Tor is a software project that lets you use the Internet anonymously. tor2web is a project to let Internet users access anonymous servers.

Source
http://tor2web.org/

FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners.

Download
http://www.firecat.fr/download.html

JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X. It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

Download
http://anonymous-proxy-servers.net/en/software.html

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.


Download
http://code.google.com/p/wfuzz/downloads/list

CAT provides the ability to test a web application for all types of vulnerabilities from SQL injection to reverse proxy bypass. It allows for traffic between a web browser and a web server to be intercepted and altered. Requests can then be repeated within CAT allowing for all aspects of the request to be altered. Requests can be fuzzed using a range of different fuzzing algorithms including brute forcing, injection attacks and scripted attacks; it also provides a facility to fuzz forms with CSRF tokens. Authorisation within an application can easily be checked using two synchronised web sessions from one user type to another

Download
http://www.contextis.com/resources/tools/cat/download/

These are the current features of Hexinject:

Hexadecimal and raw data injection on the net
Sniff data in hexadecimal or raw format from the net
Data can be piped and easily manipulated
Raw network access cmdline framework
Automatically set the correct checksum (IP, TCP, UDP, ICMP)
Automatically set the correct packet length (IP, TCP, UDP, ICMP)

Download
http://sourceforge.net/projects/hexinject/files/

Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Download
http://code.google.com/p/websecurify/downloads/list

Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI.

Download
http://sourceforge.net/projects/fwbuilder/files/

Features of Arpon:

It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
It detects and blocks unidirectional, bidirectional and distributed attacks
Doesn’t affect the communication efficiency of ARP protocol
Doesn’t affect the race response time from attacks
Multithreading on all OS supported
It manages the network interface into unplug, boot, hibernation and suspension OS features
It works in userspace for OS portability reasons
Easily configurable via command line switches, provided that you have root permissions
Tested against Ettercap, Cain & Abel, dsniff and other tools

Download
http://sourceforge.net/projects/arpon/files/