The following tools should be used in combination to conduct security assessments.
Rapid 7 Nexpose (RIT Enterprise Licensed by ISO)
Unified vulnerability management enterprise solution
Nessus
Network Vulnerability Scanner
CIS Score
Security Consensus Operational Readiness Evaluation provides various security checklists.
Secunia Vulnerability Scanners
Secunia Software Inspectors provide detection and assessment of missing security patches and end-of-life programs.
Microsoft Baseline Security Analyzer (MBSA)
MBSA helps determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.
Nipper
Nipper enables network administrators, security professionals and auditors to quickly produce reports on key network infrastructure devices.
Scrawlr
HP SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
Core Impact
Penetration testing software
Qualys
Provides a suite of tools for:
NMAP
Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.
BidiBlah
The BiDiBLAH utility is a framework that can be used to assist in automating existing vulnerability assessment tools.