Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP is designed to be fully backward compatible; browsers that don't support it still work with servers that implement it, and vice-versa. Browsers that don't support CSP simply ignore it, functioning as usual, defaulting to the standard same-origin policy for web content.

Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/http-content-security-polic/

Functions of WATOBO:

Supports session management.
Detects logout and automatically takes a re-login.
Supports filter functions
Inline-Encoder/Decoder
Includes vulnerability scanner
Quick-scan for targeted scanning a URL
Full-scan to scan a whole session
Manual request editor with special functions
Session information is updated
Login can be done automatically
Transcoder
URL, Base64, MD5, SHA-1
Interceptor
Fuzzer
Free, Stable and Open source!
Script code easy to understand
Easy to extend / adapt
In real-world scenarios tested and developed
Speed / usability
Active and Passive checks

Download
http://sourceforge.net/projects/watobo/files/

Video Tutorials:
http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Videos

BackTrack 5
Source:Download and installation
http://pastebin.com/cnsM6dkS

winAUTOPWN v....
This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well.This version incorporates a few new commandline parameters: -perlrevshURL (for a PERL Reverse Shell URL), -
mailFROM (smtpsender) and -mailTO (smtpreceiver).These are the commandline arguments required for a few exploits which require remote connect-back using a perl shell and email server exploits requiring authentication respectively.This version also tackles various internal bugs and fixes them.


Download
http://120.61.168.139/w/download.htm

NetSecL is a hardened,live and installable OS based on OpenSuse suitable for Desktop/Server and Penetration testing. Once installed you can fully enjoy the features of GrSecurity hardened kernel and penetration tools OR use the penetration tools directly from your live DVD.

Installation PDF:
http://rsync.netsecl.com/netsecl_3.2.pdf

Download:
http://susegallery.com/a/EmL6GN/netsecltoolset

This is a summary of PDF tricks, either based on data encodings, JavaScript, or PDF structure.

Source
http://code.google.com/p/corkami/wiki/PDFTricks

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.

Download
http://packetstormsecurity.org/files/view/101683/w3af-1.0-stable.tar.bz2

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of Spidermonkey and Libemu it provides Javascript and shellcode analysis wrappers too. It's also able to create new PDF files and to modify existent ones.

Download
http://code.google.com/p/peepdf/downloads/list

When we speak of layer 3, the Network Layer, a very few tools have the power or the capability to support all the support protocols for packet generation and attack. To name a few, we have tools like Cain & Abel, Scapy, Yersinia and HPING. Yersinia and Scapy being our favourites, they need a bit of knowledge before being set up. Enter Loki, a Python based GUI framework implementing many packet generation and attack modules for Layer 3 protocols

Download
http://www.ernw.net/content/e6/e180/index_eng.html

Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, …)

Download
http://code.google.com/p/wpscan/downloads/list

Link
http://securityxploit.blogger.de/stories/1853410/

We haven’t yet covered operating systems as a part of PenTestIT. However, we are thinking that we should start covering operating system/kernel/application updates too. Starting with CentOS, that has released its new and improved operating system CentOS 6.0 for i386 and x86_64 architectures.

It is based on the upstream release EL 6.0 and includes packages from all variants. All upstream repositories have been combined into one, to make it easier for end users to work with.

Download
http://www.centos.org/modules/tinycontent/index.php?id=30