Nessus
Why? It's a great tool to own. You guys might want to check out the GPL fork though, since Nessus isn't "free" since 3.0.
Didn't try it yet, so not sure about the quality. Should be all right though.
If you're looking for almost automated exploitation, Metasploit is the king. Although someone released an add-on for metasploit, the 'auto-pwn' feature, and I think its tied in with nmap? I can't remember, I've been meaning to look into it more. Anyways, it automatically tries exploits based on which ports the scan found open. Pretty sweet. Anyways, if you haven't checked out Metasploit, it would be a good idea…
Nessus daemon installed on a linux server and running the client from linux is awesome. There is a Windows client and a full Windows package that are not kept as up-to-date as the paid for version. Metasploit takes the cake though due to:
JPierce420 wrote: Anyways, it automatically tries exploits based on which ports the scan found open. Pretty sweet. Anyways, if you haven't checked out Metasploit, it would be a good idea… Exactly.
Lemur wrote: Tenable Nessus runs windows. If you're using it for Black Hat purposes you're screwed, its noisy as heck. Make sure you tell the person you're testing first, norton even freaks out…
Lemur is correct, of course, but if you read enough and practice in lab settins (Need your own network with Boxes) you can learn to make much of your work so silent that it is unnoticeable. All tools that scan targets in any way have the potential to be noisy if used incorrectly. NMap, netcat, cryptcat, cheops-ng, and others.
Both Nessus and Metasploit are time consuming. I can learn many things about a site with ping, telnet, nslookup and nmap. These other tools are more for "ethical hacking" or site security testing. Both give great readouts.
Good Luck.
Hell, just get the BackTrack 3 live cd. It has everything you need B) v3 doesn't have Nessus though, they went paid and wouldn't work with remote-exploit(makers of backtrack). But it is an incredible live distro, and I suggest checking it out. It has Metasploit 2 and 3. As has been said, make sure the other party knows you're testing, I'm not in any way advocating black hat practices…B) And be careful. If you don't know what you're doing, backtrack can be dangerous… The best part about it is that you don't even have to install it, it just boots from cd.