A cross-platform Java based Facebook social engineering framework, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder. Extensible module interfaces and built-in modules for advanced social engineering tricks.

The tool that you can use is FBPwn, this tool will try several attack on FB directly from a user account so it will do the following:

Dump friend list
Add all victim friends
Dump all users album pictures
Dump profile information
Dump photos ( this mean profile pictures)
Check friends request
Dump victim wall (here including poke)
Clone the profiles


Download
http://code.google.com/p/fbpwn/downloads/list

Windows operating system runs many processes that may include unknown services or viruses, one of the strange processes is svchost.exe, sometimes you find several processes under this name and you need to understand what they are doing.

They consume a lot of memory footprint and if you kill them all it will not solve the situation as they allow some necessary services on the operating system such as windows firewall or windows defender, for this situation you can take a look at Svchost Process Analyzer, it’s a free tool that require no installation and will add no entries to registry keys

Download
http://www.neuber.com/free/svchost-analyzer/

SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.

Download
http://www.systemtools.com/download/dumpacl.zip

Patator is a multi-purpose brute-forcer, written in pyton language, with a modular design and a flexible usage. Can be modified and rewritten as per our environment requirement. Patator is licensed GPLv2.

Download
https://code.google.com/p/patator/downloads/list

Modules supported:

ftp_login : Brute-force FTP
ssh_login : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login : Brute-force SMTP
smtp_vrfy : Enumerate valid users using the SMTP VRFY command
smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
http_fuzz : Brute-force HTTP/HTTPS
pop_passd : Brute-force poppassd (not POP3)
ldap_login : Brute-force LDAP
smb_login : Brute-force SMB
mssql_login : Brute-force MSSQL
oracle_login : Brute-force Oracle
mysql_login : Brute-force MySQL
pgsql_login : Brute-force PostgreSQL
vnc_login : Brute-force VNC
dns_forward : Forward lookup subdomains
dns_reverse : Reverse lookup subnets
snmp_login : Brute-force SNMPv1/2 and SNMPv3
unzip_pass : Brute-force the password of encrypted ZIP files
keystore_pass: Brute-force the password of Java keystore files

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot , could be used to service DHCP request , DNS requests or phishing attacks

Requirements:

python
python-qt4
dhcp3-server
xterm
subversion

Download
http://code.google.com/p/ghost-phisher/downloads/list

To get the source code for this project from SVN, here's the checkout link:
root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
root@host:~# dpkg -i ghost-phisher_1.3_all.deb

Vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.
Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com

Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:
http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com

Metasploit Framework Expert Certification DVD
The DVD contains over 10+ solid hours of how to get started using Metasploit, Vulnerability assessment and hacking, and finally basics of Exploit Research with it! The course and online labs in the cloud are still running at the promotional pricing and we highly recommend you have a look.
Info:
http://securitytube-training.com/certifications/securitytube-metasploit-framework-expert/
Download:
http://dvd.securitytube.net/SMFE-Community.zip

SMFE Part 1 from Vivek Ramachandran on Vimeo.

SecurityTube Metasploit Framework Expert Part 2 from Vivek Ramachandran on Vimeo.

SecurityTube Metasploit Framework Expert (SMFE) Part 3 from Vivek Ramachandran on Vimeo.

SMFE Part 4 from Vivek Ramachandran on Vimeo.

Part 5 from Vivek Ramachandran on Vimeo.

Part 6 from Vivek Ramachandran on Vimeo.

Part 7 from Vivek Ramachandran on Vimeo.

Part 8 from Vivek Ramachandran on Vimeo.

Part 9 from Vivek Ramachandran on Vimeo.

Part 10 from Vivek Ramachandran on Vimeo.

Part 11 from Vivek Ramachandran on Vimeo.

Part 12 from Vivek Ramachandran on Vimeo.

Part 13 from Vivek Ramachandran on Vimeo.

