WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.
Web vulnerable scan tool SQL injection XSS Cross Site Scripting 404/500 server error Admin/Manage folder search web-base or command-line scanner by PHP Check up collate with HTML FORM and LINK
fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.
SQID or SQL injection digger is a command line tool written in ruby by Metaeye Security Group that looks for SQL injections and common errors in web sites. It performs a Google search when finding for SQL injections and common errors in web site URLs and crawls a webpage.
svn checkout svn://rubyforge.org/var/svn/sqid
Absinthe is a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.
Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery
bsqlbf-v2 or Blind Sql Injection Brute Forcer version 2 is a perl script that allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. It supports MySQL, Oracle, PostgreSQL and Microsoft SQL Server databases.
strace is a system call tracer, i.e. a debugging tool which prints out a trace of all the system calls made by a another process/program.
ltrace intercepts and records dynamic library calls which are called by an executed process and the signals received by that process. It can also intercept and print the system calls executed by the program.
nm command, is used to list the symbols from the target program. By using nm, we can get to know the local and library functions and also the global variables used. nm cannot work on a program which is striped using ‘strip’ command. Below is a link on usage for reverse engineering with linux.
This is a tool that is built into unix based systems to print the strings of printable characters in files or programs.. Used for information gathering while reverse engineering a file. Below I have supplied a link to a man page for the command along with usage of the tool.
http://www.thegeekstuff.com/2010/11/strings-command-examples/
http://unixhelp.ed.ac.uk/CGI/man-cgi?strings