The following tools should be used in combination to conduct security assessments.
Rapid 7 Nexpose (RIT Enterprise Licensed by ISO)
Unified vulnerability management enterprise solution
Network Vulnerability Scanner
Security Consensus Operational Readiness Evaluation provides various security checklists.
Secunia Vulnerability Scanners
Secunia Software Inspectors provide detection and assessment of missing security patches and end-of-life programs.
Microsoft Baseline Security Analyzer (MBSA)
MBSA helps determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.
Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.
HP SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
Penetration testing software
Provides a suite of tools for:
Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.
The BiDiBLAH utility is a framework that can be used to assist in automating existing vulnerability assessment tools.