Part 14 from Vivek Ramachandran on Vimeo.

Part 15 from Vivek Ramachandran on Vimeo.

Part 16 from Vivek Ramachandran on Vimeo.

Part 17 - Broadband from Vivek Ramachandran on Vimeo.

Part 18 - Broadband from Vivek Ramachandran on Vimeo.

Part 19 - Broadband from Vivek Ramachandran on Vimeo.

19A - Broadband from Vivek Ramachandran on Vimeo.

20 from Vivek Ramachandran on Vimeo.

21 from Vivek Ramachandran on Vimeo.

22 - Broadband from Vivek Ramachandran on Vimeo.

23 - Broadband from Vivek Ramachandran on Vimeo.

24 - Broadband from Vivek Ramachandran on Vimeo.

25 - Broadband from Vivek Ramachandran on Vimeo.

26 from Vivek Ramachandran on Vimeo.

DNSChanger is a family of Trojan which, as its name can tell, alters the DNS settings of infected computers (to force the computer to use a rogue DNS server) in order to redirect the user to malicious web sites or services. As a reminder, the DNS protocol allows systems to obtain the IP address of a server from its name: this process is called DNS resolution, and it happens for instance each time a user enters an URL in its favourite web browser.

Check System
http://www.dns-ok.de/

Protect your android phone and tablet with NQ Mobile Security & Antivirus from viruses, malware, spyware, trojans and phone hacking. Download NQ Mobile Security & Antivirus for FREE Antivirus, privacy protection, phone locator, data backup, safe browsing, traffic monitoring and safe apps recommendations for your Samsung Galaxy, HTC Desire, HTC Evo, LG Optimus, Motorola Droid, Milestone, Huawei etc.

Download
https://market.android.com/details?id=com.nqmobile.antivirus20&hl=en

Magix PC Check and Tuning is complete system utility suite that provides all the tools necessary to maintain and speed up your computer. Unlike other ordinary system utilities, the application is very simple to use. One click function buttons such as the “Check PC” button automatically performs a complete system analysis, which includes analysis of system start, garbage data, internet traces, swap file, windows registry, hard drive fragmentation, registry fragmentation, unwanted services and more. After the analysis is complete, the application displays the issues that need to be fixed. Users can fix all the issues at once by clicking on the “Fix all problems” button.

Click here
http://www.magix.com/pcct-2011/
to visit
http://www.pentestit.com/tag/promotional-offer/
promotional offer for Magix PC Check and Tuning.
Enter the required details to create a Magix account for Existing users – select “I have already registered with Magix” and login to your account.
Login to your email and check an email from register@magix.net with your free serial number and download link Magix PC Check and Tuning

FreeDOS 1.1 has been released after being in development for several years. FreeDOS is an opensource operating system aiming to provide the same (or better) functionality as Microsoft'sold MS-DOS. Right now the main use is running old games and software, but you might encounter it on somefreshly sold computers, motherboard setup CDs, BIOS flashing diskettes, embedded hardware and other uses.

Download
http://www.freedos.org/freedos/files/

Access Me
FormBug
JavaScript Deobfuscator
SQL Inject ME
Add N Edit Cookies+
FoxyProxy
Key Manager
Selenium IDE
CookieSwap
FoxySpider
Library Detector
Tamper Data
Domain Details
Google Site Indexer
Live HTTP Headers
URL Flipper
FireFTP
Greasemonkey
PassiveRecon
User Agent Switcher
FireFlash
Groundspeed
Poster
Vitzo WHOIS
Firebug
HackBar
RESTClient
Wappalyzer
Firebug
Host Spy
RESTTest
Web Developer
Firecookie
HttpFox
RefControl
XSS Me
Firesheep
JSview
Resurrect Pages
refspoof
No Script
Proxybar
Acunetix Web Scanner
Coockie Watcher
CryptoFox
Toggle Web Developer Toolbar
Torbutton
WOT
View Cookies