200, A-331 | Perl |
| SLQInjector | Web Site | unknown, source provided | N/A | No | 200, 210, 217, 227, A-331 | Windows Binary |
| Sqlbftools | Web Site | FOSS | source | No | 200, 217, A-331 | Perl version also available here |
| sqlmap | Web Site | GPL v2 | source | SoC 2007 Web Site] | 200, 217, 227, A-331 | Python |
| sqlninja | Web Site | GPL v2 | source | No | 200, 210, 217, 227, A-331 | Perl |
| SqlDumper | Web Site | FOSS | source | No | 200, 217, A-331 | Java – site is in Italian & nice flash demo |
| OraScan | Web Site | Commercial | N/A | No | 210 | Windows binary |
| NGSSSQuirreL | Web Site | Commercial | N/A | No | 210 | Windows binary |
| Integrigy | Web Site | Commercial Freeware | N/A | No | 86 | Windows binary |
| tnscmd | Web Site | GPL | source | No | 90, A-332 | Perl |
| Toad | Web Site | Commerical, Trial & Freeware versions | N/A | No | 88, 90, A-332 | Windows binary |
| NTOIncide | Web Site | No | 66 | Appears to be no longer supported or available | ||
| Bobcat | Web Site | Unknown, no source | N/A | No | 227 | Windows binary |
| Softerra LDAP browser | Web Site | Freeware | N/A | No | 230 | Windows binary |
| OllyDbg | Web Site | GPL | source | No | 261, 266, A-332 | Windows software |
| Spike | Web Site | GPL | source | No | 261, 266, A-331, A-332 | |
| BFBTester | Web Site | GPL | source | No | 261, 266, A-332 | |
| Metasploit | Web Site | Metasploit Framework License v1.2 | source | No | 261, 266, 275, 293, A-332 | Ruby |
| ITS4 Security Scanner | Web Site | Non-Commercial see also | source | No | 271 | |
| idabase | Web Site | Commercial | No | 271 | Appears to no longer be available in this form | |
| format string builder | Web Site | FOSS | source | No | 271 | Pen Test list post |
| XSS-Proxy | Web Site | FOSS | source | No | 275 | Perl |
| EICAR file | Web Site | Freeware? | source | No | 298 | Anti-Virus test file |
| TCPreplay | Web Site | BSD | source | No | 300 | manual |
| Sprajax | Web Site | LGPL | source | Yes | 313, A-331 | .Net |
| Venkman | Web Site | FOSS likely MPL | source | No | 314 | FF Add-on |
| Ghost Train | Web Site | No | 314 | Unable to locate. Referenced here | ||
| Squish | Web Site | Commercial | N/A | No | 314 | |
| JsUnit | Web Site | GPL, LGPL MPL | source | No | 314 | Also an Eclipse plugin |
| OWASP Pantera | Web Site | GPL, LGPL | source | Yes | A-331 | Python |
| Achilles Proxy | Web Site | Freeware | N/A | No | A-331 | Windows binary |
| Odysses | Web Site | Freeware | N/A | No | A-331 | Windows binary |
| webstretch | Web Site | GPL v2 | .jar only | No | A-331 | Java |
| LiveHTTP Headers | Web Site | MPL ? | source | No | A-331 | FF Add-on |
| Absinthe | Web Site | GPL v2 | source | No | A-331 | .Net and Mono |
| OWASP WSFuzzer | Web Site | LGPL | source | Yes | A-332 | Python |
| stack | No | 261 | Unable to locate | |||
| RATS | Web Site | GPL | source | No | A-333 | |
| FlawFinder | Web Site | GPL v2 | source | No | A-333 | Python |
| FxCop | Web Site | Freeware | N/A | No | A-333 | Windows binary download here |
| splint | Web Site | GPL | source | No | A-333 | |
| BOON | Web Site | BSD style license | source | No | A-333 | |
| Pscan | Web Site | No | A-333 | Site unavailable | ||
| Watir | Web Site | BSD | source | No | A-333 | Ruby |
| HtmlUnit | Web Site | Apache 2 | source | No | A-333 | Java |
| JWebUnit | Web Site | GPL | source | No | A-333 | Java |
| Canoo WebTest | Web Site | Apache 2 | source | No | A-333 | Java |
| HttpUnit | Web Site | FOSS see also | source | No | A-334 | Java |
| Watij | Web Site | GPL | source | No | A-334 | Java |
| Solex | Web Site | Apache | source | No | A-334 | Java |
| Selenium | Web Site | Apache 2.0 | source | No | A-334 |
Live CD - OWASP - Open Web Application Security Project :
