The tools we are about to discuss have been arranged into a logical order. Assessments usually follow a well-defined methodology. That is the focus here—to step you through the process and briefly discuss some of the tools that can be used at each particular step. The tools are divided into the following categories:
Information-gathering tools and techniques
Password auditing tools
Vulnerability scanning tools
Automated exploit tools
Remember that tools come and go, but the methodology of an assessment stays the same. Some of these tools are free, such as Nmap and SuperScan, whereas others, such as L0phtcrack and LANguard, must be purchased.